urlscan.io logo urlscan.io
SecurityTrails logo

www.theepochtimes.com Open in urlscan Pro
2606:4700::6811:9e16  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Submission: On December 04 via manual from TR — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 134 IPs in 13 countries across 140 domains to perform 845 HTTP transactions. The main IP is 2606:4700::6811:9e16, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.theepochtimes.com. The Cisco Umbrella rank of the primary domain is 60648.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 18th 2023. Valid for: a year.
This is the only time www.theepochtimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 2606:4700::68... 13335 (CLOUDFLAR...)
6 2600:9000:231... 16509 (AMAZON-02)
1 2a04:4e42:200... 54113 (FASTLY)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
6 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
24 34.102.198.207 396982 (GOOGLE-CL...)
8 2606:4700:e6:... 13335 (CLOUDFLAR...)
113 2600:9000:224... 16509 (AMAZON-02)
2 108.157.4.37 16509 (AMAZON-02)
19 54.154.18.114 16509 (AMAZON-02)
1 34.110.129.224 396982 (GOOGLE-CL...)
5 108.157.4.13 16509 (AMAZON-02)
6 52.50.121.249 16509 (AMAZON-02)
5 52.73.85.239 14618 (AMAZON-AES)
5 173.237.69.132 7979 (SERVERS-COM)
2 13 51.89.9.254 16276 (OVH)
5 34.249.240.92 16509 (AMAZON-02)
37 34.120.33.89 396982 (GOOGLE-CL...)
3 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 9 2a00:1450:400... 15169 (GOOGLE)
1 142.250.184.226 15169 (GOOGLE)
1 52.92.164.88 16509 (AMAZON-02)
4 2400:52e0:1e0... 200325 (BUNNYCDN)
1 9 2a00:1450:400... 15169 (GOOGLE)
4 4.7.168.74 3356 (LEVEL3)
3 2a04:4e42:200... 54113 (FASTLY)
2 4 2600:9000:243... 16509 (AMAZON-02)
1 18.66.248.49 16509 (AMAZON-02)
41 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:e6:... 13335 (CLOUDFLAR...)
1 54.76.157.99 16509 (AMAZON-02)
1 54.76.101.15 16509 (AMAZON-02)
1 18.154.63.42 16509 (AMAZON-02)
1 2606:4700:e2:... 13335 (CLOUDFLAR...)
2 2600:9000:244... 16509 (AMAZON-02)
34 2a00:1450:400... 15169 (GOOGLE)
4 67.202.45.233 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:e6:... 13335 (CLOUDFLAR...)
4 2.19.198.122 20940 (AKAMAI-ASN1)
23 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:243... 16509 (AMAZON-02)
1 1 2600:1f18:730... 14618 (AMAZON-AES)
1 3.213.22.88 14618 (AMAZON-AES)
2 3.208.82.122 14618 (AMAZON-AES)
6 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 23.212.202.217 16625 (AKAMAI-AS)
16 47 172.217.16.194 15169 (GOOGLE)
3 35 104.18.36.155 13335 (CLOUDFLAR...)
1 54.82.17.205 14618 (AMAZON-AES)
4 5 46.228.164.11 56396 (AMOBEE)
4 4 35.204.158.49 396982 (GOOGLE-CL...)
1 1 174.137.133.49 27257 (WEBAIR-IN...)
1 1 2600:1f18:612... 14618 (AMAZON-AES)
7 7 70.42.32.191 22075 (AS-OUTBRAIN)
2 3 35.214.141.124 15169 (GOOGLE)
4 142.250.185.98 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 35.190.0.66 15169 (GOOGLE)
2 2 20.253.86.149 8075 (MICROSOFT...)
1 1 172.104.70.67 63949 (AKAMAI-LI...)
5 5 193.0.160.131 54312 (ROCKETFUEL)
2 3 2a02:6b8::90 208722 (GLOBAL_DC)
2 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:230... 16509 (AMAZON-02)
2 54.76.12.87 16509 (AMAZON-02)
2 5 2a05:d018:d29... 16509 (AMAZON-02)
4 4 37.157.4.29 198622 (ADFORM)
1 1 2.19.126.72 20940 (AKAMAI-ASN1)
1 3 54.71.111.90 16509 (AMAZON-02)
6 8 185.89.210.180 29990 (ASN-APPNEX)
8 9 34.98.64.218 396982 (GOOGLE-CL...)
1 52.51.174.173 16509 (AMAZON-02)
2 2 3.121.34.204 16509 (AMAZON-02)
11 35.71.131.137 16509 (AMAZON-02)
2 2 154.59.122.79 174 (COGENT-174)
1 1 20.127.253.7 8075 (MICROSOFT...)
2 162.19.138.82 16276 (OVH)
5 2600:9000:243... 16509 (AMAZON-02)
2 34.249.84.100 16509 (AMAZON-02)
5 5 23.212.211.47 16625 (AKAMAI-AS)
10 2.19.226.3 16625 (AKAMAI-AS)
37 18.66.248.25 16509 (AMAZON-02)
19 19 3.75.62.37 16509 (AMAZON-02)
37 72 69.173.144.165 26667 (RUBICONPR...)
15 15 185.64.190.79 62713 (AS-PUBMATIC)
5 5 198.47.127.205 62713 (AS-PUBMATIC)
5 5 185.64.190.81 62713 (AS-PUBMATIC)
10 10 98.98.134.242 21859 (ZEN-ECN)
10 10 108.128.196.67 16509 (AMAZON-02)
11 12 34.111.113.62 396982 (GOOGLE-CL...)
12 12 3.93.203.79 14618 (AMAZON-AES)
6 6 178.250.1.9 44788 (ASN-CRITE...)
6 2600:1f18:ed:... 14618 (AMAZON-AES)
2 2607:ae80:192... 26558 (FREEWHEEL)
3 3 34.96.71.22 396982 (GOOGLE-CL...)
5 10 52.46.143.56 16509 (AMAZON-02)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
4 6 2620:116:800d... 16509 (AMAZON-02)
8 8 2a02:fa8:8806... 41041 (VCLK-EU-SE)
3 3 34.160.19.107 396982 (GOOGLE-CL...)
2 2 64.227.64.62 14061 (DIGITALOC...)
2 2 54.144.205.34 14618 (AMAZON-AES)
1 1 35.208.249.213 15169 (GOOGLE)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
1 1 34.95.81.168 396982 (GOOGLE-CL...)
3 5 52.30.208.25 16509 (AMAZON-02)
8 13 69.173.144.138 26667 (RUBICONPR...)
2 2600:9000:225... 16509 (AMAZON-02)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
4 8 2606:4700:20:... 13335 (CLOUDFLAR...)
1 4 2620:1ec:c11:... 8068 (MICROSOFT...)
1 4 52.202.83.199 14618 (AMAZON-AES)
1 146.75.116.157 54113 (FASTLY)
1 18.244.140.22 16509 (AMAZON-02)
2 4 13.32.110.18 16509 (AMAZON-02)
2 3 54.239.38.253 16509 (AMAZON-02)
1 2620:1ec:21::14 8068 (MICROSOFT...)
1 2 104.18.41.104 13335 (CLOUDFLAR...)
1 216.52.2.86 30282 (AS-INAPCD...)
1 145.40.97.66 54825 (PACKET)
1 1 52.54.55.244 14618 (AMAZON-AES)
1 2600:9000:215... 16509 (AMAZON-02)
1 3.68.140.79 16509 (AMAZON-02)
1 23.50.131.75 20940 (AKAMAI-ASN1)
1 34.149.50.64 15169 (GOOGLE)
1 192.132.33.69 18568 (BIDTELLECT)
6 6 46.228.174.117 56396 (AMOBEE)
1 35.244.174.68 15169 (GOOGLE)
1 64.202.112.127 22075 (AS-OUTBRAIN)
1 34.107.140.113 396982 (GOOGLE-CL...)
1 3.125.15.233 16509 (AMAZON-02)
1 54.194.233.137 16509 (AMAZON-02)
1 38.91.45.7 398989 (DEEPINTENT)
1 54.246.157.113 16509 (AMAZON-02)
1 67.202.105.24 32748 (STEADFAST)
2 2 151.101.130.49 54113 (FASTLY)
1 72.251.241.206 32475 (SINGLEHOP...)
1 34.96.105.8 396982 (GOOGLE-CL...)
1 34.107.148.139 396982 (GOOGLE-CL...)
1 1 208.93.169.131 46244 (WEBMD-IDC...)
1 96.46.186.182 7979 (SERVERS-COM)
1 3.124.56.216 16509 (AMAZON-02)
1 79.125.82.191 16509 (AMAZON-02)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
1 3 185.86.138.150 201081 (SMARTADSE...)
1 159.89.246.130 14061 (DIGITALOC...)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 38.98.69.175 174 (COGENT-174)
1 1 185.86.138.155 201081 (SMARTADSE...)
1 1 45.137.176.88 60350 (VP)
1 1 52.57.12.239 16509 (AMAZON-02)
1 34.198.166.49 14618 (AMAZON-AES)
1 1 103.3.63.48 63949 (AKAMAI-LI...)
1 34.225.131.103 14618 (AMAZON-AES)
2 2 54.90.11.164 14618 (AMAZON-AES)
1 54.241.193.125 16509 (AMAZON-02)
1 1 124.146.153.167 2514 (INFOSPHER...)
3 3 18.194.67.136 16509 (AMAZON-02)
2 2 188.42.34.65 7979 (SERVERS-COM)
1 1 52.22.119.160 14618 (AMAZON-AES)
1 1 216.137.44.125 16509 (AMAZON-02)
2 2 143.244.208.184 14061 (DIGITALOC...)
1 2.23.197.190 16625 (AKAMAI-AS)
1 2600:9000:224... 16509 (AMAZON-02)
5 104.244.42.5 13414 (TWITTER)
5 104.244.42.3 13414 (TWITTER)
2 2620:1ec:46::63 8075 (MICROSOFT...)
1 2 68.219.88.97 8075 (MICROSOFT...)
2 52.184.204.244 8075 (MICROSOFT...)
1 2 35.155.128.1 16509 (AMAZON-02)
2 2600:9000:211... 16509 (AMAZON-02)
3 2a00:1450:400... ()
845 134
44    2606:4700::6811:9e16 (United States)

ASN13335 (CLOUDFLARENET, US)
www.theepochtimes.com
6    2600:9000:2315:b000:4:b37b:9440:93a1 (United States)

ASN16509 (AMAZON-02, US)
rumcdn.geoedge.be
1    2a04:4e42:200::282 (United States)

ASN54113 (FASTLY, US)
polyfill.io
2    2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
6    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
4    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
24    34.102.198.207 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 207.198.102.34.bc.googleusercontent.com
subs.theepochtimes.com
8    2606:4700:e6::ac40:cb07 (United States)

ASN13335 (CLOUDFLARENET, US)
services.epoch.cloud
mixproxy.epoch.cloud
113    2600:9000:224a:c400:5:4275:8dc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
html5.gamedistribution.com
2    108.157.4.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-37.dus51.r.cloudfront.net
html5.api.gamedistribution.com
19    54.154.18.114 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
msgrt.gamedistribution.com
game.api.gamedistribution.com
tag.atom.gamedistribution.com
1    34.110.129.224 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 224.129.110.34.bc.googleusercontent.com
pwe.epochbase.com
5    108.157.4.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-13.dus51.r.cloudfront.net
hb.undertone.com
6    52.50.121.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-121-249.eu-west-1.compute.amazonaws.com
hb-api.omnitagjs.com
visitor.omnitagjs.com
5    52.73.85.239 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-85-239.compute-1.amazonaws.com
exchange.postrelease.com
5    173.237.69.132 (United States)

ASN7979 (SERVERS-COM, US)
colossusssp.com
13    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
5    34.249.240.92 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
hb.minutemedia-prebid.com
37    34.120.33.89 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 89.33.120.34.bc.googleusercontent.com
comment.youmaker.com
3    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
region1.google-analytics.com
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.ch
2    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
9    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
www.googleadservices.com
1    52.92.164.88 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com
s3-us-west-2.amazonaws.com
4    2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)
clientcdn.pushengage.com
tentacles.smartocto.com
9    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    4.7.168.74 (White Haven, United States)

ASN3356 (LEVEL3, US)
ea.epochbase.com
3    2a04:4e42:200::645 (United States)

ASN54113 (FASTLY, US)
mp.theepochtimes.com
4    2600:9000:243d:8200:17:cf8d:4bc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
pm.azerioncircle.com
1    18.66.248.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-49.dus51.r.cloudfront.net
cdn.gamemonkey.org
41    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
3    2606:4700:e6::ac40:c419 (United States)

ASN13335 (CLOUDFLARENET, US)
ana.headerlift.com
pub.headerlift.com
1    54.76.157.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-157-99.eu-west-1.compute.amazonaws.com
tracker.gamemonkey.org
1    54.76.101.15 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-101-15.eu-west-1.compute.amazonaws.com
tracker-v4.gamedock.io
1    18.154.63.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-154-63-42.dus51.r.cloudfront.net
download.gameanalytics.com
1    2606:4700:e2::ac40:8c0d (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
2    2600:9000:2440:f000:4:cd76:8580:93a1 (United States)

ASN16509 (AMAZON-02, US)
hb.improvedigital.com
34    2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
tpc.googlesyndication.com
4    67.202.45.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-67-202-45-233.compute-1.amazonaws.com
api.gameanalytics.com
2    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
3    2606:4700:e6::ac40:ca07 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.epoch.cloud
subsapi.epoch.cloud
4    2.19.198.122 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-198-122.deploy.static.akamaitechnologies.com
img.theepochtimes.com
23    2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    2600:9000:243d:b600:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)
b-code.liadm.com
1    2600:1f18:730:b150:8a29:493b:1f46:72ba (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rp.liadm.com
1    3.213.22.88 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-22-88.compute-1.amazonaws.com
rp4.liadm.com
2    3.208.82.122 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-82-122.compute-1.amazonaws.com
notifier-configs.airbrake.io
6    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
5    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
4    2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    23.212.202.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-202-217.deploy.static.akamaitechnologies.com
d7d3cf2e81d293050033-3dfc0615b0fd7b49143049256703bfce.ssl.cf1.rackcdn.com
47    172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net
cm.g.doubleclick.net
35    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
dsum.casalemedia.com
1    54.82.17.205 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-17-205.compute-1.amazonaws.com
idx.liadm.com
5    46.228.164.11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
r.turn.com
4    35.204.158.49 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com
um.simpli.fi
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
1    2600:1f18:612b:4232:a914:a3b8:84d6:ea13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
google.partners.tremorhub.com
7    70.42.32.191 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
3    35.214.141.124 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 124.141.214.35.bc.googleusercontent.com
csync.loopme.me
4    142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net
googleads4.g.doubleclick.net
5    2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
3    2606:4700::6812:18ad (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
1    35.190.0.66 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com
ads.travelaudience.com
2    20.253.86.149 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
mweb.ck.inmobi.com
1    172.104.70.67 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1680-67.members.linode.com
a.c.appier.net
5    193.0.160.131 (United States)

ASN54312 (ROCKETFUEL, US)
a.rfihub.com
p.rfihub.com
3    2a02:6b8::90 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)
an.yandex.ru
2    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    2600:9000:2304:d400:10:43f:4352:ad61 (United States)

ASN16509 (AMAZON-02, US)
gw.geoedge.be
2    54.76.12.87 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-12-87.eu-west-1.compute.amazonaws.com
ingestion.contentinsights.com
5    2a05:d018:d29:3601:357b:9971:3f66:201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
4    37.157.4.29 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    2.19.126.72 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-126-72.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
3    54.71.111.90 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-71-111-90.us-west-2.compute.amazonaws.com
p.alocdn.com
8    185.89.210.180 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
secure.adnxs.com
9    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
1    52.51.174.173 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-174-173.eu-west-1.compute.amazonaws.com
api.smartocto.com
2    3.121.34.204 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-34-204.eu-central-1.compute.amazonaws.com
pm.w55c.net
11    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
insight.adsrvr.org
2    154.59.122.79 (Schiphol, Netherlands)

ASN174 (COGENT-174, US)
ums.acuityplatform.com
1    20.127.253.7 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
sync.inmobi.com
2    162.19.138.82 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu
id5-sync.com
5    2600:9000:243d:6400:1f:2473:9080:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.undertone.com
2    34.249.84.100 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-84-100.eu-west-1.compute.amazonaws.com
ingestion.smartocto.com
5    23.212.211.47 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-211-47.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
10    2.19.226.3 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-226-3.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
37    18.66.248.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-25.dus51.r.cloudfront.net
usr.undertone.com
19    3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
pixel.advertising.com
ups.analytics.yahoo.com
72    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
15    185.64.190.79 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
5    198.47.127.205 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
5    185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
10    98.98.134.242 (United States)

ASN21859 (ZEN-ECN, US)
pixel-sync.sitescout.com
10    108.128.196.67 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-196-67.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
12    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
12    3.93.203.79 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-93-203-79.compute-1.amazonaws.com
i.liadm.com
6    178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
6    2600:1f18:ed:550a:93c3:cadd:da29:694c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
2    2607:ae80:192:1::172 (United States)

ASN26558 (FREEWHEEL, US)
ads.stickyadstv.com
3    34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com
s.company-target.com
10    52.46.143.56 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
6    2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
secure.quantserve.com
pixel.quantserve.com
8    2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
casale-match.dotomi.com
rubicon-match.dotomi.com
3    34.160.19.107 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 107.19.160.34.bc.googleusercontent.com
dmp.brand-display.com
2    64.227.64.62 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
2    54.144.205.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-205-34.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    35.208.249.213 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 213.249.208.35.bc.googleusercontent.com
trace.mediago.io
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
1    34.95.81.168 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 168.81.95.34.bc.googleusercontent.com
euexchangesync.digitaleast.mobi
5    52.30.208.25 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-208-25.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
13    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
2    2600:9000:2251:c800:3:4706:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cti.w55c.net
2    2606:4700:20::ac43:4549 (United States)

ASN13335 (CLOUDFLARENET, US)
a.remarketstats.com
8    2606:4700:20::ac43:4acf (United States)

ASN13335 (CLOUDFLARENET, US)
a.clickcertain.com
4    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
c.bing.com
4    52.202.83.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-83-199.compute-1.amazonaws.com
tags.wdsvc.net
1    146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    18.244.140.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-140-22.lhr50.r.cloudfront.net
js.alocdn.com
4    13.32.110.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-18.vie50.r.cloudfront.net
sb.scorecardresearch.com
3    54.239.38.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    104.18.41.104 (None, )

ASN13335 (CLOUDFLARENET, US)
capi.connatix.com
1    216.52.2.86 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ce.lijit.com
1    145.40.97.66 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
1    52.54.55.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-55-244.compute-1.amazonaws.com
sync.ipredictive.com
1    2600:9000:215b:b800:1a:5235:f980:93a1 (United States)

ASN16509 (AMAZON-02, US)
live.primis.tech
1    3.68.140.79 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-140-79.eu-central-1.compute.amazonaws.com
match.sharethrough.com
1    23.50.131.75 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-50-131-75.deploy.static.akamaitechnologies.com
hb.yahoo.net
1    34.149.50.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.50.149.34.bc.googleusercontent.com
s.seedtag.com
1    192.132.33.69 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 69.bidtellect.com
bttrack.com
6    46.228.174.117 (United Kingdom)

ASN56396 (AMOBEE, GB)
sync.1rx.io
sync.targeting.unrulymedia.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
1    64.202.112.127 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    34.107.140.113 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 113.140.107.34.bc.googleusercontent.com
s2s.t13.io
1    3.125.15.233 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-15-233.eu-central-1.compute.amazonaws.com
exchange.mediavine.com
1    54.194.233.137 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-233-137.eu-west-1.compute.amazonaws.com
cs.minutemedia-prebid.com
1    38.91.45.7 (Ashburn, United States)

ASN398989 (DEEPINTENT, US)
match.deepintent.com
1    54.246.157.113 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-157-113.eu-west-1.compute.amazonaws.com
cs.yellowblue.io
1    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
2    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    72.251.241.206 (Amsterdam, Netherlands)

ASN32475 (SINGLEHOP-LLC, US)
cm.adgrx.com
1    34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com
tr.blismedia.com
1    34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid-s2s.media.net
1    208.93.169.131 (United States)

ASN46244 (WEBMD-IDC1-AS, US)
bh.contextweb.com
1    96.46.186.182 (United States)

ASN7979 (SERVERS-COM, US)
sync.aniview.com
1    3.124.56.216 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-56-216.eu-central-1.compute.amazonaws.com
crb.kargo.com
1    79.125.82.191 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-82-191.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
1    85.114.159.93 (Loerrach, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
3    185.86.138.150 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
sync.smartadserver.com
1    159.89.246.130 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
1    2a02:fa8:8806:16::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)
match.sync.ad.cpe.dotomi.com
1    38.98.69.175 (North Bergen, United States)

ASN174 (COGENT-174, US)
rbp.mxptint.net
1    185.86.138.155 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
1    45.137.176.88 (France)

ASN60350 (VP, FR)
sync.adotmob.com
1    52.57.12.239 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-12-239.eu-central-1.compute.amazonaws.com
i.w55c.net
1    34.198.166.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-166-49.compute-1.amazonaws.com
sync.ex.co
1    103.3.63.48 (Singapore, Singapore)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li819-48.members.linode.com
rcp.c.appier.net
1    34.225.131.103 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-131-103.compute-1.amazonaws.com
rtb.adentifi.com
2    54.90.11.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-11-164.compute-1.amazonaws.com
beacon.lynx.cognitivlabs.com
1    54.241.193.125 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-241-193-125.us-west-1.compute.amazonaws.com
usync.vrtcal.com
1    124.146.153.167 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
3    18.194.67.136 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-67-136.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    188.42.34.65 (Luxembourg)

ASN7979 (SERVERS-COM, US)
ads.betweendigital.com
1    52.22.119.160 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-119-160.compute-1.amazonaws.com
um4.eqads.com
1    216.137.44.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-216-137-44-125.lhr61.r.cloudfront.net
cm.smadex.com
2    143.244.208.184 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sid.storygize.net
1    2.23.197.190 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-197-190.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    2600:9000:224a:8600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
5    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
5    104.244.42.3 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    2620:1ec:46::63 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
2    52.184.204.244 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
n.clarity.ms
2    35.155.128.1 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-155-128-1.us-west-2.compute.amazonaws.com
a.usbrowserspeed.com
2    2600:9000:211a:d000:e:291c:8fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
tag.trovo-tag.com
3    2a00:1450:400c:c0a::54 (None, )

ASN- ()
accounts.google.com
Apex Domain
Subdomains		 Transfer
134 gamedistribution.com
html5.gamedistribution.com — Cisco Umbrella Rank: 28736
html5.api.gamedistribution.com — Cisco Umbrella Rank: 27960
msgrt.gamedistribution.com — Cisco Umbrella Rank: 26784
game.api.gamedistribution.com — Cisco Umbrella Rank: 30083
tag.atom.gamedistribution.com — Cisco Umbrella Rank: 29160
3 MB
100 rubiconproject.com
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 946
eus.rubiconproject.com — Cisco Umbrella Rank: 588
pixel.rubiconproject.com — Cisco Umbrella Rank: 339
token.rubiconproject.com — Cisco Umbrella Rank: 461
140 KB
75 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 148
647 KB
75 theepochtimes.com
www.theepochtimes.com — Cisco Umbrella Rank: 60648
subs.theepochtimes.com — Cisco Umbrella Rank: 89298
mp.theepochtimes.com — Cisco Umbrella Rank: 87012
img.theepochtimes.com — Cisco Umbrella Rank: 41836
1 MB
67 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
stats.g.doubleclick.net — Cisco Umbrella Rank: 75
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 219
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515
388 KB
47 undertone.com
hb.undertone.com — Cisco Umbrella Rank: 3939
cdn.undertone.com — Cisco Umbrella Rank: 3126
usr.undertone.com — Cisco Umbrella Rank: 1822
30 KB
37 youmaker.com
comment.youmaker.com — Cisco Umbrella Rank: 88299
356 KB
35 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 480
dsum.casalemedia.com — Cisco Umbrella Rank: 1364
25 KB
25 pubmatic.com
image8.pubmatic.com — Cisco Umbrella Rank: 661
image2.pubmatic.com — Cisco Umbrella Rank: 859
image4.pubmatic.com — Cisco Umbrella Rank: 1224
6 KB
23 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
563 KB
22 liadm.com
b-code.liadm.com — Cisco Umbrella Rank: 2977
rp.liadm.com — Cisco Umbrella Rank: 1632
rp4.liadm.com — Cisco Umbrella Rank: 6685
idx.liadm.com — Cisco Umbrella Rank: 2268
i.liadm.com — Cisco Umbrella Rank: 517
i6.liadm.com — Cisco Umbrella Rank: 2358
27 KB
19 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474
ups.analytics.yahoo.com — Cisco Umbrella Rank: 307
5 KB
14 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2693
www.google.com — Cisco Umbrella Rank: 2
accounts.google.com
84 KB
13 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 285
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 807
10 KB
13 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 714
7 KB
12 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 465
3 KB
11 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 331
insight.adsrvr.org — Cisco Umbrella Rank: 557
2 KB
11 epoch.cloud
services.epoch.cloud — Cisco Umbrella Rank: 97165
mixproxy.epoch.cloud — Cisco Umbrella Rank: 91997
cdn.epoch.cloud — Cisco Umbrella Rank: 108015
subsapi.epoch.cloud — Cisco Umbrella Rank: 101933
229 KB
10 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 799
5 KB
10 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 681
6 KB
9 dotomi.com
casale-match.dotomi.com — Cisco Umbrella Rank: 2999
rubicon-match.dotomi.com — Cisco Umbrella Rank: 1918
match.sync.ad.cpe.dotomi.com — Cisco Umbrella Rank: 1436
3 KB
9 openx.net
us-u.openx.net — Cisco Umbrella Rank: 491
1 KB
9 geoedge.be
rumcdn.geoedge.be — Cisco Umbrella Rank: 3375
gw.geoedge.be — Cisco Umbrella Rank: 4631
325 KB
8 clickcertain.com
a.clickcertain.com — Cisco Umbrella Rank: 6832
7 KB
8 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 229
secure.adnxs.com — Cisco Umbrella Rank: 478
6 KB
8 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 487
fonts.googleapis.com — Cisco Umbrella Rank: 29
372 KB
7 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 586
4 KB
7 gstatic.com
www.gstatic.com
fonts.gstatic.com
64 KB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 796
c.clarity.ms — Cisco Umbrella Rank: 1377
n.clarity.ms — Cisco Umbrella Rank: 17830
28 KB
6 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 749
secure.quantserve.com — Cisco Umbrella Rank: 1276
pixel.quantserve.com — Cisco Umbrella Rank: 1011
11 KB
6 criteo.com
dis.criteo.com — Cisco Umbrella Rank: 550
2 KB
6 smartocto.com
tentacles.smartocto.com — Cisco Umbrella Rank: 21508
api.smartocto.com — Cisco Umbrella Rank: 20504
ingestion.smartocto.com — Cisco Umbrella Rank: 18374
20 KB
6 minutemedia-prebid.com
hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3730
cs.minutemedia-prebid.com — Cisco Umbrella Rank: 1777
3 KB
6 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 3655
visitor.omnitagjs.com — Cisco Umbrella Rank: 656
4 KB
5 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 713
3 KB
5 t.co
t.co — Cisco Umbrella Rank: 589
1 KB
5 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 563
1 KB
5 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 1658
1 KB
5 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 818
cti.w55c.net — Cisco Umbrella Rank: 2709
i.w55c.net — Cisco Umbrella Rank: 1431
17 KB
5 rfihub.com
a.rfihub.com — Cisco Umbrella Rank: 2935
p.rfihub.com — Cisco Umbrella Rank: 825
5 KB
5 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 428
104 KB
5 turn.com
ad.turn.com — Cisco Umbrella Rank: 773
r.turn.com — Cisco Umbrella Rank: 3570
2 KB
5 gameanalytics.com
download.gameanalytics.com — Cisco Umbrella Rank: 221628
api.gameanalytics.com — Cisco Umbrella Rank: 6786
90 KB
5 colossusssp.com
colossusssp.com — Cisco Umbrella Rank: 1354
706 B
5 postrelease.com
exchange.postrelease.com — Cisco Umbrella Rank: 4927
2 KB
5 epochbase.com
pwe.epochbase.com — Cisco Umbrella Rank: 83926
ea.epochbase.com — Cisco Umbrella Rank: 84986
852 B
4 smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 622
ssbsync.smartadserver.com — Cisco Umbrella Rank: 742
sync.smartadserver.com — Cisco Umbrella Rank: 1285
2 KB
4 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 546
2 KB
4 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 172
1 KB
4 wdsvc.net
tags.wdsvc.net — Cisco Umbrella Rank: 38198
30 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 329
c.bing.com — Cisco Umbrella Rank: 228
16 KB
4 alocdn.com
p.alocdn.com — Cisco Umbrella Rank: 6159
js.alocdn.com — Cisco Umbrella Rank: 68184
4 KB
4 adform.net
c1.adform.net — Cisco Umbrella Rank: 560
3 KB
4 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 780
2 KB
4 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 206
255 KB
4 azerioncircle.com
pm.azerioncircle.com — Cisco Umbrella Rank: 31719
22 KB
4 google.ch
www.google.ch — Cisco Umbrella Rank: 30501
690 B
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
327 KB
3 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 336
1 KB
3 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1510
814 B
3 company-target.com
s.company-target.com — Cisco Umbrella Rank: 1383
1 KB
3 yandex.ru
an.yandex.ru — Cisco Umbrella Rank: 5624
1001 B
3 inmobi.com
mweb.ck.inmobi.com — Cisco Umbrella Rank: 3950
sync.inmobi.com — Cisco Umbrella Rank: 1442
2 KB
3 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 802
s.tribalfusion.com — Cisco Umbrella Rank: 2218
2 KB
3 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 870
836 B
3 headerlift.com
ana.headerlift.com — Cisco Umbrella Rank: 30719
pub.headerlift.com — Cisco Umbrella Rank: 31627
1 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2189
41 KB
2 trovo-tag.com
tag.trovo-tag.com — Cisco Umbrella Rank: 50255
2 KB
2 usbrowserspeed.com
a.usbrowserspeed.com — Cisco Umbrella Rank: 5716
419 B
2 storygize.net
sid.storygize.net — Cisco Umbrella Rank: 1433
570 B
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 1601
2 KB
2 cognitivlabs.com
beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1370
1 KB
2 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1258
989 B
2 connatix.com
capi.connatix.com — Cisco Umbrella Rank: 1010
522 B
2 remarketstats.com
a.remarketstats.com — Cisco Umbrella Rank: 40596
1 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 564
1 KB
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 702
3 KB
2 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 1901
1 KB
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 685 Failed
635 B
2 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 526
1 KB
2 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 425
2 KB
2 acuityplatform.com
ums.acuityplatform.com — Cisco Umbrella Rank: 1209
1 KB
2 contentinsights.com
ingestion.contentinsights.com — Cisco Umbrella Rank: 27227
176 B
2 appier.net
a.c.appier.net — Cisco Umbrella Rank: 8865
rcp.c.appier.net — Cisco Umbrella Rank: 2892
1 KB
2 airbrake.io
notifier-configs.airbrake.io — Cisco Umbrella Rank: 6771
492 B
2 improvedigital.com
hb.improvedigital.com — Cisco Umbrella Rank: 29064
238 KB
2 gamemonkey.org
cdn.gamemonkey.org — Cisco Umbrella Rank: 38888
tracker.gamemonkey.org — Cisco Umbrella Rank: 26401
13 KB
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 857
14 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1296
457 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 638
426 B
1 smadex.com
cm.smadex.com — Cisco Umbrella Rank: 2280
579 B
1 eqads.com
um4.eqads.com — Cisco Umbrella Rank: 2169
262 B
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1450
870 B
1 vrtcal.com
usync.vrtcal.com — Cisco Umbrella Rank: 2309
256 B
1 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 1014
35 B
1 ex.co
sync.ex.co — Cisco Umbrella Rank: 2598
375 B
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 1414
687 B
1 mxptint.net
rbp.mxptint.net — Cisco Umbrella Rank: 2854
694 B
1 serverbid.com
e.serverbid.com — Cisco Umbrella Rank: 2290
405 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1428
471 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 582
598 B
1 kargo.com
crb.kargo.com — Cisco Umbrella Rank: 910
375 B
1 aniview.com
sync.aniview.com — Cisco Umbrella Rank: 1642
251 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 501
692 B
1 media.net
prebid-s2s.media.net — Cisco Umbrella Rank: 2564
507 B
1 blismedia.com
tr.blismedia.com — Cisco Umbrella Rank: 1618
173 B
1 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1388
283 B
1 33across.com
ssc-cms.33across.com — Cisco Umbrella Rank: 904
73 B
1 yellowblue.io
cs.yellowblue.io — Cisco Umbrella Rank: 1547
327 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 925
44 B
1 mediavine.com
exchange.mediavine.com — Cisco Umbrella Rank: 1074
186 B
1 t13.io
s2s.t13.io — Cisco Umbrella Rank: 1747
441 B
1 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 689
145 B
1 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 711
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 815
163 B
1 seedtag.com
s.seedtag.com — Cisco Umbrella Rank: 1600
284 B
1 yahoo.net
hb.yahoo.net — Cisco Umbrella Rank: 866
315 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 495
35 B
1 primis.tech
live.primis.tech — Cisco Umbrella Rank: 1398
525 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 836
493 B
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 751
187 B
1 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 835
311 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 327
648 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 678
15 KB
1 digitaleast.mobi
euexchangesync.digitaleast.mobi — Cisco Umbrella Rank: 20274
268 B
1 mediago.io
trace.mediago.io — Cisco Umbrella Rank: 902
375 B
1 ad4m.at
ad4m.at — Cisco Umbrella Rank: 11359
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 2266
1014 B
1 travelaudience.com
ads.travelaudience.com — Cisco Umbrella Rank: 5555
599 B
1 tremorhub.com
google.partners.tremorhub.com — Cisco Umbrella Rank: 13423
631 B
1 adkernel.com
dsp.adkernel.com — Cisco Umbrella Rank: 7973
540 B
1 rackcdn.com
d7d3cf2e81d293050033-3dfc0615b0fd7b49143049256703bfce.ssl.cf1.rackcdn.com — Cisco Umbrella Rank: 42503
5 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 313
8 KB
1 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 971
9 KB
1 gamedock.io
tracker-v4.gamedock.io — Cisco Umbrella Rank: 31691
1 pushengage.com
clientcdn.pushengage.com — Cisco Umbrella Rank: 20529
1 amazonaws.com
s3-us-west-2.amazonaws.com
60 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 138
2 KB
1 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1345
620 B
0 aura-dsp.com Failed
sync-dmp.aura-dsp.com Failed
845 140
Domain Requested by
113 html5.gamedistribution.com www.theepochtimes.com
html5.gamedistribution.com
72 pixel.rubiconproject.com 37 redirects cdn.undertone.com
eus.rubiconproject.com
47 cm.g.doubleclick.net 16 redirects googleads.g.doubleclick.net
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
cdn.undertone.com
a.clickcertain.com
44 www.theepochtimes.com www.theepochtimes.com
41 pagead2.googlesyndication.com html5.api.gamedistribution.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
imasdk.googleapis.com
tpc.googlesyndication.com
rumcdn.geoedge.be
googleads.g.doubleclick.net
www.theepochtimes.com
s0.2mdn.net
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
37 usr.undertone.com cdn.undertone.com
ssum-sec.casalemedia.com
37 comment.youmaker.com www.theepochtimes.com
comment.youmaker.com
31 tpc.googlesyndication.com rumcdn.geoedge.be
pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.theepochtimes.com
s0.2mdn.net
24 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
cti.w55c.net
24 subs.theepochtimes.com www.theepochtimes.com
subs.theepochtimes.com
23 s0.2mdn.net imasdk.googleapis.com
rumcdn.geoedge.be
s0.2mdn.net
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
15 image8.pubmatic.com 15 redirects
14 ups.analytics.yahoo.com 14 redirects
13 token.rubiconproject.com 8 redirects eus.rubiconproject.com
13 onetag-sys.com 2 redirects www.theepochtimes.com
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
12 i.liadm.com 12 redirects
12 pixel.tapad.com 11 redirects cdn.undertone.com
12 msgrt.gamedistribution.com html5.api.gamedistribution.com
10 s.amazon-adsystem.com 5 redirects ssum-sec.casalemedia.com
cdn.undertone.com
10 sync.crwdcntrl.net 10 redirects
10 pixel-sync.sitescout.com 10 redirects
10 eus.rubiconproject.com cdn.undertone.com
eus.rubiconproject.com
9 us-u.openx.net 8 redirects googleads.g.doubleclick.net
9 www.google.com 1 redirects rumcdn.geoedge.be
tpc.googlesyndication.com
www.theepochtimes.com
googleads.g.doubleclick.net
9 googleads.g.doubleclick.net 1 redirects rumcdn.geoedge.be
pagead2.googlesyndication.com
8 a.clickcertain.com 4 redirects a.remarketstats.com
a.clickcertain.com
8 match.adsrvr.org 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
cdn.undertone.com
ssum-sec.casalemedia.com
7 ssum-sec.casalemedia.com cdn.undertone.com
ssum-sec.casalemedia.com
7 b1sync.zemanta.com 7 redirects
6 casale-match.dotomi.com 6 redirects
6 i6.liadm.com ssum-sec.casalemedia.com
cdn.undertone.com
6 dis.criteo.com 6 redirects
6 fonts.googleapis.com googleads.g.doubleclick.net
rumcdn.geoedge.be
6 securepubads.g.doubleclick.net www.theepochtimes.com
rumcdn.geoedge.be
securepubads.g.doubleclick.net
6 rumcdn.geoedge.be www.theepochtimes.com
rumcdn.geoedge.be
5 analytics.twitter.com
5 t.co
5 match.prod.bidr.io 3 redirects a.clickcertain.com
tag.trovo-tag.com
5 image4.pubmatic.com 5 redirects
5 image2.pubmatic.com 5 redirects
5 pixel.advertising.com 5 redirects
5 secure-assets.rubiconproject.com 5 redirects
5 cdn.undertone.com www.theepochtimes.com
5 ib.adnxs.com 3 redirects googleads.g.doubleclick.net
cdn.undertone.com
5 pr-bh.ybp.yahoo.com 2 redirects ssum-sec.casalemedia.com
5 cdn.ampproject.org rumcdn.geoedge.be
5 www.gstatic.com googleads.g.doubleclick.net
5 hb.minutemedia-prebid.com www.theepochtimes.com
5 colossusssp.com www.theepochtimes.com
5 exchange.postrelease.com www.theepochtimes.com
5 hb-api.omnitagjs.com www.theepochtimes.com
5 hb.undertone.com www.theepochtimes.com
5 services.epoch.cloud www.theepochtimes.com
rumcdn.geoedge.be
4 sync.1rx.io 4 redirects
4 sb.scorecardresearch.com 2 redirects
4 tags.wdsvc.net 1 redirects tags.wdsvc.net
4 dsum.casalemedia.com ssum-sec.casalemedia.com
4 cms.quantserve.com 4 redirects
4 c1.adform.net 4 redirects
4 googleads4.g.doubleclick.net rumcdn.geoedge.be
4 um.simpli.fi 4 redirects
4 ad.turn.com 4 redirects
4 www.googletagservices.com rumcdn.geoedge.be
googleads.g.doubleclick.net
4 img.theepochtimes.com comment.youmaker.com
4 api.gameanalytics.com download.gameanalytics.com
4 pm.azerioncircle.com 2 redirects html5.gamedistribution.com
4 ea.epochbase.com subs.theepochtimes.com
4 www.google.ch
4 game.api.gamedistribution.com html5.api.gamedistribution.com
4 www.googletagmanager.com www.theepochtimes.com
www.googletagmanager.com
3 accounts.google.com rumcdn.geoedge.be
accounts.google.com
3 insight.adsrvr.org
3 x.bidswitch.net 3 redirects
3 aax-eu.amazon-adsystem.com 2 redirects cdn.undertone.com
3 bat.bing.com www.theepochtimes.com
rumcdn.geoedge.be
3 dmp.brand-display.com 3 redirects
3 s.company-target.com 3 redirects
3 secure.adnxs.com 3 redirects
3 p.alocdn.com 1 redirects
3 tentacles.smartocto.com rumcdn.geoedge.be
3 gw.geoedge.be rumcdn.geoedge.be
3 an.yandex.ru 2 redirects
3 a.rfihub.com 3 redirects
3 csync.loopme.me 2 redirects cdn.undertone.com
3 mixproxy.epoch.cloud services.epoch.cloud
mixproxy.epoch.cloud
3 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com securepubads.g.doubleclick.net
rumcdn.geoedge.be
3 tag.atom.gamedistribution.com html5.api.gamedistribution.com
3 mp.theepochtimes.com www.theepochtimes.com
2 tag.trovo-tag.com a.clickcertain.com
tag.trovo-tag.com
2 a.usbrowserspeed.com 1 redirects tag.trovo-tag.com
2 n.clarity.ms www.clarity.ms
2 c.clarity.ms 1 redirects
2 www.clarity.ms bat.bing.com
www.clarity.ms
2 sid.storygize.net 2 redirects
2 ads.betweendigital.com 2 redirects
2 sync.smartadserver.com 1 redirects eus.rubiconproject.com
2 beacon.lynx.cognitivlabs.com 2 redirects
2 rubicon-match.dotomi.com 2 redirects
2 sync.targeting.unrulymedia.com 2 redirects
2 capi.connatix.com 1 redirects cdn.undertone.com
2 a.remarketstats.com 1 redirects tag.trovo-tag.com
2 cti.w55c.net eus.rubiconproject.com
cti.w55c.net
2 creativecdn.com 2 redirects
2 sync.srv.stackadapt.com 2 redirects
2 p.rfihub.com 2 redirects
2 match.adsby.bidtheatre.com 2 redirects
2 sync-tm.everesttech.net ssum-sec.casalemedia.com
2 ads.stickyadstv.com ssum-sec.casalemedia.com
2 ingestion.smartocto.com tentacles.smartocto.com
2 id5-sync.com 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
cdn.undertone.com
2 ums.acuityplatform.com 2 redirects
2 pm.w55c.net 2 redirects
2 ingestion.contentinsights.com
2 fonts.gstatic.com fonts.googleapis.com
2 mweb.ck.inmobi.com 2 redirects
2 a.tribalfusion.com 1 redirects cdn.undertone.com
2 subsapi.epoch.cloud www.theepochtimes.com
2 notifier-configs.airbrake.io html5.gamedistribution.com
2 imasdk.googleapis.com html5.api.gamedistribution.com
imasdk.googleapis.com
2 hb.improvedigital.com html5.api.gamedistribution.com
hb.improvedigital.com
2 ana.headerlift.com html5.api.gamedistribution.com
2 www.google-analytics.com subs.theepochtimes.com
html5.api.gamedistribution.com
2 region1.analytics.google.com www.googletagmanager.com
2 html5.api.gamedistribution.com html5.gamedistribution.com
2 unpkg.com 1 redirects www.theepochtimes.com
1 c.bing.com 1 redirects
1 pixel.quantserve.com
1 rules.quantcount.com secure.quantserve.com
1 tags.bluekai.com cti.w55c.net
1 cm.smadex.com 1 redirects
1 um4.eqads.com 1 redirects
1 tg.socdm.com 1 redirects
1 usync.vrtcal.com eus.rubiconproject.com
1 rtb.adentifi.com eus.rubiconproject.com
1 rcp.c.appier.net 1 redirects
1 sync.ex.co eus.rubiconproject.com
1 i.w55c.net 1 redirects
1 sync.adotmob.com 1 redirects
1 ssbsync.smartadserver.com 1 redirects
1 rbp.mxptint.net 1 redirects
1 match.sync.ad.cpe.dotomi.com cdn.undertone.com
1 e.serverbid.com cdn.undertone.com
1 rtb-csync.smartadserver.com cdn.undertone.com
1 dsp.adfarm1.adition.com 1 redirects
1 ads.yieldmo.com cdn.undertone.com
1 crb.kargo.com cdn.undertone.com
1 sync.aniview.com cdn.undertone.com
1 bh.contextweb.com 1 redirects
1 prebid-s2s.media.net cdn.undertone.com
1 tr.blismedia.com cdn.undertone.com
1 cm.adgrx.com cdn.undertone.com
1 ssc-cms.33across.com cdn.undertone.com
1 cs.yellowblue.io cdn.undertone.com
1 match.deepintent.com cdn.undertone.com
1 cs.minutemedia-prebid.com cdn.undertone.com
1 exchange.mediavine.com cdn.undertone.com
1 s2s.t13.io cdn.undertone.com
1 sync.outbrain.com cdn.undertone.com
1 visitor.omnitagjs.com cdn.undertone.com
1 id.rlcdn.com cdn.undertone.com
1 bttrack.com cdn.undertone.com
1 s.seedtag.com cdn.undertone.com
1 hb.yahoo.net cdn.undertone.com
1 match.sharethrough.com cdn.undertone.com
1 live.primis.tech cdn.undertone.com
1 sync.ipredictive.com 1 redirects
1 prebid.a-mo.net cdn.undertone.com
1 ce.lijit.com cdn.undertone.com
1 px.ads.linkedin.com cdn.undertone.com
1 js.alocdn.com www.googletagmanager.com
1 static.ads-twitter.com www.theepochtimes.com
1 secure.quantserve.com www.theepochtimes.com
1 euexchangesync.digitaleast.mobi 1 redirects
1 trace.mediago.io 1 redirects
1 ad4m.at ssum-sec.casalemedia.com
1 sync.inmobi.com 1 redirects
1 api.smartocto.com tentacles.smartocto.com
1 analytics.pangle-ads.com 1 redirects
1 a.c.appier.net 1 redirects
1 ads.travelaudience.com 1 redirects
1 s.tribalfusion.com
1 google.partners.tremorhub.com 1 redirects
1 dsp.adkernel.com 1 redirects
1 r.turn.com 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
1 idx.liadm.com b-code.liadm.com
1 d7d3cf2e81d293050033-3dfc0615b0fd7b49143049256703bfce.ssl.cf1.rackcdn.com services.epoch.cloud
1 rp4.liadm.com
1 rp.liadm.com 1 redirects
1 b-code.liadm.com rumcdn.geoedge.be
1 cdn.epoch.cloud
1 cdn.jsdelivr.net hb.improvedigital.com
1 pub.headerlift.com hb.improvedigital.com
1 use.fontawesome.com comment.youmaker.com
1 download.gameanalytics.com html5.gamedistribution.com
1 tracker-v4.gamedock.io html5.api.gamedistribution.com
1 tracker.gamemonkey.org cdn.gamemonkey.org
1 cdn.gamemonkey.org html5.api.gamedistribution.com
1 region1.google-analytics.com www.googletagmanager.com
1 clientcdn.pushengage.com rumcdn.geoedge.be
1 s3-us-west-2.amazonaws.com www.theepochtimes.com
1 www.googleadservices.com rumcdn.geoedge.be
1 stats.g.doubleclick.net www.googletagmanager.com
1 pwe.epochbase.com www.theepochtimes.com
1 polyfill.io www.theepochtimes.com
0 sync-dmp.aura-dsp.com Failed 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
845 205

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
help.theepochtimes.com
www.geoedge.com
Subject Issuer Validity Valid
*.theepochtimes.com
Sectigo RSA Domain Validation Secure Server CA		 2023-06-18 -
2024-07-17		 a year crt.sh
gw.geoedge.be
Amazon RSA 2048 M01		 2023-08-12 -
2024-09-09		 a year crt.sh
polyfill.io
Certainly Intermediate R1		 2023-12-02 -
2024-01-01		 a month crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
epoch.cloud
GTS CA 1P5		 2023-10-30 -
2024-01-28		 3 months crt.sh
gamedistribution.com
Amazon RSA 2048 M02		 2023-08-20 -
2024-09-18		 a year crt.sh
*.epochbase.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-17 -
2024-01-17		 a year crt.sh
*.undertone.com
Amazon RSA 2048 M02		 2023-08-03 -
2024-08-30		 a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2023-06-23 -
2024-07-22		 a year crt.sh
*.postrelease.com
Amazon RSA 2048 M02		 2023-10-27 -
2024-11-23		 a year crt.sh
*.colossusssp.com
Go Daddy Secure Certificate Authority - G2		 2023-09-08 -
2024-10-09		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
*.minutemedia-prebid.com
Amazon ECDSA 256 M01		 2023-04-18 -
2024-05-16		 a year crt.sh
*.youmaker.com
Sectigo RSA Domain Validation Secure Server CA		 2023-06-18 -
2024-07-17		 a year crt.sh
*.google.ch
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.s3-us-west-2.amazonaws.com
Amazon RSA 2048 M01		 2023-10-10 -
2024-08-03		 10 months crt.sh
*.pushengage.com
AlphaSSL CA - SHA256 - G4		 2023-02-07 -
2024-03-10		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
mp.theepochtimes.com
GlobalSign Atlas R3 DV TLS CA 2023 Q4		 2023-10-24 -
2024-11-24		 a year crt.sh
gamemonkey.org
Amazon RSA 2048 M01		 2023-04-26 -
2024-05-24		 a year crt.sh
headerlift.com
E1		 2023-12-03 -
2024-03-02		 3 months crt.sh
*.gameanalytics.com
Amazon RSA 2048 M02		 2023-06-21 -
2024-07-19		 a year crt.sh
use.fontawesome.com
Cloudflare Inc ECC CA-3		 2023-10-12 -
2024-10-10		 a year crt.sh
improvedigital.com
Amazon RSA 2048 M01		 2023-03-06 -
2024-04-03		 a year crt.sh
api.gameanalytics.com
GeoTrust TLS ECC CA G1		 2023-04-27 -
2024-05-20		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.liadm.com
Amazon RSA 2048 M03		 2023-12-02 -
2024-12-29		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.airbrake.io
SSL.com RSA SSL subCA		 2023-10-11 -
2024-11-10		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.ssl.cf1.rackcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-27 -
2024-03-28		 a year crt.sh
misc-sni.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.smartocto.com
R3		 2023-11-08 -
2024-02-06		 3 months crt.sh
ingestion.smartocto.com
Amazon RSA 2048 M01		 2023-10-11 -
2024-11-08		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
*.rubiconproject.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-03-07 -
2024-04-03		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-29 -
2024-02-21		 6 months crt.sh
*.ads.stickyadstv.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-19 -
2024-05-19		 a year crt.sh
*.w55c.net
Amazon RSA 2048 M02		 2023-05-29 -
2024-06-25		 a year crt.sh
quantserve.com
R3		 2023-10-28 -
2024-01-26		 3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2023-10-24 -
2024-04-21		 6 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
*.alocdn.com
Go Daddy Secure Certificate Authority - G2		 2023-02-02 -
2024-03-05		 a year crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2023-04-04 -
2024-04-21		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-11-30 -
2024-01-01		 a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2023-03-03 -
2024-03-31		 a year crt.sh
tr.blismedia.com
GTS CA 1D4		 2023-12-02 -
2024-03-01		 3 months crt.sh
*.id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
adentifi.com
Amazon RSA 2048 M01		 2023-07-06 -
2024-08-03		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-07 -
2024-02-08		 a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-08-29 -
2024-08-29		 a year crt.sh
tags.wdsvc.net
Go Daddy Secure Certificate Authority - G2		 2023-10-18 -
2024-11-01		 a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 06		 2023-02-13 -
2024-02-08		 a year crt.sh
trovo-tag.com
Amazon RSA 2048 M02		 2023-04-08 -
2024-05-07		 a year crt.sh
*.match.prod.bidr.io
Amazon RSA 2048 M03		 2023-11-28 -
2024-12-26		 a year crt.sh
a.usbrowserspeed.com
Amazon RSA 2048 M01		 2022-12-01 -
2023-12-30		 a year crt.sh
accounts.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh

This page contains 58 frames:

Primary Page: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Frame ID: C21784C5673162F391BCEE9A0F54F038
Requests: 190 HTTP requests in this frame

Frame: https://html5.gamedistribution.com/c8ba1cb2f23d40b5a19fd606fcc3e50b/?gd_sdk_referrer_url=https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287/&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1
Frame ID: D105C41C4D27877143851EBBE02B9289
Requests: 40 HTTP requests in this frame

Frame: https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
Frame ID: 1ED7C787BD1060C7ECDEA8BFBCEBAA70
Requests: 43 HTTP requests in this frame

Frame: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Frame ID: E6A23921F4F4B1007E51BEC41C016890
Requests: 193 HTTP requests in this frame

Frame: https://subs.theepochtimes.com/template/show?tid=signin&sid=www.theepochtimes.com&v=6&ck=JTdCJTIyZXBvY2hfdXNlcl9pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Nlc3Npb25pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Rva2VuJTIyJTNBJTIyJTIyJTJDJTIyZXBvY2hfc3Vic2NyaWJlZCUyMiUzQSUyMiUyMiU3RA==&pl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&u=JTdCJTIyaW5mbyUyMiUzQSU3QiUyMmNsaWVudElkJTIyJTNBJTIyNWI3NWRhMjMtNTBjZS00NmIxLWJlMzMtZmFhODFmZmFjYzAwJTIyJTJDJTIyaWQlMjIlM0ElMjIlMjIlMkMlMjJuZXdJZCUyMiUzQTAlMkMlMjJlbWFpbCUyMiUzQSUyMiUyMiUyQyUyMnBpY3R1cmUlMjIlM0ElMjIlMjIlMkMlMjJuYW1lJTIyJTNBJTIyJTIyJTJDJTIyZmlyc3ROYW1lJTIyJTNBJTIyJTIyJTJDJTIybGFzdE5hbWUlMjIlM0ElMjIlMjIlMkMlMjJyZWdpc3RlckRhdGUlMjIlM0EwJTJDJTIyaXNFbWFpbFZlcmlmaWVkJTIyJTNBZmFsc2UlN0QlMkMlMjJnZW8lMjIlM0ElN0IlMjJjb3VudHJ5JTIyJTNBJTIyVVMlMjIlMkMlMjJjaXR5JTIyJTNBJTIyVkElMjIlMkMlMjJ0aW1lem9uZSUyMiUzQSUyMkFtZXJpY2ElMkZOZXdfWW9yayUyMiUyQyUyMmxhdGl0dWRlJTIyJTNBMzkuMDA2NCUyQyUyMmxvbmdpdHVkZSUyMiUzQS03Ny40MTk5JTdEJTJDJTIyc3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMmhpc3RvcmljU3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMnN1YnNjcmlwdGlvbiUyMiUzQSU3QiUyMnN1YnNjcmliZWQlMjIlM0FmYWxzZSUyQyUyMnJlZ2lvbklkJTIyJTNBJTIyJTIyJTJDJTIyc3Vic2NyaXB0aW9uVHlwZSUyMiUzQSUyMiUyMiUyQyUyMnBsYW5JZCUyMiUzQSUyMiUyMiUyQyUyMmV4cGlyYXRpb24lMjIlM0EwJTdEJTdE&tn=EET%20-%20Responsive%20Signin%20Bar&theme=default
Frame ID: 2210C85179E610219C64B3B2AFB94C3A
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_fy2021.html?hello=world
Frame ID: F218F7EB2EB302398745BE44C50D5BAD
Requests: 1 HTTP requests in this frame

Frame: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A8578B4773F1C847B5CF24EC115700D6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D7DC3CF1FC80B91BC3C6D12C9F54DC6F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 92ED3310D8F580AFE4839D5A15ACEE54
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&adk=1812271804&adf=3279755397&plat=1%3A520%2C2%3A520%2C3%3A66048%2C4%3A66048%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&channel=4089988593&format=0x0&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713659611&bpp=2&bdt=880&idt=308&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&nras=1&correlator=242626550806&frm=24&ife=1&pv=2&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.ch2v4ts8411&fsb=1&dtd=315
Frame ID: F28411E2B331A9360DB5113625DB0EB3
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.607.0_en.html
Frame ID: 70D0B990A79B0B85A0AB2B019154786F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 4BBFAE6C0B27E1E83CDE5B92D6B562DF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B45E51085E9C0D11D52A4F43DDEA585B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 31C351E6B7150D19035A381F88DEDA82
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Frame ID: FEFE04A5B8914EA01EC95AEF0D907EE2
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Frame ID: 4BC6156D397AE7B68BE428F4EE1FF3A9
Requests: 5 HTTP requests in this frame

Frame: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 296D2F0407C683722326A813C08BDF27
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQt6j7zAIYo6rV5gEwAQ&v=APEucNWd40ThvCMns9q779CLQoaxgFN4w_xXkKiC7X-ua3CCBokgztu7x2U5y8LXEyWyZEeq7bCS7s13VeKSDxA9-A_maEmfLw
Frame ID: 3983B732A25A0A803067AC95122DF6BF
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 128871F5A0E782DB0EBE04660A2B3643
Requests: 9 HTTP requests in this frame

Frame: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Frame ID: 3783D586764A6389CE4644CBC945DEB8
Requests: 18 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto%3A400
Frame ID: 076847326BACBBEEB550ECD5330D5BB3
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 095C5DF78A139A26DDBC4BFE4571481D
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Frame ID: 3DA4B6181DAF991DFD34513016BB01E7
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 3660210B52B4F0B2167BDDB6C4BFD3A3
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E12D0A82E91CA076B52A9EE41D11EA5D
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 452658A139E5CAC462D01030011F78F7
Requests: 9 HTTP requests in this frame

Frame: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DAB97B5DBBB1A4F76BB6E77B85C93908
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 8E722C65E126541B8D1AE857DF32BCF8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 39771034F67E7721D76EBAC988E4D57E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYn6KkgAIwAQ&v=APEucNV74OYY2cwpqwE9u2qa9ygYualgexktEFncv0CcbfS2-q4eQkIi2Ppg0z2jx5_dkVC_ng2DBR9onzwN5kSVhKliKP9DCg
Frame ID: 83416F5F4A742782E91D5982C166BA12
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5AEDECB90FB92D779D748C07DC1122A4
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
Frame ID: 57AC978D30E970E9E81C3F1323B22E14
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: E435A2D8584350617CC269E671741ADF
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1701713659346
Frame ID: AD2C907F14C82C39771E8CD8C507E560
Requests: 1 HTTP requests in this frame

Frame: https://cdn.undertone.com/js/usersync.html
Frame ID: 3AF05F07B4B93989879E9F134C00CB9F
Requests: 8 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1701713659814
Frame ID: 0D50DF9390253339CDB8831677331C76
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1701713659326
Frame ID: D841EC84724C1FCA0E41A8EB5CE8DFF1
Requests: 1 HTTP requests in this frame

Frame: https://cdn.undertone.com/js/usersync.html
Frame ID: 5C08480275771D628EE4404FFBC774D2
Requests: 8 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1701713659341
Frame ID: 33938DD3EB2A0E53109E8D61FF2F52AE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.undertone.com/js/usersync.html
Frame ID: 864F9091E5FDBF2CA7964A13F3DAE80B
Requests: 8 HTTP requests in this frame

Frame: https://cdn.undertone.com/js/usersync.html
Frame ID: FA7EEB1075AC8D4E918A408D067A9FD5
Requests: 8 HTTP requests in this frame

Frame: https://cdn.undertone.com/js/usersync.html
Frame ID: 49BCD22EF4FA6BE325102178D99E5A32
Requests: 8 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1701713659354
Frame ID: ADA1F25480608D5F2EF5115CC15D95EF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 832CCB6A546352FB2DE41046296B0248
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Frame ID: F9B060527D5DAA5230643EF7DE1EC8B8
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=12776
Frame ID: FD26046C17DBC90F466CCF7EF6C29EB9
Requests: 18 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Frame ID: CDECA1BCD11B15D5CEB65747C2417030
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=12776
Frame ID: B3ADC06C830D4579C725A99B5D3C10B6
Requests: 19 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Frame ID: F58AB5E4A10F153E4EB558AEBBA37AF6
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=12776
Frame ID: 2D6800A5C0D55FE34D876D0AD8364486
Requests: 20 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Frame ID: FAA968F50CF92B26BF43BE9AB2EB62A8
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=12776
Frame ID: F89C2D88B4769DF0A567B866DE7DA9C1
Requests: 19 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Frame ID: 34011CE2532A69EBB696BBA1DECE98B5
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=12776
Frame ID: CAA0F491993330D7AC4CDC4EE0264212
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 0883BAA12A4C11BDD85AE879ED8861D5
Requests: 1 HTTP requests in this frame

Frame: https://cti.w55c.net/ct/cms-2c-rubicon.html
Frame ID: 405C43F50787FEA00E8EAB564F23C160
Requests: 4 HTTP requests in this frame

Frame: https://a.clickcertain.com/px/cont/?c=244b81b94c69796&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&cn=CH&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Frame ID: 2A07E72CD8D5C7936156012FFE7B6724
Requests: 6 HTTP requests in this frame

Frame: https://tag.trovo-tag.com/193f0456?rurl=https%3A%2F%2Fa.clickcertain.com%2Fpx%2Fcont%2F%3Fc%3D244b81b94c69796%26ccid%3D390f724b-8c59-4bcd-bc80-dd3a9c030e7b%26cn%3DCH%26rid%3D795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&ref=&v=js-0.1.0&aid=193f0456&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Frame ID: 6E82591F69744D7D32AB8E3DFA4F0821
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Words of Wonders - Play Now online & 100% Free | The Epoch Times

Detected technologies

Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • clientcdn\.pushengage\.\w+/core
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • https?://an\.yandex\.ru/
Overall confidence: 100%
Detected patterns
  • zepto.*\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

845
Requests

71 %
HTTPS

30 %
IPv6

140
Domains

205
Subdomains

134
IPs

13
Countries

8961 kB
Transfer

23914 kB
Size

192
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://unpkg.com/web-streams-polyfill/dist/polyfill.min.js HTTP 302
  • https://unpkg.com/web-streams-polyfill@3.2.1/dist/polyfill.min.js
Request Chain 102
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&label=HsWbCMacxuUDEMeMlJgD&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&value=0&auid=908822389.1701713659&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&ocp_id=-xZuZY7REvKr9u8Px4iY-AI&sscte=1&crd=&eitems=ChEIgI62qwYQ2cH0ifKD6eG6ARIdALib_KsimMsRnRkMxcsz9E0WoQcTHSBmfws5Vxs&pscrd=EkxDaEFJZ0k2MnF3WVEyWXZWbUlpWl9mRm5FaVVBZkloUHNrSU4tZWg0S1dkMHhkbXRxNmNsN215cm52aHA2QlAxY0JOMFFORVJ3RXdfGldDaEFJZ0k2MnF3WVFwdGZCLUxMLWhkbHdFaTBBSDVqUHE1a0tka2FKWmp0OHMzbGhlZnhEM1BwN0lMQXFBY0gwOGFnTFctLTV4bUVId3NROGtGSUNFM0UiEwjOurCxsfaCAxXylf0HHUcEBi8 HTTP 302
  • https://www.google.com/pagead/1p-conversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&label=HsWbCMacxuUDEMeMlJgD&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&value=0&auid=908822389.1701713659&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0k2MnF3WVEyWXZWbUlpWl9mRm5FaVVBZkloUHNrSU4tZWg0S1dkMHhkbXRxNmNsN215cm52aHA2QlAxY0JOMFFORVJ3RXdfGldDaEFJZ0k2MnF3WVFwdGZCLUxMLWhkbHdFaTBBSDVqUHE1a0tka2FKWmp0OHMzbGhlZnhEM1BwN0lMQXFBY0gwOGFnTFctLTV4bUVId3NROGtGSUNFM0UiEwjOurCxsfaCAxXylf0HHUcEBi8&is_vtc=1&ocp_id=-xZuZY7REvKr9u8Px4iY-AI&cid=CAQSKQDICaaND5II-ECyeBouuKdt37BvLx10_ictLE3JvcTv358rc87Ruzt4&eitems=ChEIgI62qwYQ2cH0ifKD6eG6ARIdALib_KvaDanocuQbgQClwn_7v-SbDSOEoKzXhyM&random=826686558 HTTP 302
  • https://www.google.ch/pagead/1p-conversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&label=HsWbCMacxuUDEMeMlJgD&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&value=0&auid=908822389.1701713659&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0k2MnF3WVEyWXZWbUlpWl9mRm5FaVVBZkloUHNrSU4tZWg0S1dkMHhkbXRxNmNsN215cm52aHA2QlAxY0JOMFFORVJ3RXdfGldDaEFJZ0k2MnF3WVFwdGZCLUxMLWhkbHdFaTBBSDVqUHE1a0tka2FKWmp0OHMzbGhlZnhEM1BwN0lMQXFBY0gwOGFnTFctLTV4bUVId3NROGtGSUNFM0UiEwjOurCxsfaCAxXylf0HHUcEBi8&is_vtc=1&ocp_id=-xZuZY7REvKr9u8Px4iY-AI&cid=CAQSKQDICaaND5II-ECyeBouuKdt37BvLx10_ictLE3JvcTv358rc87Ruzt4&eitems=ChEIgI62qwYQ2cH0ifKD6eG6ARIdALib_KvaDanocuQbgQClwn_7v-SbDSOEoKzXhyM&random=826686558&ipr=y
Request Chain 110
  • https://pm.azerioncircle.com/p/locus HTTP 302
  • https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
Request Chain 145
  • https://pm.azerioncircle.com/p/locus HTTP 302
  • https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
Request Chain 235
  • https://rp.liadm.com/j?dtstmp=1701713660326&se=e30&duid=57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt&tna=v2.11.1&pu=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&wpn=lc-bundle HTTP 302
  • https://rp4.liadm.com/j?se=e30&duid=57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt&tna=v2.11.1&dtstmp=1701713660326&n3pc=true&wpn=lc-bundle&pu=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&i6=MmEwMjo2ZWEwOmQ0MTg6MDo1YjM6OjE%3D
Request Chain 463
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1&C=1
Request Chain 464
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW4W-SAFyxM2N7grS6e6YQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1
Request Chain 470
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKwngGYRXnp3nykPq7lrG04&google_cver=1&google_push=AXcoOmQqU2P9S8R_F2TTWHI_AzpdpKYNfmYoWSezpktXkvb27mmHo4-wdU5NHwr2Go9F0xK1tPgwxgbI1SMokRE0hOiPvXbHjRA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDE4NTE1MjE1NTkxMjY2NDE0Mg==&gdpr=&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKwngGYRXnp3nykPq7lrG04&google_cver=1
Request Chain 471
  • https://um.simpli.fi/gp_match?google_gid=CAESEMzFssmdbBW6nTetwDYBKAg&google_cver=1&google_push=AXcoOmQx-IqPopX0BzHud-nkoT5zz9VJMJZS4BbI_Cu7HD1XQC22ewUQ2EYI-APh3T5WEQfFfp_SsMAE2N-KuVAydvxwTe9OdfUQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQx-IqPopX0BzHud-nkoT5zz9VJMJZS4BbI_Cu7HD1XQC22ewUQ2EYI-APh3T5WEQfFfp_SsMAE2N-KuVAydvxwTe9OdfUQ
Request Chain 472
  • https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESELD8xwO0x_jpjqG0m9IgZm4&google_cver=1&google_push=AXcoOmRUzRTB2RXe2Ytwfv1P0Q_iAEPKVMX8ttFImC_aQpE1oXiJuj37uR-b30KQB37JZBw4KQkeKOCbfLhGV3MRzojUq7wTRoSt HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTY4ODYwMjcyOTg2Njk2NDgwNTM&google_push=AXcoOmRUzRTB2RXe2Ytwfv1P0Q_iAEPKVMX8ttFImC_aQpE1oXiJuj37uR-b30KQB37JZBw4KQkeKOCbfLhGV3MRzojUq7wTRoSt
Request Chain 473
  • https://google.partners.tremorhub.com/sync?UIDF=CAESEMHCKeSK8oQuG9jO0zTp-SU&google_cver=1&google_push=AXcoOmR1mcpgwgKRy8NpkJPBSAvY8syMJ6IxoAA7DJl4Os0zhoORQSjlPqP_vcKrnXCGHIO5fL7QssaNbH6aiJPSuyNgXLFdqkk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=NmVjYjk5OGUwMTRkNGRlYzgxYmViYzYzOGFlYTJjMTg%3D&UIDF=CAESEMHCKeSK8oQuG9jO0zTp-SU&google_cver=1&google_push=AXcoOmR1mcpgwgKRy8NpkJPBSAvY8syMJ6IxoAA7DJl4Os0zhoORQSjlPqP_vcKrnXCGHIO5fL7QssaNbH6aiJPSuyNgXLFdqkk
Request Chain 474
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJL4yZA79_cIe4ymZBPq9YA&google_cver=1&google_push=AXcoOmSwJxTKVzulxqZ5ERWVJR0nur2uz54U-GiOW4_moDK4m3mi6hCJXnB8odUR5k_T21CmVbHVKWRDpsKf1TptztDfBLXaTtvmSQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSwJxTKVzulxqZ5ERWVJR0nur2uz54U-GiOW4_moDK4m3mi6hCJXnB8odUR5k_T21CmVbHVKWRDpsKf1TptztDfBLXaTtvmSQ HTTP 302
  • https://onetag-sys.com/match/?int_id=19&google_error=5
Request Chain 475
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEI3rox4QxwbY6XECj8pGpEs&google_cver=1&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPzHneqtKb9xT3MKwCRdnltkjX HTTP 302
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESEI3rox4QxwbY6XECj8pGpEs&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPzHneqtKb9xT3MKwCRdnltkjX&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPzHneqtKb9xT3MKwCRdnltkjX&google_hm=dmkzb2NDeXAzdkduaFdjNmpYLXU=
Request Chain 476
  • https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_gid=CAESEBsnZ3CC3p6UX9_moExVORs&google_cver=1&google_push=AXcoOmT00L4PxiCzjMUy2SgPbwjzhEC5en3YAVSZZZwQq14XqA-y04FOuAGUwAn9loZscoIIGZohH2ltfogWGmVV1GEmnIeLEjRuKw HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&google_cver=1&google_gid=CAESEBsnZ3CC3p6UX9_moExVORs&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmT00L4PxiCzjMUy2SgPbwjzhEC5en3YAVSZZZwQq14XqA-y04FOuAGUwAn9loZscoIIGZohH2ltfogWGmVV1GEmnIeLEjRuKw&gdpr=${GDPR}
Request Chain 491
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEJSljpuA-jYS58KUQk-gel0&google_cver=1&google_push=AXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSljpuA-jYS58KUQk-gel0&google_cver=1&google_push=AXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Request Chain 492
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESENHYKjsc3tbdIhjVONFZcrY&google_cver=1&google_push=AXcoOmRWY6rDlMeVhbTVU5KtWiojOq5GG2V-qSuXTJQZOE0iWfDwRha21rS_L5lo8JjTZkzJbDVzbOEdEvLeYrOGzceaFWxO2iLv1u6IUZdMGLbayyaL3G376RsosdfIiiHRaanPn52feY9t7YKj-wxJTV9dZlo HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lKGTYD3QRrQ6R60-t2BRNg&google_push=AXcoOmRWY6rDlMeVhbTVU5KtWiojOq5GG2V-qSuXTJQZOE0iWfDwRha21rS_L5lo8JjTZkzJbDVzbOEdEvLeYrOGzceaFWxO2iLv1u6IUZdMGLbayyaL3G376RsosdfIiiHRaanPn52feY9t7YKj-wxJTV9dZlo
Request Chain 493
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQkpQO1an2rN0pn45Th4UmA8nnBApNVdkGAnTgWs0757bKGCaURMliCMVPsKdH938TwCqazwfebQIVpoc-EcbSxuj4NGGDYHnAt65J1iRFDxAQtNgGh-S8K-Oqydy9a1l3JYt1OXOmHWkfKyHcLySdFmpk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MTA4MGZkNTEtZjJhOC00NWZiLTliNmUtOWRlZjg1MWRmYjJm&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQkpQO1an2rN0pn45Th4UmA8nnBApNVdkGAnTgWs0757bKGCaURMliCMVPsKdH938TwCqazwfebQIVpoc-EcbSxuj4NGGDYHnAt65J1iRFDxAQtNgGh-S8K-Oqydy9a1l3JYt1OXOmHWkfKyHcLySdFmpk
Request Chain 494
  • https://a.c.appier.net/gcm?google_gid=CAESEABYIyhjev9ohuiz3pPaqBc&google_cver=1&google_push=AXcoOmSKvo1-cIvT3uGfBKamE9FQtP6fKWFIJI36xBzlxrO2Yc30YR418wVPI2mZXfJbRVKj5keSe-0NFUPNniR-pq7s9EELkGdWSlgHSW6yUcC0csObMtOVR35oPzKQorptgBaDdk4xLKUWF63GzCBScXVyEB0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=RU12U3pRejlELW1TSjUtc19SWnVaUQ%3D%3D&google_push=AXcoOmSKvo1-cIvT3uGfBKamE9FQtP6fKWFIJI36xBzlxrO2Yc30YR418wVPI2mZXfJbRVKj5keSe-0NFUPNniR-pq7s9EELkGdWSlgHSW6yUcC0csObMtOVR35oPzKQorptgBaDdk4xLKUWF63GzCBScXVyEB0
Request Chain 495
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_cver=1&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5PjUHRuYfCK4jR8wa5HnRcvp6T_cVy_ugpPsdyYsh7IftrN5xTxiUjZu5g2SMZ52z7NNCvWYEWE HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5PjUHRuYfCK4jR8wa5HnRcvp6T_cVy_ugpPsdyYsh7IftrN5xTxiUjZu5g2SMZ52z7NNCvWYEWE&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5PjUHRuYfCK4jR8wa5HnRcvp6T_cVy_ugpPsdyYsh7IftrN5xTxiUjZu5g2SMZ52z7NNCvWYEWE&google_hm=RkI3NU5JSndERkpwS1A0Q0QxN1Q=
Request Chain 496
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIVeWUcy0G0nzJj-NA968-A&google_cver=1&google_push=AXcoOmQO6DCmcas1ZpUPY0Tt4GtCIGR2EruYyhGWHojhAwFUompSc-KXJx0jzX_fra5k86MGmy-FEuM2uFflLeZCAsVI4aafrhm4meeI2eY3aubpobpOqmJJumtUeEKxZFjjYqO059hCvyVpl9Hx6WzTGtET4EE HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQO6DCmcas1ZpUPY0Tt4GtCIGR2EruYyhGWHojhAwFUompSc-KXJx0jzX_fra5k86MGmy-FEuM2uFflLeZCAsVI4aafrhm4meeI2eY3aubpobpOqmJJumtUeEKxZFjjYqO059hCvyVpl9Hx6WzTGtET4EE&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Request Chain 497
  • https://an.yandex.ru/mapuid/google/CAESEEKCHEEdGNAINLekd9JbUeo?ext-param=AXcoOmRYnXcVu5QntGjq6CViEYWD7J6J9p6lMb4l2gbZFjVXknyG2tl1vN7OVRyBfTR9cMRuaVO0i79H9YJih_5MQT0HmYLAVYe3crcyMcXAm_N9UYCOo9ET2ULrC9HYTXhwR-KDPOgS7SyLWi7UXDwusqiG81M&partner-tag=yandex_ag&google_cver=1 HTTP 302
  • https://an.yandex.ru/mapuid/google/CAESEEKCHEEdGNAINLekd9JbUeo?redir-setuniq=1&ext-param=AXcoOmRYnXcVu5QntGjq6CViEYWD7J6J9p6lMb4l2gbZFjVXknyG2tl1vN7OVRyBfTR9cMRuaVO0i79H9YJih_5MQT0HmYLAVYe3crcyMcXAm_N9UYCOo9ET2ULrC9HYTXhwR-KDPOgS7SyLWi7UXDwusqiG81M&partner-tag=yandex_ag&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEEKCHEEdGNAINLekd9JbUeo&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
  • https://an.yandex.ru/resource/spacer.gif
Request Chain 523
  • https://um.simpli.fi/gp_match?google_gid=CAESEMzFssmdbBW6nTetwDYBKAg&google_cver=1&google_push=AXcoOmQlDZukmN71yr1ixnr-wMOYDYRL9mQttAxO-6eJSgI8gfvdeG4Or6v-X5uRhCAOBzvA4lC-nk0CpgZyxdZtAKH6VGeEZ71IXS4Y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQlDZukmN71yr1ixnr-wMOYDYRL9mQttAxO-6eJSgI8gfvdeG4Or6v-X5uRhCAOBzvA4lC-nk0CpgZyxdZtAKH6VGeEZ71IXS4Y
Request Chain 524
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQWMMDzfzGcgMTj0tsm0zeHTwX9rfNpySsKurRZOlZ13lKu4TFFIKqCtc8gtrsVfR3S9skYO6NdzvQgi6X4CM-XSr6De4FcfQKG HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=Njg3NDQxM2QtOWM4NC00NjEwLTlmZmMtMWEyYjE0MjBmZGUx&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQWMMDzfzGcgMTj0tsm0zeHTwX9rfNpySsKurRZOlZ13lKu4TFFIKqCtc8gtrsVfR3S9skYO6NdzvQgi6X4CM-XSr6De4FcfQKG
Request Chain 525
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAqLkz6OeF1gfVEqNuWDlRo&google_cver=1&google_push=AXcoOmTZHQJpmvEhPByDkB9yJgXOZWlcOxJEXCyPfUbArHrLO28HVn_STPYZh_-aDQ8qnQfWaIuJbKaix_vibscLlHLvm1xS-32dsazE HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZHQJpmvEhPByDkB9yJgXOZWlcOxJEXCyPfUbArHrLO28HVn_STPYZh_-aDQ8qnQfWaIuJbKaix_vibscLlHLvm1xS-32dsazE&google_hm=eS0wdlJraXJkRTJwSF85OTNWNEg1T0JvcnNfTV9KcEFjWH5B
Request Chain 526
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEA6QefFt9EbuNwE2EUtQeu8&google_cver=1&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQhK8__yOJhEGn-rTLfO1t8XQ-9C9Qs HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEA6QefFt9EbuNwE2EUtQeu8&google_cver=1&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQhK8__yOJhEGn-rTLfO1t8XQ-9C9Qs HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg2NDUzNDY2MDY2MjE3NjQ0Mg&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQhK8__yOJhEGn-rTLfO1t8XQ-9C9Qs
Request Chain 527
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_cver=1&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX641y5KJ5AMzIAsJUim3e HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX641y5KJ5AMzIAsJUim3e&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX641y5KJ5AMzIAsJUim3e&google_hm=RDhHeUNiYTlHVG9HR29jclgzSUk=
Request Chain 528
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIVeWUcy0G0nzJj-NA968-A&google_cver=1&google_push=AXcoOmSXj73ZN342s-2WlPKYXmzWs7iw0tIyOVNsVVmOCG6LEKSPw40Ww36Nyizii6TQ3SInC1-fbPo4LcsuOxAOUnwJgFyDgz8BwS_AYg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmSXj73ZN342s-2WlPKYXmzWs7iw0tIyOVNsVVmOCG6LEKSPw40Ww36Nyizii6TQ3SInC1-fbPo4LcsuOxAOUnwJgFyDgz8BwS_AYg&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Request Chain 529
  • https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEJiSBWtHv-MpQeB57YaOwKk&google_cver=1&google_push=AXcoOmSnMBFJFdYHUjareBFCZNIiQOZaaT5ohXAPziPT_MKi8a2M-hYXjqGAQPpmd2w8BOKphW2GkfK7x6jaFtFju2AW35xWQlG27FX2mw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSnMBFJFdYHUjareBFCZNIiQOZaaT5ohXAPziPT_MKi8a2M-hYXjqGAQPpmd2w8BOKphW2GkfK7x6jaFtFju2AW35xWQlG27FX2mw
Request Chain 560
  • https://p.alocdn.com/c/vn3d8u2u/a/etarget/p.gif?label=5N0H11N-collect-%257B%2522script%2522%253A%2522https%253A%252F%252Fs3-us-west-2.amazonaws.com%252Fjsstore%252Fa%252F5n0h11n%252Fge.js%2522%252C%2522ver%2522%253A%25221.6.1%2522%252C%2522guid%2522%253A%2522326d3e35-56a8-4b12-8271-4ba1e2bb4962%2522%257D&title=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287 HTTP 302
  • https://p.alocdn.com/c/vn3d8u2u/a/etarget/p.gif?label=5N0H11N-collect-%257B%2522script%2522%253A%2522https%253A%252F%252Fs3-us-west-2.amazonaws.com%252Fjsstore%252Fa%252F5n0h11n%252Fge.js%2522%252C%2522ver%2522%253A%25221.6.1%2522%252C%2522guid%2522%253A%2522326d3e35-56a8-4b12-8271-4ba1e2bb4962%2522%257D&title=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tdc=1
Request Chain 564
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEG38XHguGpJLl5N5yzSrayU&google_cver=1 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG38XHguGpJLl5N5yzSrayU%26google_cver%3D1
Request Chain 565
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU3MTY3MTUzMDE3MzY1MzQwNg%3D%3D
Request Chain 566
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDAK0BILzlXOD7FL_ezZlvQ&google_cver=1 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEDAK0BILzlXOD7FL_ezZlvQ&google_cver=1
Request Chain 567
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDM4NzNhMzUtZjczNi0yMGY3LWU1MTQtODZkZDUxYmY3Y2Ix
Request Chain 570
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&google_cver=1&google_push=AXcoOmS9hGVEB1VjD7HZMFwouiquGbGHkpBrn-KzlPaESqtl9fLGY4bd4AWG6TEEqzZJdaw8xRlHRVWPUc_0b43YQGK3Jyjhsg HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&google_cver=1&google_push=AXcoOmS9hGVEB1VjD7HZMFwouiquGbGHkpBrn-KzlPaESqtl9fLGY4bd4AWG6TEEqzZJdaw8xRlHRVWPUc_0b43YQGK3Jyjhsg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ejZDTU1wYnYxUmFkc3g1&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&google_cver=1&google_push=AXcoOmS9hGVEB1VjD7HZMFwouiquGbGHkpBrn-KzlPaESqtl9fLGY4bd4AWG6TEEqzZJdaw8xRlHRVWPUc_0b43YQGK3Jyjhsg
Request Chain 571
  • https://um.simpli.fi/gp_match?google_gid=CAESEMzFssmdbBW6nTetwDYBKAg&google_cver=1&google_push=AXcoOmQ76sR5aUB5Xexr-4JVnZqPVf21kDUk23UInwU_U4aJ0AK34JQ4i2FdGSDSxF-YMIQMn3uWM7_krY0DPSvs1si1BA1ZBCA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQ76sR5aUB5Xexr-4JVnZqPVf21kDUk23UInwU_U4aJ0AK34JQ4i2FdGSDSxF-YMIQMn3uWM7_krY0DPSvs1si1BA1ZBCA
Request Chain 573
  • https://ums.acuityplatform.com/tum?umid=4&uid=CAESEDgVW_vwgNfzoMdME0fZyYo&google_cver=1&google_push=AXcoOmSOYPeWG_RMlFrbBhnl4U1c16vHTw8rW_2W2L9Okv7GMLRHaT_G2iNf9PYlwhlUcsuHo3INm0-MckMt0w-EbIT_UXW0G9k HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=860275122398&us_privacy=1---
Request Chain 574
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIVeWUcy0G0nzJj-NA968-A&google_cver=1&google_push=AXcoOmRzADoYbVCyJ20gX8vpnTf9pmiRieT5XSAGHSeM5G-gk1652ur1UUuvcZmcPXDZ8URFO3KGjvIEzqbF_d02y2O2r7r1kfxY HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRzADoYbVCyJ20gX8vpnTf9pmiRieT5XSAGHSeM5G-gk1652ur1UUuvcZmcPXDZ8URFO3KGjvIEzqbF_d02y2O2r7r1kfxY&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Request Chain 575
  • https://sync.inmobi.com/gob?google_gid=CAESEMnarl7Mux7o_wrD_BdXFeI&google_cver=1&google_push=AXcoOmSI5yYxVEK8YE3Q1YuVLVUodrAlUHsW_iB5Jrg1APnuh0SzVvw0ov9lLI7XFA0y9GK59xjjwqK1pGjjOWA7mLod4davd7qj HTTP 302
  • https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSI5yYxVEK8YE3Q1YuVLVUodrAlUHsW_iB5Jrg1APnuh0SzVvw0ov9lLI7XFA0y9GK59xjjwqK1pGjjOWA7mLod4davd7qj
Request Chain 604
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776 HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=12776
Request Chain 605
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid= HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Request Chain 606
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 301
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Request Chain 608
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776 HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-7-ATCK
Request Chain 609
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTkyNDM0Q0YtM0ExRi00QTVFLTk3NTUtQTUzMDZGM0ZEMzJC&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7BUS_PRIVACY%7D HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Request Chain 610
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&ct=y HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Request Chain 611
  • https://ups.analytics.yahoo.com/ups/58545/occ HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Request Chain 613
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid= HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Request Chain 614
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 301
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Request Chain 616
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776 HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-10-LRLV
Request Chain 617
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RUM5QUEwOTUtNDI4MC00MEI3LUJCOUUtODJCMzFENUE2RjZE&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7BUS_PRIVACY%7D HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Request Chain 618
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&ct=y HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Request Chain 619
  • https://ups.analytics.yahoo.com/ups/58545/occ HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Request Chain 621
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776 HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=12776
Request Chain 622
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid= HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Request Chain 623
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 301
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Request Chain 625
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776 HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-13-8CSE
Request Chain 626
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MkMyRTkyRjgtRjBFRS00NUU3LTk3QzYtMUEyMDczNDE5M0Yx&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7BUS_PRIVACY%7D HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Request Chain 627
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&ct=y HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Request Chain 628
  • https://ups.analytics.yahoo.com/ups/58545/occ HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Request Chain 630
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776 HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=12776
Request Chain 631
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid= HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Request Chain 632
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 301
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Request Chain 634
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776 HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-1F-12TL
Request Chain 635
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODAyODhGMEUtRjFBRS00MDU0LUI1OTEtNDYzMjZGRTJDNjcx&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7BUS_PRIVACY%7D HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Request Chain 636
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&ct=y HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Request Chain 637
  • https://ups.analytics.yahoo.com/ups/58545/occ HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Request Chain 639
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776 HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=12776
Request Chain 640
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid= HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Request Chain 641
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 301
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Request Chain 643
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776 HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Request Chain 644
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzZERDlCODgtMjkzNS00NkZGLTlFMkEtNzlBREI5MEM2RjJG&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7BUS_PRIVACY%7D HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Request Chain 645
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c%26partner_url%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D54%2526uid%253Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&ct=y HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3Dcb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Request Chain 646
  • https://ups.analytics.yahoo.com/ups/58545/occ HTTP 302
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Request Chain 648
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776 HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=12776
Request Chain 649
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Request Chain 650
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
Request Chain 653
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=88103294-abc9-46a3-b8f5-2c09d3dc426f
Request Chain 654
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Request Chain 655
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Request Chain 658
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Request Chain 659
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=2E3wjt9OoI_DHvTZ2RnrjY1A9tzDHfbe2k5O4xz7
Request Chain 660
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=365c1b79d4b8193e&is_secure=true&networkId=19998&version=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHrs7wyet_tQMDUwRsAAAAAAA&expiration=1701800062&is_secure=true
Request Chain 662
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d8ca1d57-29b0-4822-d05dae45
Request Chain 663
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=05fad748-f2f0-49fb-a8fb-656bc94656ed
Request Chain 664
  • https://match.adsby.bidtheatre.com/indexmatch?gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=ff39c83c-28be-473d-a3d9-3a4d1b443f27
Request Chain 665
  • https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=7906858919413668267
Request Chain 667
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Request Chain 668
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=8_gGXfT7VlzoqwILofwdDPf8AwHo9VVb9PnwzzV9
Request Chain 669
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=26ac166ddcce18fa&is_secure=true&networkId=19998&version=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAI98omZD1mngNRxDKUAAAAAAA&expiration=1701800062&is_secure=true
Request Chain 670
  • https://ad.turn.com/r/cs?pid=21 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4185152155912664142
Request Chain 671
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
Request Chain 673
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Request Chain 674
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 307
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
Request Chain 676
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Request Chain 677
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=RaGTlkKiw5de8pSWRKyIx0Wgw5Be95TDQqVqAgyW
Request Chain 678
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=1e33eb73d921597&is_secure=true&networkId=19998&version=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHq5xlNF-UfAMD2j3HAAAAAAA&expiration=1701800062&is_secure=true
Request Chain 679
  • https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=tAfc8mllVrldEoksSbg9lJVYG1I
Request Chain 680
  • https://trace.mediago.io/ju/cs/indexexchange HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=f34e96994f4bd6662jydgh00lpr8dldk
Request Chain 681
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
Request Chain 682
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Request Chain 683
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166 HTTP 302
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166&tc=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=5jIdp_cMYjwFDJIBpPuUlLiyDiTSWltxfFoGP03D8RA&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166&tc=1
Request Chain 685
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
Request Chain 686
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Request Chain 688
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@ HTTP 302
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Request Chain 689
  • https://euexchangesync.digitaleast.mobi/usersync/index.gif?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=c0a76c42-facd-4ba4-9136-33a0fd0a40c7
Request Chain 690
  • https://match.prod.bidr.io/cookie-sync/ie HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADXWU7K3C4AABRen1BinA&expiration=1702923262
Request Chain 691
  • https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=6864534660662176442&expiration=1702923306
Request Chain 692
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b9a07935-e20f-5bdb-845d3fbe
Request Chain 714
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776&khaos=LPR8DL2L-T-DLWH HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Request Chain 718
  • https://a.remarketstats.com/px/smart/?c=244b81b94c69796&seg=epochfun/words-of-wonders-ad-supported-5491287 HTTP 302
  • https://a.clickcertain.com/px/smart/a/?c=244b81b94c69796&seg=epochfun/words-of-wonders-ad-supported-5491287 HTTP 302
  • https://a.clickcertain.com/px/?c=244b81b94c69796&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Request Chain 721
  • https://tags.wdsvc.net/controller.js?id=100415 HTTP 302
  • https://tags.wdsvc.net/container.js?id=100415&v=4.10&t=1701713662627
Request Chain 724
  • https://sb.scorecardresearch.com/b?c1=2&c2=24003086&ns__t=1701713662236&ns_c=UTF-8&c8=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&c7=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=24003086&ns__t=1701713662236&ns_c=UTF-8&c8=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&c7=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&c9=
Request Chain 725
  • https://sb.scorecardresearch.com/c2/24003086/cs.js HTTP 302
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
Request Chain 726
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TFBSOERMMkwtVC1ETFdI HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEtDrrFT7wZLWycob2sFnAI&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBSOERMMkwtVC1ETFdI&google_push=
Request Chain 727
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=50MTBBPQRYSaao6WmChpZA&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=50MTBBPQRYSaao6WmChpZA
Request Chain 729
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzIwMGYzMzBiOGFjMTU1MDJjOGJmMGRhMzJlYjdjZDc1MmFiNWZiNA
Request Chain 730
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=4NMXHOxsSFyAY6ZaZAJZSA&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=4NMXHOxsSFyAY6ZaZAJZSA
Request Chain 731
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LPR8DL2L-T-DLWH
Request Chain 732
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/a03wBpSJ7QabjEnft7i6NA?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-uTUu9ldE2oLA4b6.S5E1u95E.BIKLizYdnTAqg--~A
Request Chain 733
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIXa6WpMbdcgUO1CQ3bcxZg&google_cver=1
Request Chain 734
  • https://pixel.rubiconproject.com/exchange/sync.php?p=a9us HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=LPR8DL2L-T-DLWH&ex=d-rubiconproject.com&status=ok
Request Chain 735
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp HTTP 303
  • https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AADXWU7K3C4AABRen1BinA&expires=30
Request Chain 736
  • https://pixel.rubiconproject.com/exchange/sync.php?p=19564 HTTP 302
  • https://capi.connatix.com/us/pixel?puid=LPR8DL2L-T-DLWH&pId=11&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://capi.connatix.com/us/pixel?puid=LPR8DL2L-T-DLWH&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true
Request Chain 737
  • https://pixel.rubiconproject.com/exchange/sync.php?p=sovrn HTTP 302
  • https://ce.lijit.com/merge?pid=80&3pid=LPR8DL2L-T-DLWH
Request Chain 738
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn HTTP 302
  • https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Request Chain 739
  • https://token.rubiconproject.com/token?pid=37556&a=1 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LPR8DL2L-T-DLWH
Request Chain 740
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx HTTP 302
  • https://prebid.a-mo.net/setuid/magnite?uid=LPR8DL2L-T-DLWH
Request Chain 741
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=a89b231c-e1c3-48fc-bc56-cfd6618611f7&expires=30
Request Chain 742
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LPR8DL2L-T-DLWH
Request Chain 743
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694 HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LPR8DL2L-T-DLWH
Request Chain 744
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LPR8DL2L-T-DLWH&redir=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LPR8DL2L-T-DLWH&redir=true HTTP 302
  • https://hb.yahoo.net/cksync?cs=63&axid_e=eS0zYzE3Y1NGRTJ1SDE2S010ZGZQbE80OTFUQ2g2UXUud35B&ovsid=LPR8DL2L-T-DLWH&dpid=58160
Request Chain 745
  • https://sync.srv.stackadapt.com/sync?nid=14 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=tAfc8mllVrldEoksSbg9lJVYG1I
Request Chain 746
  • https://c1.adform.net/serving/cookie/match?party=1164 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=6864534660662176442
Request Chain 747
  • https://dis.criteo.com/dis/usersync.aspx?r=6&p=70&cp=Rubicon&cu=1&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D6434%26nid%3D2149%26put%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=bd4c5837-9d7e-4064-a5a5-1793315702a5
Request Chain 748
  • https://pixel.rubiconproject.com/exchange/sync.php?p=seedtag HTTP 302
  • https://s.seedtag.com/cs/cookiesync/Rubicon?channeluid=LPR8DL2L-T-DLWH
Request Chain 750
  • https://ad.turn.com/r/cs?pid=6 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=4185152155912664142&expires=60&gdpr=&gdpr_consent=
Request Chain 751
  • https://secure.adnxs.com/getuidnb?https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4894%26nid%3D1986%26put%3D$UID%26expires%3D30 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4894&nid=1986&put=8571671530173653406&expires=30
Request Chain 752
  • https://sync.1rx.io/usersync2/rubicon HTTP 302
  • https://sync.1rx.io/usersync2/rubicon?zcc=1&cb=1701713662336 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=5029256281 HTTP 302
  • https://sync.1rx.io/usersync/turn/4185152155912664142?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D186028%26nid%3D4112%26put%3DRX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003%26expires%3D30 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
Request Chain 754
  • https://pixel.rubiconproject.com/exchange/sync.php?p=adyoulike HTTP 302
  • https://visitor.omnitagjs.com/visitor/sync?uid=3496f2c9155784213a7b528f78bb441a&visitor=LPR8DL2L-T-DLWH&name=RUBICON
Request Chain 755
  • https://pixel.rubiconproject.com/exchange/sync.php?p=outbrain HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=rubicon&uid=LPR8DL2L-T-DLWH&obUid=&initiator=
Request Chain 756
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-triple13 HTTP 302
  • https://s2s.t13.io/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Request Chain 757
  • https://pixel.rubiconproject.com/exchange/sync.php?p=unruly HTTP 302
  • https://sync.1rx.io/usersync/rubicon/LPR8DL2L-T-DLWH HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D186028%26nid%3D4112%26put%3DRX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003%26expires%3D30 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
Request Chain 758
  • https://pixel.rubiconproject.com/exchange/sync.php?p=17404 HTTP 302
  • https://exchange.mediavine.com/usersync/redirect?partner=rubicon&partnerId=LPR8DL2L-T-DLWH
Request Chain 759
  • https://pixel.rubiconproject.com/exchange/sync.php?p=minute_media HTTP 302
  • https://cs.minutemedia-prebid.com/cs?aid=21479&id=LPR8DL2L-T-DLWH
Request Chain 761
  • https://token.rubiconproject.com/token?pid=49096 HTTP 302
  • https://i.liadm.com/s/60909?bidder_id=227664&bidder_uuid=LPR8DL2L-T-DLWH HTTP 303
  • https://i6.liadm.com/s/60909?bidder_id=227664&bidder_uuid=LPR8DL2L-T-DLWH
Request Chain 762
  • https://pixel.rubiconproject.com/exchange/sync.php?p=rise_engage HTTP 302
  • https://cs.yellowblue.io/cs?aid=11590&id=LPR8DL2L-T-DLWH
Request Chain 763
  • https://pixel.rubiconproject.com/exchange/sync.php?p=33across HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=1&xu=LPR8DL2L-T-DLWH
Request Chain 764
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=ZW4W-gAEfAQaVQBU HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=ZW4W-gAEfAQaVQBU&_test=ZW4W-gAEfAQaVQBU
Request Chain 765
  • https://um.simpli.fi/rb_match HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=00BF387A687D4BE18B6D8E2E0FFAAC37&expires=365
Request Chain 767
  • https://token.rubiconproject.com/token?pid=2046&pt=n&a=1 HTTP 302
  • https://rubicon-match.dotomi.com/match/bounce/current?networkId=12783&version=1&nuid=VsIPxpHSyEOE4UMVfD0ibw HTTP 302
  • https://rubicon-match.dotomi.com/match/bounce/current?DotomiTest=27cfdb2ea1f017d9&is_secure=true&networkId=12783&version=1&nuid=VsIPxpHSyEOE4UMVfD0ibw HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=5364|1|90&nid=2046&put=AAAHq5xlNF-UjAMLFF4OAAAAAAA&expiration=1701800062&nuid=VsIPxpHSyEOE4UMVfD0ibw&is_secure=true
Request Chain 769
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-medianet HTTP 302
  • https://prebid-s2s.media.net/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Request Chain 770
  • https://bh.contextweb.com/bh/rtset?pid=560687&ev=1&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D390200%26nid%3D5120%26put%3D%25%25VGUID%25%25 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=BvTyb2jPiouM&ev=1&pid=560687
Request Chain 772
  • https://pixel.rubiconproject.com/exchange/sync.php?p=17184 HTTP 302
  • https://sync.aniview.com/cookiesyncendpoint?biddername=5&auid=&key=LPR8DL2L-T-DLWH
Request Chain 773
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776 HTTP 302
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Request Chain 774
  • https://pixel.rubiconproject.com/exchange/sync.php?p=11864 HTTP 302
  • https://crb.kargo.com/api/v1/dsync/Rubicon?exid=LPR8DL2L-T-DLWH
Request Chain 775
  • https://pixel.rubiconproject.com/exchange/sync.php?p=yieldmo HTTP 302
  • https://ads.yieldmo.com/sync?pn_id=rc&id=LPR8DL2L-T-DLWH
Request Chain 776
  • https://dsp.adfarm1.adition.com/cookie/?ssp=7 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=101732&nid=3822&put=7308804525456816287&expires=730
Request Chain 777
  • https://pixel.rubiconproject.com/exchange/sync.php?p=smartadserver HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LPR8DL2L-T-DLWH
Request Chain 778
  • https://b1sync.zemanta.com/usersync/rubicon/ HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
Request Chain 779
  • https://ums.acuityplatform.com/tum?umid=2 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=860275122398&expires=30&us_privacy=1---
Request Chain 780
  • https://pixel.rubiconproject.com/exchange/sync.php?p=24856 HTTP 302
  • https://e.serverbid.com/usersync?cn=5529&ttt=1&dpui=LPR8DL2L-T-DLWH
Request Chain 781
  • https://pixel.rubiconproject.com/exchange/sync.php?p=epsilon HTTP 302
  • https://match.sync.ad.cpe.dotomi.com/w/user.sync?ptrid=14&userid=LPR8DL2L-T-DLWH
Request Chain 782
  • https://pixel.rubiconproject.com/exchange/sync.php?p=loopme HTTP 302
  • https://csync.loopme.me/?partner_id=1441&vt=&uid=LPR8DL2L-T-DLWH
Request Chain 783
  • https://rbp.mxptint.net/sn.ashx HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R33647_10D2D2B49_643B074D&expires=60
Request Chain 784
  • https://cms.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?idmatch=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4939&nid=1902&gdpr=0&put=-XtN1f54HdTiKEmDq39WhP1_SInidh7T_nrvUm_k
Request Chain 785
  • https://match.adsby.bidtheatre.com/rubiconmatch HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=ff39c83c-28be-473d-a3d9-3a4d1b443f27
Request Chain 786
  • https://ssbsync.smartadserver.com/api/sync?callerId=87 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=333994&nid=4804&put=3981457661995574850&gdpr=0&gdpr_consent=
Request Chain 788
  • https://sync.adotmob.com/cookie/rubicon?r=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D123034%26nid%3D3956%26put%3D%7Buser_token%7D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=123034&nid=3956&put=09e0220400f59e0732446d56&expires=1
Request Chain 789
  • https://i.w55c.net/ping_match.gif?ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=z6CMMpbv1Radsx5&expires=30
Request Chain 790
  • https://pixel.rubiconproject.com/exchange/sync.php?p=17136_2 HTTP 302
  • https://sync.ex.co/v1/setuid?bidder=rubicon&gdpr=&gdpr_consent=&uid=LPR8DL2L-T-DLWH
Request Chain 791
  • https://onetag-sys.com/match/?int_id=4 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
Request Chain 792
  • https://rcp.c.appier.net/rbcm HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=EMvSzQz9D-mSJ5-s_RZuZQ&expires=365
Request Chain 794
  • https://p.rfihub.com/cm?in=1&pub=64 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=7906858919413668267&expires=30
Request Chain 795
  • https://beacon.lynx.cognitivlabs.com/rb.gif HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=711370&nid=5504&put=d7e1bc70-f5f0-418d-bc56-4aaa60fb768d&expires=365&next=https%3A%2F%2Fbeacon.lynx.cognitivlabs.com%2Fpixel%3Ftype%3Dsync%26source%3Drubicon%26inventory_source%3D0 HTTP 302
  • https://beacon.lynx.cognitivlabs.com/pixel?type=sync&source=rubicon&inventory_source=0 HTTP 302
  • https://pixel.rubiconproject.com/token?pid=49038&puid=d7e1bc70-f5f0-418d-bc56-4aaa60fb768d
Request Chain 796
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16466 HTTP 302
  • https://usync.vrtcal.com/o?xs=1624&did=LPR8DL2L-T-DLWH
Request Chain 797
  • https://dmp.brand-display.com/cm/api/rubicon HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=d8ca1d57-29b0-4822-d05dae45
Request Chain 798
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D32128%26nid%3D2915%26put%3D[sas_uid] HTTP 302
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1
Request Chain 799
  • https://tg.socdm.com/rtb/sync?proto=rubicon HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=71722&nid=3668&expires=30&put=ZW4W-sCo8YUAAAvxvIIAAAAA
Request Chain 800
  • https://x.bidswitch.net/sync?ssp=rubicon HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=rubicon HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Drubicon%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Drubicon%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D&crf=1&rts=-6261487514369610567 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=85a25f30-e856-5252-b3db-2d7fd6b53b81&ssp=rubicon&expires=30&user_group=1&gdpr=&gdpr_consent= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=15796&nid=2760&put=c6a8b66f-d263-492f-accc-1edd69afe757&expires=30&gdpr=&gdpr_consent=&us_privacy=
Request Chain 801
  • https://s.company-target.com/s/rp HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=1181926&nid=5578&put=88103294-abc9-46a3-b8f5-2c09d3dc426f
Request Chain 802
  • https://um4.eqads.com/um/rc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=11598&nid=2494&put=ade846ba-9bf0-4b1f-988b-59fb34709c80&expires=30
Request Chain 803
  • https://cm.smadex.com/sync?sm_p=rbc&sm_r=rbc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=daca6e25-4d7e-405d-a5ef-dcc927b4a4be&expires=30
Request Chain 804
  • https://sid.storygize.net/ccm/729e4e94-63c3-438d-8ce4-184eb34e703f HTTP 302
  • https://sid.storygize.net/csr?r=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D1172318%26nid%3D5570%26put%3Dd3494986-1339-4ecd-b8f4-62bde4566eaa HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=1172318&nid=5570&put=d3494986-1339-4ecd-b8f4-62bde4566eaa
Request Chain 829
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=34D7C5A02BAF4806B977FE64D6864E50&RedC=c.clarity.ms&MXFR=1A2AB685B61B631B032CA558B21B6DF4 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=34D7C5A02BAF4806B977FE64D6864E50&MUID=1FB505823A2B6E8703A4165F3BA06FD8
Request Chain 834
  • https://a.clickcertain.com/px/ta/?ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP 302
  • https://a.clickcertain.com/px/ta/?done=true&ta_id=36d82815-46be-4df1-ba62-33690484b7eb
Request Chain 835
  • https://a.usbrowserspeed.com/cs?puid=9f1f26af-8e3d-5568-82fe-90322a6f4c6d&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2ft%2f%3fdone%3dtrue%26rid%3d795948ce%2d4728%2d4ce7%2daa2e%2de7d7ff95f2f3%26uid%3d%24%7bDEVICE_ID%7d%26hem%3d%24%7bHEM_SHA256_LOWERCASE%7d HTTP 302
  • https://a.clickcertain.com/px/t/?done=true&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&uid=ad58545a-5607-4824-beac-19820e72458e&hem=
Request Chain 838
  • https://a.clickcertain.com/px/r/?ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b HTTP 302
  • https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253d390f724b%25252d8c59%25252d4bcd%25252dbc80%25252ddd3a9c030e7b%252526anx_uId%25253d%252524UID HTTP 303
  • https://a.clickcertain.com/px/li/?ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253d390f724b%25252d8c59%25252d4bcd%25252dbc80%25252ddd3a9c030e7b%252526anx_uId%25253d%252524UID HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3d390f724b%2d8c59%2d4bcd%2dbc80%2ddd3a9c030e7b%26anx_uId%3d%24UID

845 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request words-of-wonders-ad-supported-5491287
www.theepochtimes.com/epochfun/ 		249 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Next.js
Resource Hash
becc0343edc314cec6d7160694843ef7f82628f4d6400c3876a1d7e403f6c4e2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
EXPIRED
cf-ray
83060736eda83649-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 04 Dec 2023 18:14:18 GMT
last-modified
Mon, 04 Dec 2023 01:20:35 GMT
server
cloudflare
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url, Accept-Encoding
x-powered-by
Next.js
0e4fe491bf84089c-s.p.woff2
www.theepochtimes.com/_next/static/media/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/media/0e4fe491bf84089c-s.p.woff2
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

Request headers

Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Origin
https://www.theepochtimes.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:41 GMT
server
cloudflare
age
277
etag
"6569101d-2b20"
vary
Accept-Encoding
content-type
font/woff2
accept-ranges
bytes
cf-ray
8306073b4b133649-FRA
content-length
11040
6bb7340ca2af5689-s.p.woff2
www.theepochtimes.com/_next/static/media/ 		169 KB
169 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/media/6bb7340ca2af5689-s.p.woff2
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85b0a6b7e1a39cfab0b46283acb187039816c087dba5d16b7e64f78ee59a1137

Request headers

Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Origin
https://www.theepochtimes.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:41 GMT
server
cloudflare
age
544
etag
"6569101d-2a2f0"
vary
Accept-Encoding
content-type
font/woff2
accept-ranges
bytes
cf-ray
8306073b4b163649-FRA
content-length
172784
934c4b7cb736f2a3-s.p.woff2
www.theepochtimes.com/_next/static/media/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/media/934c4b7cb736f2a3-s.p.woff2
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Origin
https://www.theepochtimes.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
544
etag
"65691019-2b14"
vary
Accept-Encoding
content-type
font/woff2
accept-ranges
bytes
cf-ray
8306073b4b1a3649-FRA
content-length
11028
9abce57f69036a9f-s.p.woff2
www.theepochtimes.com/_next/static/media/ 		117 KB
117 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/media/9abce57f69036a9f-s.p.woff2
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4551991444bea767a97af5120479bd3b786c29a14498dc3e13a8ea3a029dced

Request headers

Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Origin
https://www.theepochtimes.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
age
544
etag
"65691020-1d45c"
vary
Accept-Encoding
content-type
font/woff2
accept-ranges
bytes
cf-ray
8306073b4b1d3649-FRA
content-length
119900
a6e3ff88ba120a98.css
www.theepochtimes.com/_next/static/css/ 		204 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/css/a6e3ff88ba120a98.css
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
527b790b30ba9ff568eb63074cbc482755e26f8a2924da414e1386c5961bf386

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
age
60
etag
W/"65691020-330a4"
vary
Accept-Encoding
content-type
text/css
cf-ray
8306073b3b0c3649-FRA
b8604733e03d8f28.css
www.theepochtimes.com/_next/static/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/css/b8604733e03d8f28.css
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4fbdb5935b28450589b76b53bb1c5d0234d14de6b66173ffc6e38b91d1b1db3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
etag
W/"65691020-d13"
vary
Accept-Encoding
content-type
text/css
cf-ray
8306073b4b0f3649-FRA
53fa15469dc309b1.css
www.theepochtimes.com/_next/static/css/ 		2 KB
652 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/css/53fa15469dc309b1.css
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16ca3aa97c894d331e7f3dadaee8f7ac8a66a30fc1f85c877bdca4cd911ef520

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:41 GMT
server
cloudflare
age
393
etag
W/"6569101d-851"
vary
Accept-Encoding
content-type
text/css
cf-ray
8306073b4b123649-FRA
webpack-d6ab08ab1fe76cd2.js
www.theepochtimes.com/_next/static/chunks/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c495be177a73032ce426e08423b5e3a8c1d4e881a15af772126a82fb0514c698

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:40 GMT
server
cloudflare
age
277
etag
W/"6569101c-13ab"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073b4b213649-FRA
1dd3208c-0d71712ce0edec8f.js
www.theepochtimes.com/_next/static/chunks/ 		157 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/1dd3208c-0d71712ce0edec8f.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93c87f976cf92a16c0de1912a209b8a1d5e85fe70057222b149f4b3852ebeaed

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:40 GMT
server
cloudflare
age
60
etag
W/"6569101c-27404"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073b4b233649-FRA
3575-2d836e85a2302404.js
www.theepochtimes.com/_next/static/chunks/ 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/3575-2d836e85a2302404.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d94f1a39acfe37b82ee50c1db98885a2fca89e81ca7850294df2dbde1f76972c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
544
etag
W/"65691019-18d9d"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073b4b263649-FRA
main-app-8802373399b59a02.js
www.theepochtimes.com/_next/static/chunks/ 		429 B
293 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/main-app-8802373399b59a02.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad5f6dda15141642e04d54d4ef048c6be955d9adcc5fb4a9704674c9ec71c356

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:40 GMT
server
cloudflare
age
277
etag
W/"6569101c-1ad"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073b5b3d3649-FRA
grumi-ip.js
rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:b000:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ccf7b12ecc8e9e8ffdde253ba24560e0b8742463ad4868c7659fc90968ffcb3a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:36:06 GMT
x-amz-version-id
XHKJxLIyRvnhzGSgMnr2SKD4F8gK0HK7
content-encoding
br
last-modified
Thu, 09 Nov 2023 17:31:54 GMT
server
AmazonS3
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P2
etag
W/"4c4f4bf824d2aa120a5e0b665b4c9828"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=14400, stale-while-revalidate=14400, immutable
age
2293
x-amz-cf-id
ZwovgU8eVaI3I9013Yx4SjPQ6hziDM2vqNjhKhKpzBAHJ5DzQ2sfHA==
polyfill.min.js
polyfill.io/v3/ 		101 B
620 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?features=Intl%2CResizeObserver%2CIntersectionObserver
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 04 Dec 2023 18:14:18 GMT
age
430336
detected-user-agent
Chrome/89.0.4389
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=3
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
120
referrer-policy
origin-when-cross-origin
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
normalized-user-agent
chrome/89.0.0
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges
bytes
timing-allow-origin
*
polyfill.min.js
unpkg.com/web-streams-polyfill@3.2.1/dist/
Redirect Chain
  • https://unpkg.com/web-streams-polyfill/dist/polyfill.min.js
  • https://unpkg.com/web-streams-polyfill@3.2.1/dist/polyfill.min.js
59 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/web-streams-polyfill@3.2.1/dist/polyfill.min.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Server
2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e3530366f481c19813abb79fd15cdc5b45dbbc276401cbde7c4bf283b75a114
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
387631
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HGFEXQPV6X4A6JFBSC0F16R0-fra
server
cloudflare
etag
W/"ec4a-HUydLHWFwqUMHRHMwTGDjElD3/c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
8306073bb8733653-FRA

Redirect headers

date
Mon, 04 Dec 2023 18:14:18 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01HGV0CZM0C3TGV00PD76BHB3G-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
214
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/web-streams-polyfill@3.2.1/dist/polyfill.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
8306073b88383653-FRA
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		91 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1719a79d87460283cef710ab72a612801cc9a503b3ed7dae6dfec06d0c9f82d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29958
x-xss-protection
0
server
cafe
etag
567 / 19695 / m202311280101 / config-hash: 11492790553832686462
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:18 GMT
prebid.js
www.theepochtimes.com/assets/themes/eet/js/ 		283 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61b459cc9bf965b73d8b86b4b8da20b0f019b14dcdcc33ff8909920d0f22eb32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 29 Nov 2023 22:40:10 GMT
server
cloudflare
x-microcachable
0
age
60
etag
W/"6567bdca-46db6"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cf-ray
8306073b5b3f3649-FRA
x-device
desktop
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/ 		280 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-RD0QM5H02Q
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
76c8bdf4e138d8308992ba5c68f2d7360a2d1c3929e1b7961a8d38b7da738b11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94401
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 04 Dec 2023 18:14:18 GMT
api.bundle.js
subs.theepochtimes.com/lib/ 		368 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
b7123bf5d1742985950f5f6ab3845907263a91e175527eb11baae5f45c3735a9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 03 Nov 2023 19:11:33 GMT
server
nginx/1.20.1
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
max-age=3600, public, no-transform
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 04 Dec 2023 19:14:18 GMT
epoch_mparticle.min.js
services.epoch.cloud/public-labs/epoch-ai/mparticle/built/ 		247 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.epoch.cloud/public-labs/epoch-ai/mparticle/built/epoch_mparticle.min.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f9e9f54941fbfd8d6a65eac64b8f95e2aeacb16e5fda7a1403a9f24c2f4d0cb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 04 Dec 2023 13:40:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1772
etag
W/"656dd6de-3db7a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2ZFDS2xIUjJu1eERbqpEe9WttWlOo0I3kq87rD22Iu%2BKcCh%2FuE0ILAGnf6Cx9NdUncMXAWXrbz%2FLjeE2Qk9aggMJn0mpdtCE5BTa6kmcdCv7AMbtnzcpjcL3u0%2FuhN3nOhj1g1PQ092ZN26PE10D6WOEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
8306073b9d5f5c1a-FRA
alt-svc
h3=":443"; ma=86400
template.css
subs.theepochtimes.com/lib/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/lib/template.css
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
2f009a44aa057e608440849ba7d59135c178393165207fb8268d1680f9365b5b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 03 Nov 2023 19:11:33 GMT
server
nginx/1.20.1
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
max-age=3600, public, no-transform
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1242
expires
Mon, 04 Dec 2023 19:14:18 GMT
email-decode.min.js
www.theepochtimes.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
830 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 28 Nov 2023 16:06:21 GMT
server
cloudflare
etag
W/"65660ffd-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
8306073b5b423649-FRA
expires
Wed, 06 Dec 2023 18:14:18 GMT
/
html5.gamedistribution.com/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame D105 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/c8ba1cb2f23d40b5a19fd606fcc3e50b/?gd_sdk_referrer_url=https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287/&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.23.1 / Express
Resource Hash
d31a5605e7c96eb9d44d6301a42fb3a89953b0a804f7ac49b1eabdfddd86544d

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

access-control-allow-origin
*
age
69005
cache-control
public, max-age 3600
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 03 Dec 2023 23:04:13 GMT
etag
W/"1adf-3PBzgcSAmC2iz+4juu3W6Wq25z8"
server
nginx/1.23.1
vary
Accept-Encoding
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
x-amz-cf-id
fMlfVintVurz3RPSsEG8A-aMveNyo83UvobxlZ1BkNX_TOFsRdrmfA==
x-amz-cf-pop
DUS51-P1
x-cache
Hit from cloudfront
x-powered-by
Express
menuSearch.9968d4ed.svg
www.theepochtimes.com/_next/static/media/ 		685 B
386 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.theepochtimes.com/_next/static/media/menuSearch.9968d4ed.svg
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e5fbbe10f708bf6bbcc9d5d91e7209391cf9798e3ac144d3dd3db2c2e698309

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
age
346
etag
W/"65691020-2ad"
vary
Accept-Encoding
content-type
image/svg+xml
cf-ray
8306073e4fa83649-FRA
logo.32553ed2.svg
www.theepochtimes.com/_next/static/media/ 		16 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.theepochtimes.com/_next/static/media/logo.32553ed2.svg
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86ec2da6a4b0444953187ebca1373c7eee98813073fd5ce9046739d006220e5d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
age
345
etag
W/"65691020-3f08"
vary
Accept-Encoding
content-type
image/svg+xml
cf-ray
8306073e4faa3649-FRA
image
www.theepochtimes.com/_next/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.theepochtimes.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2FEpochFun_logo.bbb08190.png&w=640&q=75
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c9d20a82bcd631dba5fb5a9c1dbc507baf559da09375e65b8870a328fc6e470
Security Headers
Name Value
Content-Security-Policy script-src 'none'; frame-src 'none'; sandbox;

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-security-policy
script-src 'none'; frame-src 'none'; sandbox;
cf-cache-status
EXPIRED
server
cloudflare
etag
LJ0gqCvNYx26X7WpwdvFB7r1WdoJN15luIcKMo-G5HA=
vary
Accept, Accept-Encoding
content-type
image/webp
x-nextjs-cache
HIT
cache-control
public, max-age=315360000, immutable
content-disposition
inline; filename="EpochFun_logo.webp"
accept-ranges
bytes
cf-ray
8306073e4fac3649-FRA
content-length
4408
copy_link.1f77f7a1.svg
www.theepochtimes.com/_next/static/media/ 		591 B
432 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.theepochtimes.com/_next/static/media/copy_link.1f77f7a1.svg
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26596e242c76558f8085c3d3a634ff993bc7ff98cdfb6d322bb7698c420e6bfe

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:34 GMT
server
cloudflare
age
132
etag
W/"65691016-24f"
vary
Accept-Encoding
content-type
image/svg+xml
cf-ray
8306073e4fad3649-FRA
facebook_icon.abf2c2c3.svg
www.theepochtimes.com/_next/static/media/ 		617 B
439 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.theepochtimes.com/_next/static/media/facebook_icon.abf2c2c3.svg
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3bccf2ba4483214a64dd5d4222b45ae474f5d51bbc50bc80e7c78445e621772

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:41 GMT
server
cloudflare
age
345
etag
W/"6569101d-269"
vary
Accept-Encoding
content-type
image/svg+xml
cf-ray
8306073e4fae3649-FRA
x.772c500c.svg
www.theepochtimes.com/_next/static/media/ 		650 B
498 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.theepochtimes.com/_next/static/media/x.772c500c.svg
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c79b952455a77dfa6e4dbf3474e887a4a6cccf285881103803651bf408b4b16a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:41 GMT
server
cloudflare
age
392
etag
W/"6569101d-28a"
vary
Accept-Encoding
content-type
image/svg+xml
cf-ray
8306073e4faf3649-FRA
image
www.theepochtimes.com/_next/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.theepochtimes.com/_next/image?url=%2F_next%2Fstatic%2Fmedia%2FEET_footer.d4ea1157.png&w=384&q=75
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a63d5248095b6078fd95a59c270efae7d1cc086d9911533010bfd6555482f96
Security Headers
Name Value
Content-Security-Policy script-src 'none'; frame-src 'none'; sandbox;

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-security-policy
script-src 'none'; frame-src 'none'; sandbox;
cf-cache-status
EXPIRED
server
cloudflare
etag
mmPVJICVtgeP2VpZwnDvrn0cwIbZkRUzAQv9ZVVIL5Y=
vary
Accept, Accept-Encoding
content-type
image/webp
x-nextjs-cache
HIT
cache-control
public, max-age=315360000, immutable
content-disposition
inline; filename="EET_footer.webp"
accept-ranges
bytes
cf-ray
8306073e6fd33649-FRA
content-length
3846
668f0bba-02f16f3e7b11d0d2.js
www.theepochtimes.com/_next/static/chunks/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/668f0bba-02f16f3e7b11d0d2.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d08110fb32a9fa5e161050a13a7980c6db1bdfedbd3a09ea2b263c8520faa7f6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:33 GMT
server
cloudflare
age
276
etag
W/"65691015-152b4"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7fe53649-FRA
7733-6b6104fa142964f8.js
www.theepochtimes.com/_next/static/chunks/ 		52 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/7733-6b6104fa142964f8.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a87f96548ae2936dc87f72332fd88ca3cf7989e6b327d749ea5c378c2f1c6e0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:33 GMT
server
cloudflare
age
276
etag
W/"65691015-d1d9"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7fe73649-FRA
7921-ca8ca4f34e556815.js
www.theepochtimes.com/_next/static/chunks/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/7921-ca8ca4f34e556815.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d86b5ff40546e3a2ba79df35d4f926b43b145f3b84619df160fc5f1ff307633

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
276
etag
W/"65691019-488a"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7fed3649-FRA
8302-fee83ca9f04bd764.js
www.theepochtimes.com/_next/static/chunks/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/8302-fee83ca9f04bd764.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85526a1f718fba197ba6c3bcbb062fbe6e0aa4dbff573484548218fa2eb43185

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:33 GMT
server
cloudflare
age
276
etag
W/"65691015-2abc"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7fef3649-FRA
5684-0c8b4c954f662381.js
www.theepochtimes.com/_next/static/chunks/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/5684-0c8b4c954f662381.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bade9777ab933b6324666fedee893c4382b7ec482a10584ac9dd89a0fde3f768

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
276
etag
W/"65691019-1876"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7ff23649-FRA
2868-d101d4f7ac2b5365.js
www.theepochtimes.com/_next/static/chunks/ 		66 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/2868-d101d4f7ac2b5365.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
467e60591f4bc28a37191e696b2306d64bf62e09e66ff245029dc5e78d9ea2cb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
age
276
etag
W/"65691020-10922"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7ff63649-FRA
917-18326fd5c46a872c.js
www.theepochtimes.com/_next/static/chunks/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/917-18326fd5c46a872c.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb8f562b96a012eb6a42cb988b1a4ca6cb7d0207039d326881e41507cf9dde06

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:40 GMT
server
cloudflare
age
276
etag
W/"6569101c-4671"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7ff83649-FRA
9198-bd693defb63e2fb2.js
www.theepochtimes.com/_next/static/chunks/ 		197 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/9198-bd693defb63e2fb2.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2613a62b709a54323bf7b71585ba6a526c80fd905b3f6373411421116d530062

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:33 GMT
server
cloudflare
age
276
etag
W/"65691015-3122a"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7ffa3649-FRA
4528-3e0c8628f6d1d1a4.js
www.theepochtimes.com/_next/static/chunks/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/4528-3e0c8628f6d1d1a4.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
808843013cc660be8d2cc332d756356537f75e12c07c3c5692194aa3068efc9c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:33 GMT
server
cloudflare
age
276
etag
W/"65691015-2d02"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7ffb3649-FRA
layout-db579a279b7f36d4.js
www.theepochtimes.com/_next/static/chunks/app/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/app/layout-db579a279b7f36d4.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc608c825b8be3e95e1d718fdfe935654296c1911a3481b23b092274cebb3980

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:33 GMT
server
cloudflare
age
276
etag
W/"65691015-2929"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e7ffc3649-FRA
6553-96f8b4e8332835b6.js
www.theepochtimes.com/_next/static/chunks/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/6553-96f8b4e8332835b6.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
064d7b833644dd282e4ab3ea2f965d8ec8d4cd6db6ab74c19d0e93df5bb6e823

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
276
etag
W/"65691019-41b5"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e78003649-FRA
5704-01f8a6fd6b337147.js
www.theepochtimes.com/_next/static/chunks/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/5704-01f8a6fd6b337147.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58255daa744ee7478e21dd58b685345e4f76d95522a5ba987c4e73e9281336c5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
276
etag
W/"65691019-32ca"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e78043649-FRA
5883-e98bf51814a383f6.js
www.theepochtimes.com/_next/static/chunks/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/5883-e98bf51814a383f6.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83b1c226ddee3a6b6f78e8a3d84d9cf590a157642b0da6db5917b4adb9f4f162

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:40 GMT
server
cloudflare
age
276
etag
W/"6569101c-5c43"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e78083649-FRA
219-429aa3d853996862.js
www.theepochtimes.com/_next/static/chunks/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/219-429aa3d853996862.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
978d3ba4801394114df599b7401282e1e0ada60a155273078581c747c985dfaa

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:33 GMT
server
cloudflare
age
276
etag
W/"65691015-484a"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e780b3649-FRA
2153-bf6892a9f0e080a9.js
www.theepochtimes.com/_next/static/chunks/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/2153-bf6892a9f0e080a9.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17f2247187f061874be16de00e3233441b11007600c97d85426f0f2758dd1064

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
21
etag
W/"65691019-3f00"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e880f3649-FRA
layout-849bd54a0a16f209.js
www.theepochtimes.com/_next/static/chunks/app/(featured-category)/ 		196 B
240 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/app/(featured-category)/layout-849bd54a0a16f209.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b5852a5b24864ae3a0ff575c083bdaba8af42d3c26622c00780828cce25172a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
21
etag
W/"65691019-c4"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88113649-FRA
1871-674dfdb3ab3673a3.js
www.theepochtimes.com/_next/static/chunks/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/1871-674dfdb3ab3673a3.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7561ec2dc82f7edac7a440ad46f72c7b09bc8f6c75a14f1ba391de945da9cb2f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
age
21
etag
W/"65691020-4c20"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88133649-FRA
layout-db8fb03cb0893733.js
www.theepochtimes.com/_next/static/chunks/app/epochfun/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/app/epochfun/layout-db8fb03cb0893733.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc48024d6ab3f5dbb711477fbc5145950dc85465dd85773e3cacfbed8107ffe3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
last-modified
Thu, 30 Nov 2023 22:43:40 GMT
server
cloudflare
etag
W/"6569101c-2585"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88153649-FRA
page-54472f902f368264.js
www.theepochtimes.com/_next/static/chunks/app/epochfun/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/app/epochfun/page-54472f902f368264.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6acd836f00f9e42efa7c285db835db0c17ade97c7ced02bbf616a39e10c69bc2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
last-modified
Thu, 30 Nov 2023 22:43:44 GMT
server
cloudflare
etag
W/"65691020-20b3"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88163649-FRA
931-c785358ff576a023.js
www.theepochtimes.com/_next/static/chunks/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/931-c785358ff576a023.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2217ed3c72b72b9496411a601e38bb2dc1520f0cbd840576541e1ef89a3eb730

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
276
etag
W/"65691019-1de9"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88183649-FRA
6635-aaa70223b4b75abd.js
www.theepochtimes.com/_next/static/chunks/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/6635-aaa70223b4b75abd.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30ee8dc4920b2dca6621737d57c70ab1dff3b54c52001d9488d2cf048c99c3c3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
276
etag
W/"65691019-53a6"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88193649-FRA
526-2d7a455c86813dde.js
www.theepochtimes.com/_next/static/chunks/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/526-2d7a455c86813dde.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46b2a642f1a5f4f742095269fbd3446aecf316d36e72e1e69abd9c6d80c43b71

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
392
etag
W/"65691019-3cfc"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88253649-FRA
page-898250f63018c7fa.js
www.theepochtimes.com/_next/static/chunks/app/epochfun/%5Burl%5D/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.theepochtimes.com/_next/static/chunks/app/epochfun/%5Burl%5D/page-898250f63018c7fa.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/webpack-d6ab08ab1fe76cd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:9e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1878d65f685395d69cf83126e577ddfe70ef6a992c9595385b14b6cff779d87

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 30 Nov 2023 22:43:37 GMT
server
cloudflare
age
393
etag
W/"65691019-1e5c"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8306073e88263649-FRA
main.min.js
html5.api.gamedistribution.com/ Frame D105 		509 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.api.gamedistribution.com/main.min.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/c8ba1cb2f23d40b5a19fd606fcc3e50b/?gd_sdk_referrer_url=https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287/&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-37.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e30c59b1f56c36a80c2f7784ab15ea34eec032869f5595645c0bdf065c7c6b89

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:02:51 GMT
content-encoding
br
via
1.1 b17dca9c320b96e12b996848d121ffe4.cloudfront.net (CloudFront)
last-modified
Thu, 23 Nov 2023 08:28:51 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P2
age
55020
x-amz-server-side-encryption
AES256
etag
W/"64fa9d3116b65c5ab1f61d91830ad6fd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
no-cache
x-amz-cf-id
3ykzzHCc6p_TF5gSrSw4ItiI0aQKcExlQaPLzDU9d4L8nOe5g7rO6g==
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.loading&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoxLCJhcmdzIjp7Im1lc3NhZ2UiOiJsb2FkaW5nIn0sInR0bGUiOiJXb3JkcyBvZiBXb25kZXJzIiwic2l6ZSI6IjEwODggeCA4MzIiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6dHJ1ZSwiaWVndSI6dHJ1ZSwiaXRndSI6ZmFsc2UsImNtcGUiOmZhbHNlLCJob3N0IjoiaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20ifV0%3D&ts=1701713658950
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
/
game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame D105 		4 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/?domain=theepochtimes.com&v=1.36.3&localTime=19
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
7aec24da00fa42f92101889621acc9571dd817a405d61c90d7a1fd0b2e8e836e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
cache-control
private, max-age 3600
x-powered-by
Express
content-length
3878
etag
W/"f26-jOukRCu43I+BbonKtznZkvPXsJE"
content-type
application/json; charset=utf-8
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
153 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.loading&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoyLCJhcmdzIjp7Im1lc3NhZ2UiOiJsb2FkaW5nIn0sInR0bGUiOiJXb3JkcyBvZiBXb25kZXJzIiwic2l6ZSI6IjEwODggeCA4MzIiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6dHJ1ZSwiaWVndSI6dHJ1ZSwiaXRndSI6ZmFsc2UsImNtcGUiOmZhbHNlLCJob3N0IjoiaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20ifV0%3D&ts=1701713658952
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
/
game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame D105 		4 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/?domain=theepochtimes.com&v=1.36.3&localTime=19
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
a689b152f54d822bab4e2373e3142e04bc78d2b6e83f69c890f699f05d72f1b9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
cache-control
private, max-age 3600
x-powered-by
Express
content-length
3877
etag
W/"f25-FntdMwtQl/4xcw3CKJayNdZZmso"
content-type
application/json; charset=utf-8
region
pwe.epochbase.com/ 		190 B
388 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pwe.epochbase.com/region?siteId=www.theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/917-18326fd5c46a872c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.110.129.224 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
224.129.110.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
b02d71564678eb49636941abe2cc2230bc1a7d6578d5d0de066627dac5a31e6f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
190
gtm.js
www.googletagmanager.com/ 		272 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5Z8H4H
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
55f6ea1d2c1d7e062b587d1b9447b295fb80313c584d18cc4ec89cf5528a23e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94417
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 04 Dec 2023 18:14:19 GMT
grumi.js
rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/ 		222 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:b000:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0ab00d638ea969f39da82f58bc8724b92bcf747b275cdd90548b818211527616

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:35:29 GMT
x-amz-version-id
AueqzGVqi8TbIIGsmFOlCT2lfUu.z3JY
content-encoding
br
last-modified
Mon, 04 Dec 2023 17:32:43 GMT
server
AmazonS3
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P2
etag
W/"32c6f95e8b517cd9e0006f074acc8a20"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age
2331
x-amz-cf-id
RpJhRYNLud0GIGZI1Pezt9StB4HMSQX2CmqTpWa6dl58UNA5eOruFA==
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311280101/ 		432 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311280101/pubads_impl.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7e071e5b39d13cef80f7a46d854de133fd73c15d1351ebcf7e1f1b48821e7aeb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:44:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
1762
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138259
x-xss-protection
0
server
cafe
etag
16445146976575771301
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 03 Dec 2024 17:44:57 GMT
hb
hb.undertone.com/ 		0
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=3017&domain=theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-13.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 8080d8bfc581f6befaaa7736f6d0003e.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://www.theepochtimes.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
N3JBHa6ci9i0YcPc_oO9q0lhfSsYNNSkIq_qFzFDvYNJJM2BjG1ttQ==
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		179 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&CanonicalUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&PublisherDomain=https%3A%2F%2Fwww.theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.121.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-121-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
1f66777c58f2d28ec361c98f81552ace8fe0a65c5ebc86835c5563b843c3a242
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
kong/2.8.4
x-content-type-options
nosniff
x-kong-proxy-latency
0
p3p
CP="CAO PSA OUR"
x-kong-upstream-latency
109
content-length
179
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
prebid
exchange.postrelease.com/ 		0
396 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://exchange.postrelease.com/prebid?ntv_pb_rid=5cabf8ce201104&ntv_ppc=eyJhZFVuaXRzIjpbeyJhZFVuaXRDb2RlIjoiZ2FtZV90b3BfYWRfNzI4eDkwIiwibWVkaWFUeXBlcyI6eyJiYW5uZXIiOnsic2l6ZXMiOltbOTcwLDI1MF0sWzk3MCw5MF0sWzcyOCw5MF1dfX19XX0=&ntv_dbr=eyJnYW1lX3RvcF9hZF83Mjh4OTAiOjB9&ntv_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.85.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-85-239.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
server
nginx/1.12.2
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
content-length
20
expires
Mon, 1 Jan 1990 12:00:00 GMT
/
colossusssp.com/ 		2 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.132 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:19 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
prebid-request
onetag-sys.com/ 		15 B
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
hb-mm-multi
hb.minutemedia-prebid.com/ 		105 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.249.240.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
c2dfa9476e58f6ca4d283096ec9b6a21d68420f7ad3d1a8456b20ec02d10c973

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
server
istio-envoy
x-reason
maxmind anonymous
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.theepochtimes.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
8
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
prebid
exchange.postrelease.com/ 		0
396 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://exchange.postrelease.com/prebid?ntv_pb_rid=13e75e90bd04265&ntv_ppc=eyJhZFVuaXRzIjpbeyJhZFVuaXRDb2RlIjoiZ2FtZV90b3BfYWRfMzAweDI1MCIsIm1lZGlhVHlwZXMiOnsiYmFubmVyIjp7InNpemVzIjpbWzMwMCwyNTBdXX19fV19&ntv_dbr=eyJnYW1lX3RvcF9hZF83Mjh4OTAiOjAsImdhbWVfdG9wX2FkXzMwMHgyNTAiOjB9&ntv_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.85.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-85-239.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
server
nginx/1.12.2
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
content-length
20
expires
Mon, 1 Jan 1990 12:00:00 GMT
/
colossusssp.com/ 		2 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.132 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:19 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
prebid-request
onetag-sys.com/ 		15 B
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		180 B
703 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&CanonicalUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&PublisherDomain=https%3A%2F%2Fwww.theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.121.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-121-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
111db277d17dc8e2d641115a3eccc3e6f8bb56afb3f22bd7a3f12e0c8326940a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
kong/2.8.4
x-content-type-options
nosniff
x-kong-proxy-latency
0
p3p
CP="CAO PSA OUR"
x-kong-upstream-latency
127
content-length
180
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
hb
hb.undertone.com/ 		0
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=3017&domain=theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-13.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 8080d8bfc581f6befaaa7736f6d0003e.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://www.theepochtimes.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
hHdrv9fSwVLt_Q0d4C3vTbZWx4IXrpMDjGht-Tmm2yG5YsJ8f1yoqw==
expires
Mon, 26 Jul 1997 05:00:00 GMT
hb-mm-multi
hb.minutemedia-prebid.com/ 		105 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.249.240.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
0581deff543cd06ef72e5a6057135cdbaa97bfe2bd689344b80a02008ce26ef0

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
server
istio-envoy
x-reason
maxmind anonymous
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.theepochtimes.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
prebid
exchange.postrelease.com/ 		0
397 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://exchange.postrelease.com/prebid?ntv_pb_rid=2508a6ff5f021a9&ntv_ppc=eyJhZFVuaXRzIjpbeyJhZFVuaXRDb2RlIjoiZ2FtZV9yaWdodF90b3BfYWRfMzAweDYwMCIsIm1lZGlhVHlwZXMiOnsiYmFubmVyIjp7InNpemVzIjpbWzMwMCwyNTBdLFszMDAsNjAwXV19fX1dfQ==&ntv_dbr=eyJnYW1lX3RvcF9hZF83Mjh4OTAiOjAsImdhbWVfdG9wX2FkXzMwMHgyNTAiOjAsImdhbWVfcmlnaHRfdG9wX2FkXzMwMHg2MDAiOjB9&ntv_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.85.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-85-239.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
server
nginx/1.12.2
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
content-length
20
expires
Mon, 1 Jan 1990 12:00:00 GMT
prebid-request
onetag-sys.com/ 		15 B
418 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
hb-mm-multi
hb.minutemedia-prebid.com/ 		105 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.249.240.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
ae05730591bf219612c3a2d9ef0c3d8f606e3faba6a32250fcfc89da173e1079

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
server
istio-envoy
x-reason
maxmind anonymous
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.theepochtimes.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
8
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
/
colossusssp.com/ 		2 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.132 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:19 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		180 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&CanonicalUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&PublisherDomain=https%3A%2F%2Fwww.theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.121.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-121-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0f8554246ab668cf18c6ee4d4f4a13f1821c43c021a259c5ee00c2681429d9d0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
kong/2.8.4
x-content-type-options
nosniff
x-kong-proxy-latency
1
p3p
CP="CAO PSA OUR"
x-kong-upstream-latency
111
content-length
180
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
hb
hb.undertone.com/ 		0
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=3017&domain=theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-13.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 8080d8bfc581f6befaaa7736f6d0003e.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://www.theepochtimes.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
SmBjQFWQG46s4ELlc1wzQzmpEsA7t1DPKRvuf4B2WtdtOZEK5L284g==
expires
Mon, 26 Jul 1997 05:00:00 GMT
/
colossusssp.com/ 		2 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.132 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:19 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
hb-mm-multi
hb.minutemedia-prebid.com/ 		105 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.249.240.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
a534323a87f0771c4f1e18ddb170b35d4e341a8f2f1c304ce0460133df99f93f

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
server
istio-envoy
x-reason
maxmind anonymous
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.theepochtimes.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
hb
hb.undertone.com/ 		0
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=3017&domain=theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-13.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 8080d8bfc581f6befaaa7736f6d0003e.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://www.theepochtimes.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
VNLPPWOXWPPp5cy8JgDv_YfZWdYZgr6lAAUt9m26o6aAv0PgMlkFKA==
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid-request
onetag-sys.com/ 		15 B
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		180 B
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&CanonicalUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&PublisherDomain=https%3A%2F%2Fwww.theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.121.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-121-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
391e5ff0fdc2640044326480077bb0bbc209efd87363a82d59f2acae156f7263
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
kong/2.8.4
x-content-type-options
nosniff
x-kong-proxy-latency
0
p3p
CP="CAO PSA OUR"
x-kong-upstream-latency
135
content-length
180
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
prebid
exchange.postrelease.com/ 		0
396 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://exchange.postrelease.com/prebid?ntv_pb_rid=4760c3a78ee7da1&ntv_ppc=eyJhZFVuaXRzIjpbeyJhZFVuaXRDb2RlIjoiZ2FtZV9yaWdodF9ib3R0b21fYWRfMzAweDI1MCIsIm1lZGlhVHlwZXMiOnsiYmFubmVyIjp7InNpemVzIjpbWzMwMCwyNTBdXX19fV19&ntv_dbr=eyJnYW1lX3RvcF9hZF83Mjh4OTAiOjAsImdhbWVfdG9wX2FkXzMwMHgyNTAiOjAsImdhbWVfcmlnaHRfdG9wX2FkXzMwMHg2MDAiOjAsImdhbWVfcmlnaHRfYm90dG9tX2FkXzMwMHgyNTAiOjB9&ntv_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.85.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-85-239.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
server
nginx/1.12.2
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
content-length
20
expires
Mon, 1 Jan 1990 12:00:00 GMT
/
comment.youmaker.com/web/v3/ Frame 1ED7 		774 B
739 B 		Document
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/1dd3208c-0d71712ce0edec8f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
5ca92c06dc31883efdd21b50d74cfd8756fa7a312728339494e2298cb40b6a9f

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
app-name
remark
app-version
0.1.2
author
EMG
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 04 Dec 2023 18:14:19 GMT
last-modified
Fri, 20 Oct 2023 19:30:46 GMT
server
nginx/1.20.1
vary
Accept-Encoding
via
1.1 google
x-robots-tag
noindex
collect
region1.analytics.google.com/g/ 		0
258 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-RD0QM5H02Q&gtm=45je3bt0v884763001&_p=1701713659112&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1448343132.1701713659&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1701713659&sct=1&seg=0&dl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&dt=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&en=page_view&_fv=1&_nsi=1&_ss=1&_c=1&_ee=1&ep.eet_page_type=post&ep.all_term_ids=epochfun-137957%3Bjoypass-free-155614%3Bspecial-epoch-games-155638%3Bfree-games-ad-supported-172624%3Bfrontaudio-161329&ep.eet_cat_names=Epoch%20Fun%3BLatest%3BSpecial%3BFree%20Games%20-%20Ad-supported&ep.eet_author_name=Epoch%20Puzzles&ep.eet_primary_category_name=Free%20Games%20-%20Ad-supported&epn.eet_post_id=5491287&tfd=1830
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RD0QM5H02Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
258 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-RD0QM5H02Q&cid=1448343132.1701713659&gtm=45je3bt0v884763001&aip=1&dma=0&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RD0QM5H02Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ch/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RD0QM5H02Q&cid=1448343132.1701713659&gtm=45je3bt0v884763001&aip=1&dma=0&gcd=11l1l1l1l1&z=745344780
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 04 Dec 2023 16:31:38 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6161
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 04 Dec 2023 18:31:38 GMT
geo
subs.theepochtimes.com/rules/ 		121 B
139 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/rules/geo
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
844e564cb40b66b3a845563c7558359ee722e0bf0cf5315aaed1349d5a70d65d

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
121
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.success&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoxLCJhcmdzIjp7Im1lc3NhZ2UiOiJzdWNjZXNzIn0sInR0bGUiOiJXb3JkcyBvZiBXb25kZXJzIiwic2l6ZSI6IjEwODggeCA4MzIiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6dHJ1ZSwiaWVndSI6dHJ1ZSwiaXRndSI6ZmFsc2UsImNtcGUiOmZhbHNlLCJob3N0IjoiaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20ifV0%3D&ts=1701713659202
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.success&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoyLCJhcmdzIjp7Im1lc3NhZ2UiOiJzdWNjZXNzIn0sInR0bGUiOiJXb3JkcyBvZiBXb25kZXJzIiwic2l6ZSI6IjEwODggeCA4MzIiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6dHJ1ZSwiaWVndSI6dHJ1ZSwiaXRndSI6ZmFsc2UsImNtcGUiOmZhbHNlLCJob3N0IjoiaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20ifV0%3D&ts=1701713659205
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/717879253/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/717879253/?random=1701713659231&cv=11&fst=1701713659231&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&auid=908822389.1701713659&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
219c1804e9ddf847c5e9c170d73ac6caaed08dc96243c9c2fdbe560061afee87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/855967303/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/855967303/?random=1701713659236&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&label=HsWbCMacxuUDEMeMlJgD&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&value=0&bttype=purchase&auid=908822389.1701713659&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
f990d729649be8031232ea26fa47393e5c9239c7a7efe4fef61f0b045b5f017b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1678
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
push_notif.js
services.epoch.cloud//public-labs/src/push_notifications/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.epoch.cloud//public-labs/src/push_notifications/push_notif.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0523c13750f634735ff97f98cc6b2d0100bc0aab4d8f703ad3b6952731d7a545

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 17 Sep 2020 15:46:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1882
etag
W/"5f6384bb-18fb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0jmmCllq%2BuUoicK%2BJdUChedoKuJx8pfMzYZDS6AUXJiWU%2Bze9JQBWHBiyKC4YTKIF0RUMoKUrbwXfh5E1kBPkDPPqo9Pyf5u%2BH7N6qJzpH5k5%2FEfp%2F0V2ph2bTwQLu9PyGDxhLFkBYP9Cx6tYHLJWS0rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
830607424ccc5c1a-FRA
alt-svc
h3=":443"; ma=86400
ge.js
s3-us-west-2.amazonaws.com/jsstore/a/5N0H11N/ 		59 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s3-us-west-2.amazonaws.com/jsstore/a/5N0H11N/ge.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.92.164.88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
d20db6c1df31874b999f525e1eb15c5041d7b5b94c7336754c97d72fca64c1f1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:20 GMT
Last-Modified
Tue, 29 Aug 2023 17:44:45 GMT
Server
AmazonS3
x-amz-request-id
ENY9YP9BPYBE0QVH
ETag
"b54fadc7e5991d9914d62a0459bfdf77"
x-amz-server-side-encryption
AES256
Content-Type
application/javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Content-Length
60527
x-amz-id-2
8GycAJfb7AxXTjDKRzSV65Opy+0ne+ZiZ/0f3PUjtkFl/CNDcEIOC/KvVzyMUlM6ivqkKhiQEP8=
Expires
Thu, 28 Sep 2023 17:44:44 GMT
destination
www.googletagmanager.com/gtag/ 		193 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=G-2601429205&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z8H4H
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
721e2fc91b7bb9db69c285702ec27241a35a954df0d64285470f01d9ff04e6a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
72875
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 04 Dec 2023 18:14:19 GMT
b413bf4fa936cc351ac6476e0df69b50.js
clientcdn.pushengage.com/core/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://clientcdn.pushengage.com/core/b413bf4fa936cc351ac6476e0df69b50.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1081 /
Resource Hash

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-cachedat
12/01/2023 16:55:54
cdn-pullzone
1148540
server
BunnyCDN-DE1-1081
cdn-proxyver
1.04
cdn-requestpullcode
403
etag
W/"d4-XcAaV/tWYAkzFEISrPu73u/tTT8"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control
public, max-age=432000
cdn-requestid
475f14661f25054899d8c9380dc07c0b
cdn-requestcountrycode
CH
cdn-status
403
cdn-requestpullsuccess
True
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-2601429205&gtm=45je3bt0z86373291&_p=1701713659112&gcd=11l1l1l1l1&dma=0&cid=1448343132.1701713659&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701713659&sct=1&seg=0&dl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&dt=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&en=Funnel%20%231%20-%20All%20Check%20Out%20Users&_fv=1&_ss=1&tfd=1963
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-2601429205&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/717879253/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/717879253/?random=1701713659231&cv=11&fst=1701712800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&fmt=3&is_vtc=1&cid=CAQSGwDICaaNaofu-x83Y5vWDPZQhTYQXdzXSbcz2w&random=260287818&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ch/pagead/1p-user-list/717879253/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/pagead/1p-user-list/717879253/?random=1701713659231&cv=11&fst=1701712800000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&fmt=3&is_vtc=1&cid=CAQSGwDICaaNaofu-x83Y5vWDPZQhTYQXdzXSbcz2w&random=260287818&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ch/pagead/1p-conversion/855967303/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h...
  • https://www.google.com/pagead/1p-conversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F...
  • https://www.google.ch/pagead/1p-conversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/pagead/1p-conversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&label=HsWbCMacxuUDEMeMlJgD&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&value=0&auid=908822389.1701713659&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0k2MnF3WVEyWXZWbUlpWl9mRm5FaVVBZkloUHNrSU4tZWg0S1dkMHhkbXRxNmNsN215cm52aHA2QlAxY0JOMFFORVJ3RXdfGldDaEFJZ0k2MnF3WVFwdGZCLUxMLWhkbHdFaTBBSDVqUHE1a0tka2FKWmp0OHMzbGhlZnhEM1BwN0lMQXFBY0gwOGFnTFctLTV4bUVId3NROGtGSUNFM0UiEwjOurCxsfaCAxXylf0HHUcEBi8&is_vtc=1&ocp_id=-xZuZY7REvKr9u8Px4iY-AI&cid=CAQSKQDICaaND5II-ECyeBouuKdt37BvLx10_ictLE3JvcTv358rc87Ruzt4&eitems=ChEIgI62qwYQ2cH0ifKD6eG6ARIdALib_KvaDanocuQbgQClwn_7v-SbDSOEoKzXhyM&random=826686558&ipr=y
Protocol
H3
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.ch/pagead/1p-conversion/855967303/?random=883255846&cv=11&fst=1701713659236&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v6373291&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&label=HsWbCMacxuUDEMeMlJgD&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&value=0&auid=908822389.1701713659&uamb=0&uaw=0&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=EkxDaEFJZ0k2MnF3WVEyWXZWbUlpWl9mRm5FaVVBZkloUHNrSU4tZWg0S1dkMHhkbXRxNmNsN215cm52aHA2QlAxY0JOMFFORVJ3RXdfGldDaEFJZ0k2MnF3WVFwdGZCLUxMLWhkbHdFaTBBSDVqUHE1a0tka2FKWmp0OHMzbGhlZnhEM1BwN0lMQXFBY0gwOGFnTFctLTV4bUVId3NROGtGSUNFM0UiEwjOurCxsfaCAxXylf0HHUcEBi8&is_vtc=1&ocp_id=-xZuZY7REvKr9u8Px4iY-AI&cid=CAQSKQDICaaND5II-ECyeBouuKdt37BvLx10_ictLE3JvcTv358rc87Ruzt4&eitems=ChEIgI62qwYQ2cH0ifKD6eG6ARIdALib_KvaDanocuQbgQClwn_7v-SbDSOEoKzXhyM&random=826686558&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
c
ea.epochbase.com/api/pw/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ea.epochbase.com/api/pw/c?tid=P-KDJOIELE2&en=readactivity
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
4.7.168.74 White Haven, United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Origin,Content-Type
access-control-allow-methods
GET, POST, PATCH, OPTIONS, PUT, DELETE
access-control-allow-origin
*
allow
GET, POST, OPTIONS, PUT, DELETE
content-length
0
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
config
mp.theepochtimes.com/tags/JS/v2/us2-c639a6aabfcf124097c91276dd5884fb/ 		8 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.theepochtimes.com/tags/JS/v2/us2-c639a6aabfcf124097c91276dd5884fb/config?env=0&plan_id=eet_data_plan
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/9198-bd693defb63e2fb2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
68a19d9fd419108282e38d70ce90ba9c43a1ceb16873905b2fb40a67c01dc8e5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
age
228
x-origin-name
fastlyshield--shield_ssl_cache_iad_kcgs7200114_IAD
x-cache
HIT, MISS, HIT
content-length
1884
x-served-by
cache-iad-kcgs7200114-IAD, cache-mxp6981-MXP, cache-mxp6978-MXP
server
Kestrel
x-timer
S1701713659.499971,VS0,VE2
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
accept-ranges
bytes
x-cache-hits
29, 0, 1
get
subs.theepochtimes.com/template/ 		185 B
203 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/template/get?tid=signin&sid=www.theepochtimes.com
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
d73f53d60e8d626b9238c3334cff2d2ad92d6228ed6b0131c6e2cf488948ca60

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
185
get
subs.theepochtimes.com/rules/ 		2 MB
246 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/rules/get?sid=www.theepochtimes.com&pid=4c14e06e-dead-4a19-833b-f676ae9d77da
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
d4f1c674b11f02fd36315c1914d77ad84c6df69d298e349a5799d10272c33a56

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.1
vary
Accept-Encoding, Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
c
ea.epochbase.com/api/pw/ 		0
232 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ea.epochbase.com/api/pw/c?tid=P-KDJOIELE2&en=readactivity
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
4.7.168.74 White Haven, United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:20 GMT
server
nginx/1.20.1
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
allow
GET, POST, OPTIONS, PUT, DELETE
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE
main.7036b77e.js
comment.youmaker.com/web/v3/static/js/ Frame 1ED7 		466 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
c34e5d3266ea00298001d8d288f2772c0829a74b54b7687b683a3dcdd91a4d23

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 20 Oct 2023 19:30:46 GMT
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
application/javascript
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
app-version
0.1.2
main.f8b20501.css
comment.youmaker.com/web/v3/static/css/ Frame 1ED7 		300 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/web/v3/static/css/main.f8b20501.css
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
26334b6e9122b102cc66898bceee5be00927575ff5bce29907a7b35a94688f37

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 20 Oct 2023 19:30:46 GMT
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
text/css; charset=utf-8
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
app-version
0.1.2
index.js
pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/ Frame D105
Redirect Chain
  • https://pm.azerioncircle.com/p/locus
  • https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
Protocol
H2
Server
2600:9000:243d:8200:17:cf8d:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b98e1cfd3bc985929ee1cd472cb90f0ea7a35e2d21b9ef36865f93453eed1f4e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 30 Nov 2023 14:40:51 GMT
content-encoding
gzip
via
1.1 864867c878801fa3f01f9149934772e8.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P4
age
358408
x-guploader-uploadid
ABPtcPoFrSZpusd5-O7uBV8oiMe631T4U-U836lzwfv_03TDfWQsAAQbbi79iNgY0CgFbXdkrKc
x-cache
Hit from cloudfront
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
10055
last-modified
Mon, 30 Oct 2023 12:53:05 GMT
server
UploadServer
etag
"ee8f86fc8fa90340ef0bc7ccbc84ce46"
vary
Accept-Encoding
x-goog-generation
1698670385621342
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=gWu7nw==, md5=7o+G/I+pA0DvC8fMvITORg==
access-control-expose-headers
Content-Type, Access-Control-Allow-Origin
cache-control
public, max-age=31536000, immutable
x-goog-stored-content-length
10055
accept-ranges
bytes
x-amz-cf-id
bqRLMPnpJudDt0LJCCWAKyLzgVjd_h3ESgkymFEzwaemDCuWaxMbGw==
expires
Thu, 30 Nov 2023 15:40:51 GMT

Redirect headers

date
Thu, 30 Nov 2023 14:51:14 GMT
via
1.1 864867c878801fa3f01f9149934772e8.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
DUS51-P4
age
357785
vary
Origin
x-cache
Hit from cloudfront
location
https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
content-length
0
x-amz-cf-id
KGbESjcEGyM6-6uFguT2F2T8MxeAAKXRC6wmjJ4OLWnoJObwmHfmPA==
analytics.js
www.google-analytics.com/ Frame D105 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 04 Dec 2023 16:31:38 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6161
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 04 Dec 2023 18:31:38 GMT
gamemonkey-sdk.js
cdn.gamemonkey.org/gamemonkey-sdk-javascript/5.1.1/script/ Frame D105 		52 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.gamemonkey.org/gamemonkey-sdk-javascript/5.1.1/script/gamemonkey-sdk.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-49.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d4f31876d3647b02707b37456236cecc3c652b935f3252233e349b8c62cffc2e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 23:48:13 GMT
content-encoding
gzip
via
1.1 57b1c45cee24c7bbeb8b5420d5868740.cloudfront.net (CloudFront)
last-modified
Thu, 28 Sep 2023 08:39:34 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
66398
x-amz-server-side-encryption
AES256
etag
W/"30db6b18ce39a9e3bfcc24a0863d69e9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
s64WcOfVze1Ye2DFwEUPJWcsVCnhzmUsLOP0cj2X7ji0Gr4lRmMMEg==
dmp
tag.atom.gamedistribution.com/v1/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tag.atom.gamedistribution.com/v1/dmp?ar=eyJ0cCI6ImdkLmxvY2F0aW9uIiwiY3QiOjAsInZycyI6IjEuMzYuMyIsInVybCI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwicmZyIjoiaHR0cHM6Ly93d3cudGhlZXBvY2h0aW1lcy5jb20vIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZHB0aCI6MCwiYXJncyI6eyJnaWQiOiJ3b3Jkcy1vZi13b25kZXJzIiwibWQ1IjoiYzhiYTFjYjJmMjNkNDBiNWExOWZkNjA2ZmNjM2U1MGIiLCJwaWQiOjAsInBubSI6IlRoZSBFcG9jaCBUaW1lcyIsImN0cnkiOiJVUyIsImxjbCI6ImVuIiwiaGxlIjoxLCJhZHMiOjEsImhyZWYiOiJodHRwczovL2h0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tL2M4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiLz9nZF9zZGtfcmVmZXJyZXJfdXJsPWh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvJndpZHRoPTUxMCZoZWlnaHQ9OTAwJmxhbmd1YWdlPWVzJmdkcHItdHJhY2tpbmc9MSZnZHByLXRhcmdldGluZz0xIiwiZGVwdGgiOnsidmFsdWUiOjF9LCJ0b3AiOnsiZG9tYWluIjp7ImZyb20iOiJvcmlnaW5zIiwidmFsdWUiOiJ0aGVlcG9jaHRpbWVzLmNvbSJ9fSwicGFydG5lciI6eyJkb21haW4iOnsidmFsdWUiOiJ0aGVlcG9jaHRpbWVzLmNvbSIsImZyb20iOiJwYXJ0bmVyLXVybCJ9LCJ1cmwiOnsidmFsdWUiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsImZyb20iOiJwYXJ0bmVyLXVybCJ9fX0sInVhIjp7ImJybm0iOiJDaHJvbWUiLCJicnZzIjoiODkuMC40Mzg5LjcyIiwib3NubSI6IldpbmRvd3MiLCJvc3ZzIjoiMTAiLCJ3Ijo5NjAsImgiOjcwNH19
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
no-referrer
x-permitted-cross-domain-policies
none
expect-ct
max-age=0
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-download-options
noopen
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
no-store, no-cache, private
content-length
0
x-xss-protection
0
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame D105 		147 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f134ba40278a9ec46dae45158380d0b99773d3c0ed252d9efa634bda9c0f4526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://html5.gamedistribution.com/
Origin
https://html5.gamedistribution.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51771
x-xss-protection
0
server
cafe
etag
10744962760423277342
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:19 GMT
event
ana.headerlift.com/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ana.headerlift.com/event?page_url=theepochtimes.com&game_id=c8ba1cb2f23d40b5a19fd606fcc3e50b&eventtype=2&ts=1701713659410
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c419 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NllaoDWNbjFwLE5VtwocWQxBgN%2F5cIUORc%2FQrGxC95o4QtZb%2FJ1tLqZI2gApx%2FVHJRm4rqAap23LQnZb8jgv0MKdRGyqGcmrqF4Ov3OfmFhjoEg08%2But3Un7M%2FPI3IOAbNkQF001n%2BnVAfOg4mfGc%2F4%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://html5.gamedistribution.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
83060743bfa7918f-FRA
access-control-allow-headers
*
content-length
0
alt-svc
h3=":443"; ma=86400
dmp
tag.atom.gamedistribution.com/v1/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tag.atom.gamedistribution.com/v1/dmp?ar=eyJ0cCI6ImhsLmNvbmZpZyIsImN0IjowLCJ2cnMiOiIxLjM2LjMiLCJ1cmwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInJmciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tLyIsInRkbW4iOiJ0aGVlcG9jaHRpbWVzLmNvbSIsImRwdGgiOjAsImFyZ3MiOnsiZ2lkIjoid29yZHMtb2Ytd29uZGVycyIsIm1kNSI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwicGlkIjowLCJwbm0iOiJUaGUgRXBvY2ggVGltZXMiLCJjdHJ5IjoiVVMiLCJsY2wiOiJlbiIsImhsZSI6MSwiYWRzIjoxLCJhcmdzIjp7InBhZ2VfdXJsIjoidGhlZXBvY2h0aW1lcy5jb20iLCJnYW1lX2lkIjoiYzhiYTFjYjJmMjNkNDBiNWExOWZkNjA2ZmNjM2U1MGIiLCJldmVudHR5cGUiOjIsInRzIjoxNzAxNzEzNjU5NDEwfSwiaHJlZiI6Imh0dHBzOi8vaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20vYzhiYTFjYjJmMjNkNDBiNWExOWZkNjA2ZmNjM2U1MGIvP2dkX3Nka19yZWZlcnJlcl91cmw9aHR0cHM6Ly93d3cudGhlZXBvY2h0aW1lcy5jb20vZXBvY2hmdW4vd29yZHMtb2Ytd29uZGVycy1hZC1zdXBwb3J0ZWQtNTQ5MTI4Ny8md2lkdGg9NTEwJmhlaWdodD05MDAmbGFuZ3VhZ2U9ZXMmZ2Rwci10cmFja2luZz0xJmdkcHItdGFyZ2V0aW5nPTEiLCJkZXB0aCI6eyJ2YWx1ZSI6MX0sInRvcCI6eyJkb21haW4iOnsiZnJvbSI6Im9yaWdpbnMiLCJ2YWx1ZSI6InRoZWVwb2NodGltZXMuY29tIn19LCJwYXJ0bmVyIjp7ImRvbWFpbiI6eyJ2YWx1ZSI6InRoZWVwb2NodGltZXMuY29tIiwiZnJvbSI6InBhcnRuZXItdXJsIn0sInVybCI6eyJ2YWx1ZSI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwiZnJvbSI6InBhcnRuZXItdXJsIn19LCJwYWdlX3VybCI6InRoZWVwb2NodGltZXMuY29tIiwiZ2FtZV9pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwiZXZlbnR0eXBlIjoyLCJ0cyI6MTcwMTcxMzY1OTQxMH0sInVhIjp7ImJybm0iOiJDaHJvbWUiLCJicnZzIjoiODkuMC40Mzg5LjcyIiwib3NubSI6IldpbmRvd3MiLCJvc3ZzIjoiMTAiLCJ3Ijo5NjAsImgiOjcwNH19
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
no-referrer
x-permitted-cross-domain-policies
none
expect-ct
max-age=0
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-download-options
noopen
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
no-store, no-cache, private
content-length
0
x-xss-protection
0
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.loaded&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImN0cnkiOiJVUyIsImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJwbGF0IjoiIiwidHBjdCI6MSwiYXJncyI6eyJtZXNzYWdlIjoiTm8gQmxvY2tlciJ9LCJ0dGxlIjoiV29yZHMgb2YgV29uZGVycyIsInNpemUiOiI5NjAgeCA3MDQiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6dHJ1ZSwiaWVndSI6dHJ1ZSwiaXRndSI6ZmFsc2UsImNtcGUiOmZhbHNlLCJob3N0IjoiaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20ifV0%3D&ts=1701713659410
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
event
ana.headerlift.com/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ana.headerlift.com/event?page_url=theepochtimes.com&game_id=c8ba1cb2f23d40b5a19fd606fcc3e50b&eventtype=1&ts=1701713659411
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c419 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=of75tqZKLoWt7ndfai9dH%2FBJyCdDaSlliRA2sXs9gpIXXvjZ5n03vQt%2But4vreSoJ%2BTo8HrbnmkYt%2FyXYc0Q1DCkbr5qq6dLNS7b3Ni0LlPtz%2BW8Bx7EncjKdW0yt%2B2%2B6ApH7TuxWuv55YuNlXWoBq0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://html5.gamedistribution.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
83060743bfac918f-FRA
access-control-allow-headers
*
content-length
0
alt-svc
h3=":443"; ma=86400
dmp
tag.atom.gamedistribution.com/v1/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tag.atom.gamedistribution.com/v1/dmp?ar=eyJ0cCI6ImhsLmNvbmZpZyIsImN0IjowLCJ2cnMiOiIxLjM2LjMiLCJ1cmwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInJmciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tLyIsInRkbW4iOiJ0aGVlcG9jaHRpbWVzLmNvbSIsImRwdGgiOjAsImFyZ3MiOnsiZ2lkIjoid29yZHMtb2Ytd29uZGVycyIsIm1kNSI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwicGlkIjowLCJwbm0iOiJUaGUgRXBvY2ggVGltZXMiLCJjdHJ5IjoiVVMiLCJsY2wiOiJlbiIsImhsZSI6MSwiYWRzIjoxLCJhcmdzIjp7InBhZ2VfdXJsIjoidGhlZXBvY2h0aW1lcy5jb20iLCJnYW1lX2lkIjoiYzhiYTFjYjJmMjNkNDBiNWExOWZkNjA2ZmNjM2U1MGIiLCJldmVudHR5cGUiOjEsInRzIjoxNzAxNzEzNjU5NDExfSwiaHJlZiI6Imh0dHBzOi8vaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20vYzhiYTFjYjJmMjNkNDBiNWExOWZkNjA2ZmNjM2U1MGIvP2dkX3Nka19yZWZlcnJlcl91cmw9aHR0cHM6Ly93d3cudGhlZXBvY2h0aW1lcy5jb20vZXBvY2hmdW4vd29yZHMtb2Ytd29uZGVycy1hZC1zdXBwb3J0ZWQtNTQ5MTI4Ny8md2lkdGg9NTEwJmhlaWdodD05MDAmbGFuZ3VhZ2U9ZXMmZ2Rwci10cmFja2luZz0xJmdkcHItdGFyZ2V0aW5nPTEiLCJkZXB0aCI6eyJ2YWx1ZSI6MX0sInRvcCI6eyJkb21haW4iOnsiZnJvbSI6Im9yaWdpbnMiLCJ2YWx1ZSI6InRoZWVwb2NodGltZXMuY29tIn19LCJwYXJ0bmVyIjp7ImRvbWFpbiI6eyJ2YWx1ZSI6InRoZWVwb2NodGltZXMuY29tIiwiZnJvbSI6InBhcnRuZXItdXJsIn0sInVybCI6eyJ2YWx1ZSI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwiZnJvbSI6InBhcnRuZXItdXJsIn19LCJwYWdlX3VybCI6InRoZWVwb2NodGltZXMuY29tIiwiZ2FtZV9pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwiZXZlbnR0eXBlIjoxLCJ0cyI6MTcwMTcxMzY1OTQxMX0sInVhIjp7ImJybm0iOiJDaHJvbWUiLCJicnZzIjoiODkuMC40Mzg5LjcyIiwib3NubSI6IldpbmRvd3MiLCJvc3ZzIjoiMTAiLCJ3Ijo5NjAsImgiOjcwNH19
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
no-referrer
x-permitted-cross-domain-policies
none
expect-ct
max-age=0
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
x-download-options
noopen
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
no-store, no-cache, private
content-length
0
x-xss-protection
0
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.loaded&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImN0cnkiOiJVUyIsImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJwbGF0IjoiIiwidHBjdCI6MiwiYXJncyI6eyJtZXNzYWdlIjoiTm8gQmxvY2tlciJ9LCJ0dGxlIjoiV29yZHMgb2YgV29uZGVycyIsInNpemUiOiI5NjAgeCA3MDQiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6dHJ1ZSwiaWVndSI6dHJ1ZSwiaXRndSI6ZmFsc2UsImNtcGUiOmZhbHNlLCJob3N0IjoiaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20ifV0%3D&ts=1701713659411
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
index.html
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/c8ba1cb2f23d40b5a19fd606fcc3e50b/?gd_sdk_referrer_url=https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287/&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b7e419ec912eb37670752481646f56c61d27503a535404dafba62db861ba3bc3

Request headers

Referer
https://html5.gamedistribution.com/c8ba1cb2f23d40b5a19fd606fcc3e50b/?gd_sdk_referrer_url=https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287/&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
28269
content-encoding
gzip
content-type
text/html
date
Mon, 04 Dec 2023 10:23:31 GMT
etag
W/"03f7303c680d6f98d266a7590adfe925"
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
x-amz-cf-id
BmeWorQr4mmQflVM6wQw0u2sRBve4z29z5g2MberxZKecEVuCFi8gw==
x-amz-cf-pop
DUS51-P1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
fugo_logo.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/companyLogos/ Frame E6A2 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/companyLogos/fugo_logo.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6fc8ce0c05c6ee33aa6e9571eac061cd4a37db2a0873fd05b1b5ee2173c47207

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 13:21:58 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
17542
x-amz-server-side-encryption
AES256
etag
"32574fd82a3eb80c7d38eccfa1ebe918"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
2659
x-amz-cf-id
dEmUz-HHcrwTbJUaanbb8TRpzcqPPATqd7NutI8BxnL0XSZsYXcAxQ==
famobi_logo.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/companyLogos/ Frame E6A2 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/companyLogos/famobi_logo.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7926fe9941fcecc6bcbf3ab01ac90e77fd4e96e9cf37b0726992da33f995bfc4

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 14:56:12 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
11887
x-amz-server-side-encryption
AES256
etag
"f6fbcf763c4986e5037a2d5a06b38a25"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
2244
x-amz-cf-id
ap-HpZo4VRTfvIRoHIywMQI7nb5FfPqExPGHnmVNgg7a0vVyiWciHw==
v1.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/ Frame E6A2 		104 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
db1f114bd3e6e38934421095460c89696af935c93d037c2aeebe85f932ccfb1b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:01:18 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
4845
x-amz-server-side-encryption
AES256
etag
W/"22cd42fcb231bb8762a384c31126021f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
oBWRltRGV1RlwRlbBicj2L-hgAo4UWnpYn4BaY-YBVKjizgqkQrM9A==
sdk_interface.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/sdk_interface.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
34b984ae49edfcdb79cb4c79e352edb15f6126c2b0e7747128329ca64d104424

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 01:31:15 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
60196
x-amz-server-side-encryption
AES256
etag
W/"0111d2005f7f82ffba7cae734777fc94"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
0bJmdo3U7tXaUz3R4V-4MhR-vrvED-jfVWXCcy_lE-jm5-VDpo5Tww==
sdk_interface_custom.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/sdk_interface_custom.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f5979539fc25ac479358c9886e201f55e021c10680a04a3e60c9f194b76b0e2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:20:09 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:11 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
28451
x-amz-server-side-encryption
AES256
etag
W/"7886fd59f216888ec9bcd5384f354a38"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
ApPQn6qbydOc_TP1ElJgscraSPWgNh2vevkqbbzNfaAM7BXLdvwxPA==
pageview
tracker.gamemonkey.org/v1/gamemonkey/track/gd/event/ Frame D105 		0
120 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracker.gamemonkey.org/v1/gamemonkey/track/gd/event/pageview
Requested by
Host: cdn.gamemonkey.org
URL: https://cdn.gamemonkey.org/gamemonkey-sdk-javascript/5.1.1/script/gamemonkey-sdk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.157.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-157-99.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://html5.gamedistribution.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://html5.gamedistribution.com
date
Mon, 04 Dec 2023 18:14:20 GMT
x-cid
gamemonkey-74978fd5b-tj74z
vary
Origin
c19eaa47-30ef-4bdb-8b85-7f69bf31431d
tracker-v4.gamedock.io/v1/events-tracker/track/product/Game%20Distribution/user_id/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tracker-v4.gamedock.io/v1/events-tracker/track/product/Game%20Distribution/user_id/c19eaa47-30ef-4bdb-8b85-7f69bf31431d
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.101.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-101-15.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
https://html5.gamedistribution.com
date
Mon, 04 Dec 2023 18:14:24 GMT
x-cid
gamemonkey-74978fd5b-x4shd
vary
Origin
identify
mp.theepochtimes.com/identity/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mp.theepochtimes.com/identity/v1/identify
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-mp-key
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-mp-key
access-control-allow-methods
POST
access-control-allow-origin
*
age
3166
date
Mon, 04 Dec 2023 18:14:19 GMT
server
Kestrel
strict-transport-security
max-age=900
via
1.1 varnish, 1.1 varnish
x-cache
HIT, MISS
x-cache-hits
565, 0
x-fastly-trace-id
1698715992
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by
cache-mxp6978-MXP, cache-mxp6978-MXP
x-timer
S1701713660.525689,VS0,VE6
identify
mp.theepochtimes.com/identity/v1/ 		175 B
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.theepochtimes.com/identity/v1/identify
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/9198-bd693defb63e2fb2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
c8e6c8feaf7598e68bc7f017961adcb983a1c52cbfa0191e4f67f64d0bc1f32e
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

x-mp-key
us2-c639a6aabfcf124097c91276dd5884fb
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

x-served-by
cache-mxp6978-MXP, cache-mxp6978-MXP
strict-transport-security
max-age=900
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 04 Dec 2023 18:14:19 GMT
server
Kestrel
x-timer
S1701713660.583122,VS0,VE313
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us2_origin
x-cache
MISS, MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
x-fastly-trace-id
1698716399
accept-ranges
bytes
x-cache-hits
0, 0
gameanalytics.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/gameanalytics.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a61d40e247028e71cd1ce66406d114465789bdefae0897135b87bb0a7626fdd1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 08:35:08 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
34751
x-amz-server-side-encryption
AES256
etag
W/"f46bf62b57b2abd24fa926261da582fb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
TiS_5XV9yqR49CEFUuOOyCYBCMMicHNdbXFw0qer_4jpAeNHD1JY3A==
show
subs.theepochtimes.com/template/ Frame 2210 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/template/show?tid=signin&sid=www.theepochtimes.com&v=6&ck=JTdCJTIyZXBvY2hfdXNlcl9pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Nlc3Npb25pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Rva2VuJTIyJTNBJTIyJTIyJTJDJTIyZXBvY2hfc3Vic2NyaWJlZCUyMiUzQSUyMiUyMiU3RA==&pl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&u=JTdCJTIyaW5mbyUyMiUzQSU3QiUyMmNsaWVudElkJTIyJTNBJTIyNWI3NWRhMjMtNTBjZS00NmIxLWJlMzMtZmFhODFmZmFjYzAwJTIyJTJDJTIyaWQlMjIlM0ElMjIlMjIlMkMlMjJuZXdJZCUyMiUzQTAlMkMlMjJlbWFpbCUyMiUzQSUyMiUyMiUyQyUyMnBpY3R1cmUlMjIlM0ElMjIlMjIlMkMlMjJuYW1lJTIyJTNBJTIyJTIyJTJDJTIyZmlyc3ROYW1lJTIyJTNBJTIyJTIyJTJDJTIybGFzdE5hbWUlMjIlM0ElMjIlMjIlMkMlMjJyZWdpc3RlckRhdGUlMjIlM0EwJTJDJTIyaXNFbWFpbFZlcmlmaWVkJTIyJTNBZmFsc2UlN0QlMkMlMjJnZW8lMjIlM0ElN0IlMjJjb3VudHJ5JTIyJTNBJTIyVVMlMjIlMkMlMjJjaXR5JTIyJTNBJTIyVkElMjIlMkMlMjJ0aW1lem9uZSUyMiUzQSUyMkFtZXJpY2ElMkZOZXdfWW9yayUyMiUyQyUyMmxhdGl0dWRlJTIyJTNBMzkuMDA2NCUyQyUyMmxvbmdpdHVkZSUyMiUzQS03Ny40MTk5JTdEJTJDJTIyc3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMmhpc3RvcmljU3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMnN1YnNjcmlwdGlvbiUyMiUzQSU3QiUyMnN1YnNjcmliZWQlMjIlM0FmYWxzZSUyQyUyMnJlZ2lvbklkJTIyJTNBJTIyJTIyJTJDJTIyc3Vic2NyaXB0aW9uVHlwZSUyMiUzQSUyMiUyMiUyQyUyMnBsYW5JZCUyMiUzQSUyMiUyMiUyQyUyMmV4cGlyYXRpb24lMjIlM0EwJTdEJTdE&tn=EET%20-%20Responsive%20Signin%20Bar&theme=default
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
d7cd879df53ece5f82d10656b7890db0b9210823870eef37fceef4d7b133dd1c

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
vary
Accept-Encoding Origin
via
1.1 google
x-robots-tag
noindex
GameAnalytics-4.4.5.min.js
download.gameanalytics.com/js/ Frame E6A2 		89 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://download.gameanalytics.com/js/GameAnalytics-4.4.5.min.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.154.63.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-154-63-42.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0f01fb484d6fc0260ebc8a71774233f4b05c22171ebfc8c8ab6e4ca5658db345

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 16:00:01 GMT
via
1.1 4916e178488f684789738aa0c104421a.cloudfront.net (CloudFront)
last-modified
Fri, 04 Mar 2022 10:57:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P4
age
8089
etag
"bfc280c9cece105e0944e2d0e0e37e4d"
x-cache
Hit from cloudfront
content-type
binary/octet-stream
accept-ranges
bytes
content-length
90897
x-amz-cf-id
uqDVczWe8T6YSv-rNY8dTHGGYedPYXNaRqFYi1ACWbdOEWBuhJqCZA==
main.min.js
html5.api.gamedistribution.com/ Frame E6A2 		509 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.api.gamedistribution.com/main.min.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/sdk_interface.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-37.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e30c59b1f56c36a80c2f7784ab15ea34eec032869f5595645c0bdf065c7c6b89

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:02:51 GMT
content-encoding
br
via
1.1 b17dca9c320b96e12b996848d121ffe4.cloudfront.net (CloudFront)
last-modified
Thu, 23 Nov 2023 08:28:51 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P2
age
55021
x-amz-server-side-encryption
AES256
etag
W/"64fa9d3116b65c5ab1f61d91830ad6fd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
no-cache
x-amz-cf-id
H3RaqSGcQ1knRLmgUVxQ1K5g40BmahMbLpD7p4CYUMkxYFmoDjRShw==
all.css
use.fontawesome.com/releases/v5.0.12/css/ Frame 1ED7 		38 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.0.12/css/all.css
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/css/main.f8b20501.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ceee487a90eea3b0e52f01360b44e8b6ac0898062c143dbe724663efd3d6f63

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 22 Sep 2023 01:44:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1698310
etag
W/"d896a88b71aa2ba5d6bd670429bf1bad"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8U7l3T556jgg0%2BAM6tAsG7TrkJE4W%2Bf3NSW9UCWGg0TxYN4oVFQQiWTFzJXnrl0ZwbkhhWkz0gIqkEC71U0PV4fDIMvZY0og16jPJ7jopBWXiyEnrdmS52dmj7dEfBfBw9v%2FNZatL4sGzFv94RVjOi2"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
830607449e0435ee-FRA
alt-svc
h3=":443"; ma=86400
collect
msgrt.gamedistribution.com/ Frame E6A2 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.loading&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjIsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoxLCJhcmdzIjp7Im1lc3NhZ2UiOiJsb2FkaW5nIn0sInR0bGUiOiJXb3ciLCJzaXplIjoiOTYwIHggNzA0IiwiYnJubSI6IkNocm9tZSIsImJybWoiOiI4OSIsIm9zbm0iOiJXaW5kb3dzIiwib3N2ciI6IjEwIiwiYnlsZCI6dHJ1ZSwiYnlsdiI6IjEuNS4xNiIsImltZ3UiOmZhbHNlLCJpZWd1Ijp0cnVlLCJpdGd1Ijp0cnVlLCJjbXBlIjpmYWxzZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIn1d&ts=1701713659595
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
/
game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		4 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/?domain=theepochtimes.com&v=1.36.3&localTime=19
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
6acb3ad7f78db7ffea36bcc58b48053e0956897815bc6d4e17981776ab7e98cd

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
cache-control
private, max-age 3600
x-powered-by
Express
content-length
3878
etag
W/"f26-OWBolVmKjvD2TuyM8ZygN9NhjLQ"
content-type
application/json; charset=utf-8
collect
msgrt.gamedistribution.com/ Frame E6A2 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.loading&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjIsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoyLCJhcmdzIjp7Im1lc3NhZ2UiOiJsb2FkaW5nIn0sInR0bGUiOiJXb3ciLCJzaXplIjoiOTYwIHggNzA0IiwiYnJubSI6IkNocm9tZSIsImJybWoiOiI4OSIsIm9zbm0iOiJXaW5kb3dzIiwib3N2ciI6IjEwIiwiYnlsZCI6dHJ1ZSwiYnlsdiI6IjEuNS4xNiIsImltZ3UiOmZhbHNlLCJpZWd1Ijp0cnVlLCJpdGd1Ijp0cnVlLCJjbXBlIjpmYWxzZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIn1d&ts=1701713659596
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
/
game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		4 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://game.api.gamedistribution.com/game/v4/get/c8ba1cb2f23d40b5a19fd606fcc3e50b/?domain=theepochtimes.com&v=1.36.3&localTime=19
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
939c30540cdac2a2d0c51cbe2f66171b5c048081300702d70f24be2b01021028

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
cache-control
private, max-age 3600
x-powered-by
Express
content-length
3877
etag
W/"f25-ksmI6ZALBLlLj1jgeKMA91rVzqc"
content-type
application/json; charset=utf-8
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/ Frame D105 		398 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_fy2021.js?bust=31079890
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6ab06f2d15226ff69b2dd976c70a29b0b342edd91dbb096b0cd72f3e49c008bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137539
x-xss-protection
0
server
cafe
etag
1385759162192911462
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:19 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/ Frame F218 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231129/r20190131/zrt_lookup_fy2021.html?hello=world
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://html5.gamedistribution.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
2928
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4121
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 17:25:31 GMT
etag
12051592065903069241
expires
Mon, 18 Dec 2023 17:25:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
headerlift.min.js
hb.improvedigital.com/pbw/ Frame D105 		199 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.improvedigital.com/pbw/headerlift.min.js?referer=theepochtimes.com
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2440:f000:4:cd76:8580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
f8f0a3a57a6375a0604e8b4fd0b631c441bbc721f280fe5970b5717eff4cff6b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:11:25 GMT
content-encoding
gzip
via
1.1 9de95acefc7f3768292e6951facd4ecc.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P3
age
174
x-guploader-uploadid
ABPtcPo9Vh43g9tAJcaJ47McOjJSy2l4GuSkI5P-JhDhV9oVKYulY7pBNhVfTr7YY7ar5JzcFOY
x-cache
Hit from cloudfront
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
63536
last-modified
Tue, 17 Oct 2023 09:50:53 GMT
server
UploadServer
etag
"76d61b311c7df781e819fb9fea953aa3"
vary
Accept-Encoding
x-goog-generation
1697536253119173
content-type
application/javascript; charset=utf-8
x-goog-hash
crc32c=aHjMCQ==, md5=dtYbMRx994HoGfuf6pU6ow==
cache-control
public, max-age=3600
x-goog-stored-content-length
63536
accept-ranges
bytes
x-amz-cf-id
Hkcv1JwkwLYrTMy_DICif-4SCrfsf0MUXEz5owpCX9Qw7Gi2ZZ1T3g==
expires
Mon, 04 Dec 2023 19:11:25 GMT
collect
msgrt.gamedistribution.com/ Frame E6A2 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.success&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjIsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoxLCJhcmdzIjp7Im1lc3NhZ2UiOiJzdWNjZXNzIn0sInR0bGUiOiJXb3ciLCJzaXplIjoiOTYwIHggNzA0IiwiYnJubSI6IkNocm9tZSIsImJybWoiOiI4OSIsIm9zbm0iOiJXaW5kb3dzIiwib3N2ciI6IjEwIiwiYnlsZCI6dHJ1ZSwiYnlsdiI6IjEuNS4xNiIsImltZ3UiOmZhbHNlLCJpZWd1Ijp0cnVlLCJpdGd1Ijp0cnVlLCJjbXBlIjpmYWxzZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIn1d&ts=1701713659646
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
collect
msgrt.gamedistribution.com/ Frame E6A2 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.gdfw.success&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImRwdGgiOjIsInZlcnMiOiIxLjM2LjMiLCJ0cmFjIjpmYWxzZSwid2hsYiI6ZmFsc2UsInBsYXQiOiIiLCJ0cGN0IjoyLCJhcmdzIjp7Im1lc3NhZ2UiOiJzdWNjZXNzIn0sInR0bGUiOiJXb3ciLCJzaXplIjoiOTYwIHggNzA0IiwiYnJubSI6IkNocm9tZSIsImJybWoiOiI4OSIsIm9zbm0iOiJXaW5kb3dzIiwib3N2ciI6IjEwIiwiYnlsZCI6dHJ1ZSwiYnlsdiI6IjEuNS4xNiIsImltZ3UiOmZhbHNlLCJpZWd1Ijp0cnVlLCJpdGd1Ijp0cnVlLCJjbXBlIjpmYWxzZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIn1d&ts=1701713659647
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:19 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
index.js
pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/ Frame E6A2
Redirect Chain
  • https://pm.azerioncircle.com/p/locus
  • https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Protocol
H2
Server
2600:9000:243d:8200:17:cf8d:4bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b98e1cfd3bc985929ee1cd472cb90f0ea7a35e2d21b9ef36865f93453eed1f4e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 30 Nov 2023 14:40:51 GMT
content-encoding
gzip
via
1.1 864867c878801fa3f01f9149934772e8.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P4
age
358408
x-guploader-uploadid
ABPtcPoFrSZpusd5-O7uBV8oiMe631T4U-U836lzwfv_03TDfWQsAAQbbi79iNgY0CgFbXdkrKc
x-cache
Hit from cloudfront
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
10055
last-modified
Mon, 30 Oct 2023 12:53:05 GMT
server
UploadServer
etag
"ee8f86fc8fa90340ef0bc7ccbc84ce46"
vary
Accept-Encoding
x-goog-generation
1698670385621342
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=gWu7nw==, md5=7o+G/I+pA0DvC8fMvITORg==
access-control-expose-headers
Content-Type, Access-Control-Allow-Origin
cache-control
public, max-age=31536000, immutable
x-goog-stored-content-length
10055
accept-ranges
bytes
x-amz-cf-id
D2LWxijgkacs9CJzSHOvQiGifLbAEBb424VsZjb4MxYa8YgrYd8p3g==
expires
Thu, 30 Nov 2023 15:40:51 GMT

Redirect headers

date
Thu, 30 Nov 2023 14:51:14 GMT
via
1.1 864867c878801fa3f01f9149934772e8.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
DUS51-P4
age
357785
vary
Origin
x-cache
Hit from cloudfront
location
https://pm.azerioncircle.com/@bygd/locus/0.5.6/dist/app/iife/index.js
content-length
0
x-amz-cf-id
l0VfCMFs_q0s-gXd5f3LuiALx_5n8UlOjXjIq0IPTpfJm4TqSDkY_w==
userId.bundle.js
subs.theepochtimes.com/lib/ Frame 2210 		297 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/lib/userId.bundle.js
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/template/show?tid=signin&sid=www.theepochtimes.com&v=6&ck=JTdCJTIyZXBvY2hfdXNlcl9pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Nlc3Npb25pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Rva2VuJTIyJTNBJTIyJTIyJTJDJTIyZXBvY2hfc3Vic2NyaWJlZCUyMiUzQSUyMiUyMiU3RA==&pl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&u=JTdCJTIyaW5mbyUyMiUzQSU3QiUyMmNsaWVudElkJTIyJTNBJTIyNWI3NWRhMjMtNTBjZS00NmIxLWJlMzMtZmFhODFmZmFjYzAwJTIyJTJDJTIyaWQlMjIlM0ElMjIlMjIlMkMlMjJuZXdJZCUyMiUzQTAlMkMlMjJlbWFpbCUyMiUzQSUyMiUyMiUyQyUyMnBpY3R1cmUlMjIlM0ElMjIlMjIlMkMlMjJuYW1lJTIyJTNBJTIyJTIyJTJDJTIyZmlyc3ROYW1lJTIyJTNBJTIyJTIyJTJDJTIybGFzdE5hbWUlMjIlM0ElMjIlMjIlMkMlMjJyZWdpc3RlckRhdGUlMjIlM0EwJTJDJTIyaXNFbWFpbFZlcmlmaWVkJTIyJTNBZmFsc2UlN0QlMkMlMjJnZW8lMjIlM0ElN0IlMjJjb3VudHJ5JTIyJTNBJTIyVVMlMjIlMkMlMjJjaXR5JTIyJTNBJTIyVkElMjIlMkMlMjJ0aW1lem9uZSUyMiUzQSUyMkFtZXJpY2ElMkZOZXdfWW9yayUyMiUyQyUyMmxhdGl0dWRlJTIyJTNBMzkuMDA2NCUyQyUyMmxvbmdpdHVkZSUyMiUzQS03Ny40MTk5JTdEJTJDJTIyc3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMmhpc3RvcmljU3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMnN1YnNjcmlwdGlvbiUyMiUzQSU3QiUyMnN1YnNjcmliZWQlMjIlM0FmYWxzZSUyQyUyMnJlZ2lvbklkJTIyJTNBJTIyJTIyJTJDJTIyc3Vic2NyaXB0aW9uVHlwZSUyMiUzQSUyMiUyMiUyQyUyMnBsYW5JZCUyMiUzQSUyMiUyMiUyQyUyMmV4cGlyYXRpb24lMjIlM0EwJTdEJTdE&tn=EET%20-%20Responsive%20Signin%20Bar&theme=default
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
ead0293d41f0c5fef76a0205ad3060391bdbeec5ae4920c5c6d2edec8bdea2e6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://subs.theepochtimes.com/template/show?tid=signin&sid=www.theepochtimes.com&v=6&ck=JTdCJTIyZXBvY2hfdXNlcl9pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Nlc3Npb25pZCUyMiUzQSUyMiUyMiUyQyUyMmVwb2NoX3Rva2VuJTIyJTNBJTIyJTIyJTJDJTIyZXBvY2hfc3Vic2NyaWJlZCUyMiUzQSUyMiUyMiU3RA==&pl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&u=JTdCJTIyaW5mbyUyMiUzQSU3QiUyMmNsaWVudElkJTIyJTNBJTIyNWI3NWRhMjMtNTBjZS00NmIxLWJlMzMtZmFhODFmZmFjYzAwJTIyJTJDJTIyaWQlMjIlM0ElMjIlMjIlMkMlMjJuZXdJZCUyMiUzQTAlMkMlMjJlbWFpbCUyMiUzQSUyMiUyMiUyQyUyMnBpY3R1cmUlMjIlM0ElMjIlMjIlMkMlMjJuYW1lJTIyJTNBJTIyJTIyJTJDJTIyZmlyc3ROYW1lJTIyJTNBJTIyJTIyJTJDJTIybGFzdE5hbWUlMjIlM0ElMjIlMjIlMkMlMjJyZWdpc3RlckRhdGUlMjIlM0EwJTJDJTIyaXNFbWFpbFZlcmlmaWVkJTIyJTNBZmFsc2UlN0QlMkMlMjJnZW8lMjIlM0ElN0IlMjJjb3VudHJ5JTIyJTNBJTIyVVMlMjIlMkMlMjJjaXR5JTIyJTNBJTIyVkElMjIlMkMlMjJ0aW1lem9uZSUyMiUzQSUyMkFtZXJpY2ElMkZOZXdfWW9yayUyMiUyQyUyMmxhdGl0dWRlJTIyJTNBMzkuMDA2NCUyQyUyMmxvbmdpdHVkZSUyMiUzQS03Ny40MTk5JTdEJTJDJTIyc3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMmhpc3RvcmljU3Vic2NyaXB0aW9ucyUyMiUzQSU1QiU1RCUyQyUyMnN1YnNjcmlwdGlvbiUyMiUzQSU3QiUyMnN1YnNjcmliZWQlMjIlM0FmYWxzZSUyQyUyMnJlZ2lvbklkJTIyJTNBJTIyJTIyJTJDJTIyc3Vic2NyaXB0aW9uVHlwZSUyMiUzQSUyMiUyMiUyQyUyMnBsYW5JZCUyMiUzQSUyMiUyMiUyQyUyMmV4cGlyYXRpb24lMjIlM0EwJTdEJTdE&tn=EET%20-%20Responsive%20Signin%20Bar&theme=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 03 Nov 2023 19:11:33 GMT
server
nginx/1.20.1
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
max-age=3600, public, no-transform
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 04 Dec 2023 19:14:19 GMT
/
colossusssp.com/ 		2 B
141 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.237.69.132 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:19 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
prebid
exchange.postrelease.com/ 		0
396 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://exchange.postrelease.com/prebid?ntv_pb_rid=51e883dfe5bfb3b&ntv_ppc=eyJhZFVuaXRzIjpbeyJhZFVuaXRDb2RlIjoiZ2FtZV9ib3R0b21fYWRfNzI4eDkwIiwibWVkaWFUeXBlcyI6eyJiYW5uZXIiOnsic2l6ZXMiOltbOTcwLDI1MF0sWzk3MCw5MF0sWzcyOCw5MF1dfX19XX0=&ntv_dbr=eyJnYW1lX3RvcF9hZF83Mjh4OTAiOjAsImdhbWVfdG9wX2FkXzMwMHgyNTAiOjAsImdhbWVfcmlnaHRfdG9wX2FkXzMwMHg2MDAiOjAsImdhbWVfcmlnaHRfYm90dG9tX2FkXzMwMHgyNTAiOjAsImdhbWVfYm90dG9tX2FkXzcyOHg5MCI6MH0=&ntv_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.73.85.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-85-239.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
server
nginx/1.12.2
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
content-length
20
expires
Mon, 1 Jan 1990 12:00:00 GMT
prebid-request
onetag-sys.com/ 		15 B
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://www.theepochtimes.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
hb-mm-multi
hb.minutemedia-prebid.com/ 		105 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.249.240.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
38f52ff6595ef6742a67ee23b694490ea6f3aff15eb51485a4e59c59695e2ae0

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
server
istio-envoy
x-reason
maxmind anonymous
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.theepochtimes.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
23
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
v1
hb-api.omnitagjs.com/hb-api/prebid/ 		180 B
703 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&CanonicalUrl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&PublisherDomain=https%3A%2F%2Fwww.theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.121.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-121-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7cd5058b3eee2cbc384dd13af193029a6dc41666a094fb03d1570f9e6b86f505
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
kong/2.8.4
x-content-type-options
nosniff
x-kong-proxy-latency
1
p3p
CP="CAO PSA OUR"
x-kong-upstream-latency
119
content-length
180
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
OPTIONS, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
expires
0
hb
hb.undertone.com/ 		0
524 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.undertone.com/hb?pid=3017&domain=theepochtimes.com
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-13.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 8080d8bfc581f6befaaa7736f6d0003e.cloudfront.net (CloudFront)
accept-ch
sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin
https://www.theepochtimes.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
x-amz-cf-id
WcjqyXL-LTmAmWetqjZj8YRvvrzWzFQzaGqdwZT3hrESI-U0fG_XMA==
expires
Mon, 26 Jul 1997 05:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		112 KB
46 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1358391148197964&correlator=4054586771973575&eid=31078986%2C31079784%2C31079527&output=ldjh&gdfp_req=1&vrg=202311280101&ptt=17&impl=fifs&iu_parts=5965368%2CEET_D_game_right_top_300x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C300x250&ifi=1&didk=3201861404&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701713659696&lmt=1701652835&adxs=1153&adys=120&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&vis=1&psz=320x0&msz=300x0&fws=4&ohw=1325&ga_vid=1448343132.1701713659&ga_sid=1701713660&ga_hid=1949370425&ga_fc=true&dlt=1701713658108&idt=1105&cust_params=EET_user_plan%3D%26site%3Dwww.theepochtimes.com%252Ctheepochtimes.com%26EET_user_type%3Danonymous%26EET_category%3Deet_epochfun-137957%252Ceet_joypass-free-155614%252Ceet_special-epoch-games-155638%252Ceet_free-games-ad-supported-172624%252Ceet_frontaudio-161329%26EET_post_tag%3Dgames%252Cpuzzles%26EET_author_name%3DEpoch%2520Puzzles%26EET_post%3D5491287&adks=3838852029&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311280101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ff900b9a92673f2f33be869f28f899428a7250804c644269f9c6b5e7f2586a06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46854
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311280101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
96690a6b0b7d81e20ea26ead168609c18a2abe39228421083addfa1285a5923c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12221
x-xss-protection
0
container.html
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A857 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311280101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:19 GMT
expires
Tue, 03 Dec 2024 18:14:19 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		58 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1358391148197964&correlator=4054586771973575&eid=31078986%2C31079784%2C31079527&output=ldjh&gdfp_req=1&vrg=202311280101&ptt=17&impl=fifs&iu_parts=5965368%2CEET_D_game_top_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C970x90%7C728x90&ifi=2&didk=3042669188&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701713659710&lmt=1701652835&adxs=140&adys=96&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&vis=1&psz=975x0&msz=970x0&fws=4&ohw=975&ga_vid=1448343132.1701713659&ga_sid=1701713660&ga_hid=1949370425&ga_fc=true&dlt=1701713658108&idt=1105&cust_params=EET_user_plan%3D%26site%3Dwww.theepochtimes.com%252Ctheepochtimes.com%26EET_user_type%3Danonymous%26EET_category%3Deet_epochfun-137957%252Ceet_joypass-free-155614%252Ceet_special-epoch-games-155638%252Ceet_free-games-ad-supported-172624%252Ceet_frontaudio-161329%26EET_post_tag%3Dgames%252Cpuzzles%26EET_author_name%3DEpoch%2520Puzzles%26EET_post%3D5491287&adks=1797975165&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311280101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6424f0c34de6a093e039f6e0f48fbc5fa4aef0632ebac232ae10e33949a42515
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13857
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
init
api.gameanalytics.com/remote_configs/v1/ Frame E6A2 		64 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.gameanalytics.com/remote_configs/v1/init?game_key=1fde3ba52c52d626e0f76365608be18d&interval_seconds=0&configs_hash=
Requested by
Host: download.gameanalytics.com
URL: https://download.gameanalytics.com/js/GameAnalytics-4.4.5.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.45.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-67-202-45-233.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
c724e5a7d19820339372c40bfdd774a97c8bd63c14ab7799932e11238e662d0a

Request headers

Referer
https://html5.gamedistribution.com/
accept-language
de-CH,de;q=0.9
Authorization
8GaDEucOPuS9CtnH4BLiKRHE3NwsYhPke2pNRKzopcU=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
server
Cowboy
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://html5.gamedistribution.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
78
init
api.gameanalytics.com/remote_configs/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.gameanalytics.com/remote_configs/v1/init?game_key=1fde3ba52c52d626e0f76365608be18d&interval_seconds=0&configs_hash=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.45.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-67-202-45-233.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://html5.gamedistribution.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://html5.gamedistribution.com
access-control-expose-headers
access-control-max-age
1728000
cache-control
max-age=0, private, must-revalidate
date
Mon, 04 Dec 2023 18:14:20 GMT
server
Cowboy
vary
Origin
170.cd359634.chunk.js
comment.youmaker.com/web/v3/static/js/ Frame 1ED7 		746 KB
128 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/web/v3/static/js/170.cd359634.chunk.js
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
41a491b6ec4c4ba2be42e5bf9040f0dc254b0fb6db203ad01cdfa10145fdcd21

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 20 Oct 2023 19:30:46 GMT
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
application/javascript
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
app-version
0.1.2
920.163caa5c.chunk.css
comment.youmaker.com/web/v3/static/css/ Frame 1ED7 		64 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/web/v3/static/css/920.163caa5c.chunk.css
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
a7cf9d7d46a9d9b0d83d6d91e82f11dd37fbffab2d8841b530f352be0cb6cbd6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 20 Oct 2023 19:30:46 GMT
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
text/css; charset=utf-8
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
app-version
0.1.2
889.c22e2dd1.chunk.css
comment.youmaker.com/web/v3/static/css/ Frame 1ED7 		666 B
360 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/web/v3/static/css/889.c22e2dd1.chunk.css
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
48b782933f4ffe1e923111eb93d3924b4807e78ce63064d0b01e0f96de529a4a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 20 Oct 2023 19:30:46 GMT
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
text/css; charset=utf-8
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
app-version
0.1.2
889.50003970.chunk.js
comment.youmaker.com/web/v3/static/js/ Frame 1ED7 		48 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/web/v3/static/js/889.50003970.chunk.js
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
13b81e5fbcfd1eceeed6736de88e9fce3edf25dead86bb944c0cfe179695128b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 20 Oct 2023 19:30:46 GMT
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
application/javascript
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
app-version
0.1.2
auth
subs.theepochtimes.com/subs/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=1204&subscribed=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://www.theepochtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google
x-robots-tag
noindex
auth
subs.theepochtimes.com/subs/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=1202&subscribed=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://www.theepochtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google
x-robots-tag
noindex
auth
subs.theepochtimes.com/subs/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=5201&subscribed=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://www.theepochtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google
x-robots-tag
noindex
auth
subs.theepochtimes.com/subs/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10208&subscribed=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://www.theepochtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google
x-robots-tag
noindex
auth
subs.theepochtimes.com/subs/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10204&subscribed=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://www.theepochtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google
x-robots-tag
noindex
auth
subs.theepochtimes.com/subs/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10205&subscribed=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://www.theepochtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 04 Dec 2023 18:14:19 GMT
server
nginx/1.20.1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google
x-robots-tag
noindex
epoch_mixpanel.min.js
services.epoch.cloud/public-labs/epoch-ai/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.epoch.cloud/public-labs/epoch-ai/epoch_mixpanel.min.js?v=2
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f05e45157561299fdf9c77b4ead956006bd678b5e82ad3180d5284e333c3ca28

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 27 Nov 2023 17:57:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1823
etag
W/"6564d893-2ffb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5KkIcAtQHrK0UysRDmUBCHPQrGb%2B33%2FT6Ul5quekQbgrSUxnf8qrQr2UdLtMGNw4k4FoLAKvU3U0eu%2FKSF8Vxp4MEcoOdRF3yiO6OzpyZiCYQlzWCF%2BwsowvZijnqYkNPTIkSUq%2Fycq2Bae6uTeRsbCuyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
830607459b411970-FRA
alt-svc
h3=":443"; ma=86400
optimizer.min.js
services.epoch.cloud/public-labs/ 		34 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.epoch.cloud/public-labs/optimizer.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9814f85523d0253897e2447a36fdbdc2a5e7647eb96c192f3d278393c955d2f2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Nov 2023 16:28:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1889
etag
W/"655e2c4a-8651"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCF78X3MwtqibZYwBgPF2ImSNraK%2F5L4JPEXLpBZ9KSUeUN0LPx%2BwsHX6cbnINsYcFs0KVsZlyNKlWNvQaFSPp7X6gzgrVQ%2BW9JVzUanW5kVkKK3wfzt%2Bw1Wu8u9rtunar5CLgKJblit%2Fbbx2s7p6L7J8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
83060745ab5c1970-FRA
alt-svc
h3=":443"; ma=86400
auth
subs.theepochtimes.com/subs/ 		40 B
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=1204&subscribed=
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
3d7c7f77cc3bb5bf35042f2484343fdccd96a98ee0319542d32a4db82512e8ac

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40
auth
subs.theepochtimes.com/subs/ 		40 B
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=1202&subscribed=
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
3d7c7f77cc3bb5bf35042f2484343fdccd96a98ee0319542d32a4db82512e8ac

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40
get
subs.theepochtimes.com/template/ 		60 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/template/get?tid=45ddbb93-dccc-4911-a2da-88d44b296ccc&sid=www.theepochtimes.com&type=noniframe
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
cda3dd8b74a8cb2699277dc3b4d82ac4482304fe884d47bc7638111bb5257bd8

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.1
vary
Accept-Encoding, Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
auth
subs.theepochtimes.com/subs/ 		40 B
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=5201&subscribed=
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
3d7c7f77cc3bb5bf35042f2484343fdccd96a98ee0319542d32a4db82512e8ac

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40
auth
subs.theepochtimes.com/subs/ 		41 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10208&subscribed=
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
4c834812ad0c6ab8e9cddcf914f1f922d2b52cf81f306bdc361a05641bb0798c

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
auth
subs.theepochtimes.com/subs/ 		41 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10204&subscribed=
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
4c834812ad0c6ab8e9cddcf914f1f922d2b52cf81f306bdc361a05641bb0798c

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
auth
subs.theepochtimes.com/subs/ 		40 B
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10205&subscribed=
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
3d7c7f77cc3bb5bf35042f2484343fdccd96a98ee0319542d32a4db82512e8ac

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40
get
subs.theepochtimes.com/template/ 		40 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/template/get?tid=e4d5c7ed-b909-475c-919f-6721cf03f5d0&sid=www.theepochtimes.com&type=noniframe
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
03268fb285ed8486b6a21e5106f8faa3d517434bbf60c0e9a09e7e2737ce1345

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.1
vary
Accept-Encoding, Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
user
comment.youmaker.com/api/v1/ Frame 1ED7 		57 B
78 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/user?site=remark
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
a272a50a6b0526fe9222d72f29741b9d91a156ff75439a43b728fe1d5a6fec0f

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
app-name
remark
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57
expires
Thu, 01 Jan 1970 00:00:00 UTC
config
comment.youmaker.com/api/v1/site/ Frame 1ED7 		390 B
293 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/site/config?site=remark&group=&id=5491287
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
6d819e03aaf3877c15b1d7d532cf06316663cad1aca835ac99497ab08e0bf0e9

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 01 Jan 1970 00:00:00 UTC
readonly
comment.youmaker.com/api/v1/ Frame 1ED7 		146 B
169 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/readonly?site=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&id=5491287&group=
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e9600a311347b444b3852c4c53cf57f46cea4925aaddbf334ce8a100dad0dc28

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
app-name
remark
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146
expires
Thu, 01 Jan 1970 00:00:00 UTC
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 04 Dec 2023 18:14:19 GMT
opphb
pub.headerlift.com/ Frame D105 		4 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pub.headerlift.com/opphb?page_url=theepochtimes.com&page_type=gd&page_width=975&aid=c8ba1cb2f23d40b5a19fd606fcc3e50b
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/headerlift.min.js?referer=theepochtimes.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c419 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cc5fe6024fbaeb5632bae656bb379211ae9650e431099e76fc9101d43b53fe8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
*
content-type
application/json; charset=utf-8
access-control-allow-origin
https://html5.gamedistribution.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aGrb6TbBzT%2B%2FkcB9rGrxHX9kNn2nKuJXUovOmdj1zTBIAsklkVtxGfQ0ZYO2ytuB9WSekVSYllYmwh%2BhjWiEDTVzk1oF7DeDzN51xv%2BTqLPM%2F3Eu72CyuXc8r9ioxdge%2FiCFUZ6hlFLgOiEcnAU421M%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
83060745ea5f918f-FRA
access-control-allow-headers
*
alt-svc
h3=":443"; ma=86400
prebid-idhb-v8.19.min.js
hb.improvedigital.com/pbw/prebid/ Frame D105 		548 KB
175 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v8.19.min.js
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/headerlift.min.js?referer=theepochtimes.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2440:f000:4:cd76:8580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
88bd751de914c875cc5ca0b130ef57f97ac9f5457054659875c90414cbfdacd0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 18:30:58 GMT
content-encoding
gzip
via
1.1 9de95acefc7f3768292e6951facd4ecc.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P3
age
517401
x-guploader-uploadid
ABPtcPoPXwsBgMYz5sLBvR-NeOtMDACLV4_UFPq57vTRKp3oMXWs95gMH1taLxCvYQyXmsEMAv8gYNEfMA
x-cache
Hit from cloudfront
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
178218
last-modified
Tue, 17 Oct 2023 09:29:24 GMT
server
UploadServer
etag
"ae085eb45736ac0d0e5b2cbc080d2978"
x-goog-generation
1697534964498886
content-type
application/javascript
content-language
en
x-goog-hash
crc32c=vsmcjA==, md5=rghetFc2rA0OWyy8CA0peA==
cache-control
public, max-age=604800,no-transform
x-goog-stored-content-length
178218
accept-ranges
bytes
x-amz-cf-id
SMCrBZ7fZ9mZE1t9S8s3rnTG0TYHqtB5bgAWySE3SpC6-55zPs5Vng==
expires
Tue, 05 Dec 2023 18:30:58 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame D105 		365 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd5b60ffc3ca0727647beaa306e807665623255c6aefc7ec3ce78bde5af14621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128283
x-xss-protection
0
expires
Mon, 04 Dec 2023 18:14:19 GMT
lib.min.js
mixproxy.epoch.cloud/mixpanel/ 		52 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mixproxy.epoch.cloud/mixpanel/lib.min.js
Requested by
Host: services.epoch.cloud
URL: https://services.epoch.cloud/public-labs/epoch-ai/epoch_mixpanel.min.js?v=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acb1221313fbb4d27f785ffd7a9ade0f7f44c37567ce1abf6aff7c399a7992d4

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
476
x-guploader-uploadid
ABPtcPoGs05-7XJlvtMpDbb8jHGW4Z5LfacpIu2aUHJlAGYY9Y8Eeyk0z2sc1CDTz5ayZaSyD1tYehHXmAEQb8toCQ3Ao8VLDacF
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 14 Nov 2023 19:54:10 GMT
server
cloudflare
etag
W/"dff66d0b72bdc18a02be56412d5ef8c4"
vary
Accept-Encoding
x-goog-hash
crc32c=VW26dg==, md5=3/ZtC3K9wYoCvlZBLV74xA==
x-goog-generation
1699991650202934
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GYlcT9QVjUZ5sWaWJy5HGzaaW02F0YIUwtaHUr4lWjk2qhdzUX7%2FLNV3Z%2BDwmn9CMGp1wtayASAXKhiVISUWsqNSHYMbYIfota6iTBVKwRorZL9PYnoFhVrxd7mV9FmWJeEi289tAmP9yXzMaspAVjuW7g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
18139
cf-ray
83060745d9175c1a-FRA
expires
Mon, 04 Dec 2023 18:15:34 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		126 KB
46 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1358391148197964&correlator=4054586771973575&eid=31078986%2C31079784%2C31079527&output=ldjh&gdfp_req=1&vrg=202311280101&ptt=17&impl=fifs&iu_parts=5965368%2CEET_D_game_top_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=3&didk=254739873&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701713659821&lmt=1701652835&adxs=1153&adys=96&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&vis=1&psz=320x0&msz=300x0&fws=4&ohw=1325&ga_vid=1448343132.1701713659&ga_sid=1701713660&ga_hid=1949370425&ga_fc=true&dlt=1701713658108&idt=1105&cust_params=EET_user_plan%3D%26site%3Dwww.theepochtimes.com%252Ctheepochtimes.com%26EET_user_type%3Danonymous%26EET_category%3Deet_epochfun-137957%252Ceet_joypass-free-155614%252Ceet_special-epoch-games-155638%252Ceet_free-games-ad-supported-172624%252Ceet_frontaudio-161329%26EET_post_tag%3Dgames%252Cpuzzles%26EET_author_name%3DEpoch%2520Puzzles%26EET_post%3D5491287&adks=2135588503&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311280101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
21db7f5ba93de0708af7012ea53d7e0b262d9c5afcc7f47c3dd513f8ec92db43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47213
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
mixproxy.epoch.cloud/mixpanel/track/ 		1 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mixproxy.epoch.cloud/mixpanel/track/?ip=1&_=1701713659858
Requested by
Host: mixproxy.epoch.cloud
URL: https://mixproxy.epoch.cloud/mixpanel/lib.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
strict-transport-security
max-age=604800; includeSubDomains
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time
25
alt-svc
h3=":443"; ma=86400
content-length
1
server
cloudflare
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.theepochtimes.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dm4Vdot%2BeErIW5m7hhx0DiiDLMsoTyMsjaVrEfCphAkHXzMDFNDXKY5ho8EkZTwah%2FTJSmdn%2BerVk6h9a%2B1pGGaPi3LlONYSDRJTVKJlDTxHrcUhqfvnoGf1nmYrUagimNheGs2WCMe7Cfs83N3O4uQcAA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
cf-ray
830607462c471970-FRA
access-control-allow-headers
X-Requested-With
debugging-standalone.js
cdn.jsdelivr.net/npm/prebid.js@8.19.0/dist/ Frame D105 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/prebid.js@8.19.0/dist/debugging-standalone.js
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v8.19.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc8463e5701a90b0f5686a725b46bd98733a03375d850a52088f4ad319fcf081
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1958420
x-jsd-version
8.19.0
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230102-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"5146-aspBJAe/hJtR2g9lWOjQ0xaqR/8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCcHLc1RI6vYvy9a4a0xLCfYiq07wRy5M07NsGdBOf5eH08P51wdM61EIJZuHFBzelejRWeZGDjsvYs4Q4vvrw37XuOfDxIL0eD2LFBgGAPnbX0E%2BU0hjLjCO4j6IjsAlXLS9eh7xO9gSYM656I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
83060746abde4daa-FRA
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D7DC 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1391
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 17:51:08 GMT
expires
Tue, 03 Dec 2024 17:51:08 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 92ED 		829 B
983 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7b67ebf675e4c3ee1d4b2b0cd2673f7818ba6d41eba05cac587eeba589b30f7a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-EkkcMqRmgp5G_Gc4POPHQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-EkkcMqRmgp5G_Gc4POPHQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:19 GMT
expires
Mon, 04 Dec 2023 18:14:19 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ads
googleads.g.doubleclick.net/pagead/ Frame F284 		76 B
86 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&adk=1812271804&adf=3279755397&plat=1%3A520%2C2%3A520%2C3%3A66048%2C4%3A66048%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&channel=4089988593&format=0x0&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713659611&bpp=2&bdt=880&idt=308&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&nras=1&correlator=242626550806&frm=24&ife=1&pv=2&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.ch2v4ts8411&fsb=1&dtd=315
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_fy2021.js?bust=31079890
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a6f3c4eb8378e0bd2852618eacf0a02ff8147155da4d5fb765d89989327cd1cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://html5.gamedistribution.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
66
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:20 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame D105 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231129&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_fy2021.js?bust=31079890
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9d16d4fd850e0f34efafd3e88832ed48cb0b89a25671603c60a67031a72920dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12369
x-xss-protection
0
et_so_utils.js
services.epoch.cloud/public-labs/epoch-ai/smarto/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://services.epoch.cloud/public-labs/epoch-ai/smarto/et_so_utils.js?v=2023-12-04T18
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
946c9c95fb7da4ae9249907e40e11291c00135e70991d34811f08617b20a5b67

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:19 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Oct 2023 16:24:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4385
etag
W/"65369e4c-3506"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Epq3GZ%2BsfxXxaRez4h6uUlQWN6bfqELSX778WNyUGJOYOZYb6iHBFYY7PLS6X1LCc9Wo32GHgW7SZ60ksBkiWGUSdXga%2FPEsR2Eno84%2BWatJCe%2Ba4FvSxtWk5KBVO%2B4jCRjHC9mV0OOyUtO3eAFWOAUgg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
83060746ad131970-FRA
alt-svc
h3=":443"; ma=86400
RingsideNarrow-Semibold.otf
cdn.epoch.cloud/assets/fonts/ Frame 2210 		123 KB
124 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.epoch.cloud/assets/fonts/RingsideNarrow-Semibold.otf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfabd954a3ec494e41f63bab6f12a56ce35150c3b6eb0da47f1e61d5c22bfc2a

Request headers

Referer
https://subs.theepochtimes.com/
Origin
https://subs.theepochtimes.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1653
alt-svc
h3=":443"; ma=86400
content-length
126440
last-modified
Fri, 26 Jun 2020 15:18:33 GMT
server
cloudflare
etag
"5ef611c9-1ede8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ckw7dodaFL4tCx043fo1O59BeW05WI9eMVrza0d%2BWgFjMLRPQr%2BpS%2FS4pKOm%2FuGrJE%2FoJH%2BPqJScVX7sLSG648maYAPheOCvwMGTj1WTT7U2rR7viC5z4%2BIy6RL2lGyAN6vMPZDmYJlo3e4gv%2FY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
830607478b984d43-FRA
counts
comment.youmaker.com/api/v1/ Frame 1ED7 		110 B
136 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/counts?site=remark&post=id
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
7e67d8140ad5de35ddaecbf938b1287583b9427ba2d4dc3068a86fd211c4e4a0

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark
Content-Type
application/json

Response headers

expires
Thu, 01 Jan 1970 00:00:00 UTC
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
pragma
no-cache
server
nginx/1.20.1
author
EMG
app-name
remark
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://comment.youmaker.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
app-version
0.1.2
20
comment.youmaker.com/api/v1/getlist/ Frame 1ED7 		15 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/getlist/20?site=remark&group=&offset=0&sort=-time&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&id=5491287
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
ce72896d7177b8a8f6d8676a7b9969e0b055779b3f1dfa8af36048921a8a7670

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 01 Jan 1970 00:00:00 UTC
truncated
/ Frame 1ED7 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7bf4473ecc25fc8a56c7da4846022537d11e73a499922e0a16be9b8f83869052

Request headers

Referer
Origin
https://comment.youmaker.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
Acta-Book.otf
img.theepochtimes.com/fonts/ Frame 1ED7 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://img.theepochtimes.com/fonts/Acta-Book.otf
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/css/main.f8b20501.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.198.122 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-19-198-122.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash

Request headers

Referer
https://comment.youmaker.com/
Origin
https://comment.youmaker.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:20 GMT
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/html
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
Access-Control-Allow-Credentials
true
Connection
keep-alive
Akamai-Mon-Iucid-Del
1289467
Access-Control-Allow-Headers
origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
Content-Length
548
RingsideNarrow-Book.otf
img.theepochtimes.com/fonts/ Frame 1ED7 		124 KB
125 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img.theepochtimes.com/fonts/RingsideNarrow-Book.otf
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/css/main.f8b20501.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.198.122 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-19-198-122.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d1a4a7aa00e62b62538f84f4f380c16796c88078656d204c4f5ceebb59d84fe8

Request headers

Referer
https://comment.youmaker.com/
Origin
https://comment.youmaker.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:20 GMT
Connection
keep-alive
Akamai-Mon-Iucid-Del
1289467
Content-Length
126860
Last-Modified
Tue, 11 Jul 2023 21:21:51 GMT
Server
nginx
ETag
"64adc7ef-1ef8c"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
Cache-Control
max-age=27471821
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
RingsideNarrow-Medium.otf
img.theepochtimes.com/fonts/ Frame 1ED7 		123 KB
124 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img.theepochtimes.com/fonts/RingsideNarrow-Medium.otf
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/css/main.f8b20501.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.198.122 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-19-198-122.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
02e05d8407482aee2dae0ae4343ecb2e6c2b1f27c2175c4b03170d3f2af51b55

Request headers

Referer
https://comment.youmaker.com/
Origin
https://comment.youmaker.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:20 GMT
Connection
keep-alive
Akamai-Mon-Iucid-Del
1289467
Content-Length
126244
Last-Modified
Tue, 27 Jun 2023 23:57:44 GMT
Server
nginx
ETag
"649b7778-1ed24"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
Cache-Control
max-age=26858637
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
famobi.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		274 B
648 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/famobi.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
137122c1437dc31fcd5d2989300192849efcabee41bc94fd035f7704b8a2d1f5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:21:14 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
31989
x-amz-server-side-encryption
AES256
etag
"07199848e52f287161cfc1ceceaa8dbd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
accept-ranges
bytes
content-length
274
x-amz-cf-id
2CVzlEYG0D41QxdR_QrA_708_6dsa8gTWfI4qE7RpGZZHfS2n7UgSQ==
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D105 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_fy2021.js?bust=31079890
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 04 Dec 2023 18:14:20 GMT
bridge3.607.0_en.html
imasdk.googleapis.com/js/core/ Frame 70D0 		751 KB
241 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.607.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa7c1276f417b6409b5a96ad98272c276421b816c86954a30511f6c4fd9c7156
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://html5.gamedistribution.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
323758
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
246373
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Fri, 01 Dec 2023 00:18:22 GMT
expires
Sat, 30 Nov 2024 00:18:22 GMT
last-modified
Fri, 01 Dec 2023 00:14:15 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame D105 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 18:14:20 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 4BBF 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:35:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2354
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13893
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 15:57:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Mon, 04 Dec 2023 18:35:06 GMT
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.adblocker.flw&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImN0cnkiOiJVUyIsImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJwbGF0IjoiIiwidHBjdCI6MSwiYXJncyI6eyJtZXNzYWdlIjoib2sifSwidHRsZSI6IldvcmRzIG9mIFdvbmRlcnMiLCJzaXplIjoiOTYwIHggNzA0IiwiYnJubSI6IkNocm9tZSIsImJybWoiOiI4OSIsIm9zbm0iOiJXaW5kb3dzIiwib3N2ciI6IjEwIiwiYnlsZCI6ZmFsc2UsImltZ3UiOnRydWUsImllZ3UiOnRydWUsIml0Z3UiOmZhbHNlLCJjbXBlIjpmYWxzZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIn1d&ts=1701713660054
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:20 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
collect
msgrt.gamedistribution.com/ Frame D105 		2 B
152 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.adblocker.adapters&ar=W3siZ21pZCI6ImM4YmExY2IyZjIzZDQwYjVhMTlmZDYwNmZjYzNlNTBiIiwidGRtbiI6InRoZWVwb2NodGltZXMuY29tIiwiZG9tbiI6InRoZWVwb2NodGltZXMuY29tIiwicmZyciI6Imh0dHBzOi8vd3d3LnRoZWVwb2NodGltZXMuY29tL2Vwb2NoZnVuL3dvcmRzLW9mLXdvbmRlcnMtYWQtc3VwcG9ydGVkLTU0OTEyODcvIiwibHRociI6MTksImN0cnkiOiJVUyIsImRwdGgiOjEsInZlcnMiOiIxLjM2LjMiLCJwbGF0IjoiIiwidHBjdCI6MSwiYXJncyI6eyJtZXNzYWdlIjoibm9uZSJ9LCJ0dGxlIjoiV29yZHMgb2YgV29uZGVycyIsInNpemUiOiI5NjAgeCA3MDQiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6dHJ1ZSwiaWVndSI6dHJ1ZSwiaXRndSI6ZmFsc2UsImNtcGUiOmZhbHNlLCJob3N0IjoiaHRtbDUuZ2FtZWRpc3RyaWJ1dGlvbi5jb20ifV0%3D&ts=1701713660054
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.18.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-18-114.eu-west-1.compute.amazonaws.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:20 GMT
x-powered-by
Express
content-length
2
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
content-type
text/plain; charset=utf-8
auth
subs.theepochtimes.com/subs/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10214&subscribed=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
POST
access-control-allow-origin
https://www.theepochtimes.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 04 Dec 2023 18:14:20 GMT
server
nginx/1.20.1
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via
1.1 google
x-robots-tag
noindex
auth
subs.theepochtimes.com/subs/ 		40 B
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/subs/auth?siteid=www.theepochtimes.com&planid=4c14e06e-dead-4a19-833b-f676ae9d77da&nid=10214&subscribed=
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
3d7c7f77cc3bb5bf35042f2484343fdccd96a98ee0319542d32a4db82512e8ac

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40
play.css
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1/ Frame E6A2 		107 KB
48 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1/play.css
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
51d82fcbe88e209dab883d6b6787234077d2fd8c4a55b894b510987b1aed1439

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:50:09 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
55590
x-amz-server-side-encryption
AES256
etag
W/"ec9ef1e046e5d75abe900101ae2c59b0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
qFYhxA95BdOOz-6AZ4P1bTqHOz0Rv4yl2QctpXzDvC2Odkv4TwgTuQ==
get
subs.theepochtimes.com/template/ 		205 B
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subs.theepochtimes.com/template/get?tid=924e14b9-3ed2-41d0-ae93-07246a558b57&sid=www.theepochtimes.com
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.198.207 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
207.198.102.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
fbd96f97dfabbb444dd155929e9632f5049251e4a8885989179fffb74ea6348a

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-credentials
true
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205
zepto.min.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/ Frame E6A2 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/zepto.min.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
beb9f5e32ed61fbce010497242a9b6b8219242b5ffc636038e7891510c773725

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:14:56 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46782
x-amz-server-side-encryption
AES256
etag
W/"50a4556b0089cfa1cb61e88ea23bbcce"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
ewaIX8_W3sWlxjd_aWIv-TRMbtKAWptCn2LYoAxjdOqoK0CzXErmSw==
sodar
pagead2.googlesyndication.com/pagead/ Frame 92ED 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311280101&jk=1358391148197964&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame D7DC 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:24:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
28188
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 10:24:32 GMT
lc2.js
b-code.liadm.com/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/lc2.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:b600:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b0512ff1ecca4eeaa79eabd6f059915e9cec84022c2f78519acf20d942b628e0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 19:12:58 GMT
content-encoding
gzip
via
1.1 6dfd389c138f0c3d4626295090bb3362.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P4
age
82882
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
"public, max-age=86400"
x-amz-cf-id
7AhByNx6Xea4OqVVCqdp6w75Y31tMhs8vxj3D_XQ2AprS1D0fhzV5A==
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B45E 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://html5.gamedistribution.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1392
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 17:51:08 GMT
expires
Tue, 03 Dec 2024 17:51:08 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 31C3 		829 B
560 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
798f999a711b13524e79137a5ee8a84c28250b705490a683122de26e423c72f7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Vdwqa-R_kvRoPBX4pP070A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://html5.gamedistribution.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Vdwqa-R_kvRoPBX4pP070A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:20 GMT
expires
Mon, 04 Dec 2023 18:14:20 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
detection.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/ Frame E6A2 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/detection.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fe6e0182538f31cda8fd3d5c7ede213cf4aa271df75cc7ab019896f225201db1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:20:46 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
28415
x-amz-server-side-encryption
AES256
etag
W/"e092bc73a4667990c6b449b8e933f164"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
VVHYpm61Yr0FroShhGlDSlz6bv7Pc5K10Nf_gz390FS2O6H0X6of_w==
sodar
pagead2.googlesyndication.com/pagead/ Frame 31C3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231129&jk=4454287763820610&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
slotcar_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/ Frame D105 		93 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/slotcar_library_fy2021.js?bust=31079890
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6ba67e30f5cd4fb3caaf2933a38b99b1eb6fbd82556cc265aa21f648d1a6dcbd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32957
x-xss-protection
0
server
cafe
etag
9287728329388101340
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:20 GMT
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame B45E 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:24:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
28188
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 10:24:32 GMT
reply
comment.youmaker.com/api/v1/counts/ Frame 1ED7 		1 KB
652 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/counts/reply?site=remark&group=&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&id=5491287&post=gids
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
c20e4fc83e796d4c45aa00445de01f6f49c068672460f88f6766c01c5cb64c4f

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark
Content-Type
application/json

Response headers

expires
Thu, 01 Jan 1970 00:00:00 UTC
date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma
no-cache
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding, Origin
app-name
remark
content-type
application/json; charset=utf-8
access-control-allow-origin
https://comment.youmaker.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
app-version
0.1.2
famobi_analytics_v1.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/ Frame E6A2 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/famobi_analytics_v1.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
558511bcfb89b1b48167f3edcb05ec605e78321541f2c3b5ca645c25e377d1c6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 15:38:58 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
9333
x-amz-server-side-encryption
AES256
etag
W/"85a2b82f28ee5ad50b71fc8cbba14c90"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
6Yz0Dp-NZ6MI9Z4qVdcNKKw22tNteamiQ0tpf3Tx1EGu6FVOobjBhQ==
20
comment.youmaker.com/api/v1/getlist/ Frame 1ED7 		5 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/getlist/20?site=remark&group=&offset=20&sort=-time&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&id=5491287
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
a60b7831e3ec9be34c34c066c9cd4bbc107efc6222e3a3a2b1aec6a0df74bf08

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding
app-name
remark
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 01 Jan 1970 00:00:00 UTC
generate_204
tpc.googlesyndication.com/ Frame D7DC 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?sBHTjg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
fenster.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/ Frame E6A2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/fenster.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
72f2a5abbfe60e35dce603cad0c3655e2f73c4346718acee6e009e4f20bc15c5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:08:07 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
512
x-amz-server-side-encryption
AES256
etag
W/"eaf16304a774dd6caef358aebf3d5da1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
fbYLP0cso5Lh4sCOHlAK278AjsUIJqSFcDlPn4snTmkrd1J3HxkEQg==
game.js
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/ Frame E6A2 		1 MB
346 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/gameapi/v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58a99953187f1d6f2b3764cbba4a21e4fa380f25270d01dc498f197bd7cc572d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 07:05:13 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
40148
x-amz-server-side-encryption
AES256
etag
W/"d88b85ca0c3329a8c282d37b5c3af900"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
muIdnnXi3REENSummUff1B39A7RqXd-DWjj4xzLvRnwUwFbiQ3FFEQ==
generate_204
tpc.googlesyndication.com/ Frame B45E 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?1cKxDA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:20 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame D105 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=slotcar&preloadAdBreaks=on&sound=on&onReady=false&event=adcf_cl&client=ca-pub-2316275586951220&bow_v=r20231129&js_v=m202311300101&fetcher=adsense&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame FEFE 		170 KB
51 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_fy2021.js?bust=31079890
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b2fd9293903d510d132adefbde652c07bb7bbac8d78c6ac47fc826fb547a585b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://html5.gamedistribution.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
52115
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:21 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 4BC6 		178 KB
52 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_fy2021.js?bust=31079890
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
089f447ccba07035778319720d86864a4eafc31a9ea9dedc0fbab02203d79c45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://html5.gamedistribution.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
53103
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:20 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
events
api.gameanalytics.com/v2/1fde3ba52c52d626e0f76365608be18d/ Frame E6A2 		2 B
93 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.gameanalytics.com/v2/1fde3ba52c52d626e0f76365608be18d/events
Requested by
Host: download.gameanalytics.com
URL: https://download.gameanalytics.com/js/GameAnalytics-4.4.5.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.45.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-67-202-45-233.compute-1.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://html5.gamedistribution.com/
accept-language
de-CH,de;q=0.9
Authorization
LF8mWwqpxeAR2XaPTAYLflShNvldi+RevPMeym0k4xw=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:20 GMT
content-length
2
content-type
application/json
events
api.gameanalytics.com/v2/1fde3ba52c52d626e0f76365608be18d/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.gameanalytics.com/v2/1fde3ba52c52d626e0f76365608be18d/events
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.45.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-67-202-45-233.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://html5.gamedistribution.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-headers
Authorization, X-Requested-With, Content-Type, Content-Encoding
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Mon, 04 Dec 2023 18:14:20 GMT
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1701713660326&se=e30&duid=57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt&tna=v2.11.1&pu=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-549128...
  • https://rp4.liadm.com/j?se=e30&duid=57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt&tna=v2.11.1&dtstmp=1701713660326&n3pc=true&wpn=lc-bundle&pu=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wo...
13 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?se=e30&duid=57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt&tna=v2.11.1&dtstmp=1701713660326&n3pc=true&wpn=lc-bundle&pu=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&i6=MmEwMjo2ZWEwOmQ0MTg6MDo1YjM6OjE%3D
Protocol
H2
Server
3.213.22.88 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-213-22-88.compute-1.amazonaws.com
Software
/
Resource Hash
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
x-pixel-event-id
7311581d-d4c4-47fa-8df1-7dca7d97597f
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
null
access-control-expose-headers
*
access-control-allow-credentials
true
content-length
13

Redirect headers

location
https://rp4.liadm.com/j?se=e30&duid=57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt&tna=v2.11.1&dtstmp=1701713660326&n3pc=true&wpn=lc-bundle&pu=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&i6=MmEwMjo2ZWEwOmQ0MTg6MDo1YjM6OjE%3D
access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:20 GMT
access-control-expose-headers
*
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET
truncated
/ Frame E6A2 		82 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f006c556c753a58b408277de14a33ffdc8a921625cd682042960de78c6df2552

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
StringsEN
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/strings/ Frame E6A2 		55 KB
55 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/strings/StringsEN
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
75b29ce0e4fb6bc98de910d48d78f6db6074b2c0a810503945808a5f009cace1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 08:10:51 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
36219
x-amz-server-side-encryption
AES256
etag
"8ddd4ffbced10c09a6b4b7673bd5b3be"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
accept-ranges
bytes
content-length
55831
x-amz-cf-id
xFbJII5PVZba2KH5UHDaSewE-ayG-HpThw0gSDhx8eYn0K_nhd4gAA==
SectionsEN
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sections/ Frame E6A2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sections/SectionsEN
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f884b8e021f5ef1893ff2f2c6e88ac6b3e9880f9dbe57dd04f452fc142c7eae0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:27:33 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:09 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"32549b5646055871e47f7f140cafdadd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
accept-ranges
bytes
content-length
1831
x-amz-cf-id
LKXAsWnwsebpRZIDj_Xbe4n5sKMduHZNVBjx5igIh02SxIHePPv9aw==
SetsEN
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sets/ Frame E6A2 		108 KB
108 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sets/SetsEN
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
72b6ea5647b859cadfb35b135b2147134e3f682cef0a8448fe90489dbcf8f700

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 08:10:51 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:09 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
36219
x-amz-server-side-encryption
AES256
etag
"d1aa2096e4e35bde6f35703a77a403d5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
accept-ranges
bytes
content-length
110398
x-amz-cf-id
ixnBwzjVVYplb1Jb0ej_LDGO_54eP-vms5B7NtCS7H1scfyqAnXAzQ==
Levels_EN_initial.csv
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/levels_encrypted/ Frame E6A2 		30 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/levels_encrypted/Levels_EN_initial.csv
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3985d9744607df37e881a163f12d2702036e9d428df52f3c3927f180e3320923

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:33:55 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:06 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
85226
x-amz-server-side-encryption
AES256
etag
W/"83eb31cd85ff1b2f1ded5d28ac78db2a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/csv
x-amz-cf-id
ScHUEN4h2RQbZJ543eCcYk7N6VsrfzLbpyIUKBUH9PSnK5FGuc_WUg==
Sections
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sections/ Frame E6A2 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sections/Sections
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d72fddb206c2364426bb62da3a01e8c225ac82e1d1594ced8373cdada181796c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:42 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:09 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"c8480d7e13e00115a81b7171e7096ad9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
accept-ranges
bytes
content-length
5885
x-amz-cf-id
rzG5huYpmWxqC3rxOM7TleOoXlWCaCEo-mdEvmKNNVGwL6-Cd4fl-w==
Sets
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sets/ Frame E6A2 		50 KB
50 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/sets/Sets
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dce99a769693d71f1960b00a4c2d87f69f2478992668e5fb94ad9185c57828e2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 08:08:30 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:09 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
36353
x-amz-server-side-encryption
AES256
etag
"12d0b6474b2b9319002ea3bc2bdd9ffc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
accept-ranges
bytes
content-length
50759
x-amz-cf-id
KH9aQ6MTqBxo3qT-w-BsBJIz98VXmaKJwovI6msLEhUbsaXoYwy7Cg==
languages.csv
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/ Frame E6A2 		896 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/csv_files/languages.csv
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e877e71c2d45d5bfcc3b617037a3c4c28615a9e054cee63ec60f408bc9aba731

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:10:25 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
57933
x-amz-server-side-encryption
AES256
etag
"2799b72655c50f879940b2c800af4860"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/csv
accept-ranges
bytes
content-length
896
x-amz-cf-id
NMOIISu-tlCuFYfqlH3XXjbVmcCneUz7-YV8cYHNMqF3SHtZAic18g==
truncated
/ Frame E6A2 		106 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
88e6382d15edbda0254ba0ad7f224f41b358a21ebfad6e1eed439f5ddf0ea245

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame E6A2 		253 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
42deb9219fc21f52ec47f6de9f2cd7bbd2b6eff02e03fb2e77b935f3f2a849db

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
icon.svg
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/images/ Frame E6A2 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/html5games/images/icon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bfab790a7855af8b77b67f1747688d142aa5cb2d0afbcbe2ad96df43b0bfc95c

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:06:48 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
50937
x-amz-server-side-encryption
AES256
etag
W/"5f41808299a595bc5e3e2acfe97b07ac"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-id
gmQzL8ZW2RsYaC4m6_9yG5idaWtR95diGdFQoqr3JB1JYF6mc-WMZA==
click.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/ Frame E6A2 		2 KB
2 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/click.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e032545a829fd3c770e58b6bbb1b3fd828642e7245ca104d3598780369bea70

Request headers

Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 04 Dec 2023 04:41:40 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
48841
x-amz-server-side-encryption
AES256
etag
"0a7c645aa6bf66a0964cc2a2d975c3af"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
Content-Range
bytes 0-1699/1700
accept-ranges
bytes
x-amz-cf-id
6sfJrZqUB3dTem4KWGcqyStO-s7WTcPY--6erQVB5YNMzY0cLtazvg==
Content-Length
1700
0c87cfd10010b976da3395b36efbee678283153a.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/0c87cfd10010b976da3395b36efbee678283153a.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
6e652b5ca86d60191c42744be0f3dacbaf2de0eb.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/6e652b5ca86d60191c42744be0f3dacbaf2de0eb.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
d323a7b53730b629ddbc0bc71d317a06d1200304.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/d323a7b53730b629ddbc0bc71d317a06d1200304.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
7fda6a51410c96eb1050022c419c1eb8bcc713ac.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/7fda6a51410c96eb1050022c419c1eb8bcc713ac.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
3d550ebdc5c82604101e5038ab7aeace9c070bf9.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/3d550ebdc5c82604101e5038ab7aeace9c070bf9.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
73432f94e93d2d9e00a707474aacb728bc831c73.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/73432f94e93d2d9e00a707474aacb728bc831c73.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
9d55cde8a3e0f9b3a508ca5782af92ab7d065200.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/9d55cde8a3e0f9b3a508ca5782af92ab7d065200.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
d2072bcab41cfdb9e28aeb83b85ac30f752f91ab.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/d2072bcab41cfdb9e28aeb83b85ac30f752f91ab.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
07b5307024d4ec7ff0d684b775e07a1e02431ce5.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/07b5307024d4ec7ff0d684b775e07a1e02431ce5.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
8b8ec297b713bc17fcf3653f5b7ca19c1118f800.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/8b8ec297b713bc17fcf3653f5b7ca19c1118f800.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
09eaf66b34e8bcfc9c22d824cca5d8cc30c8a243.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/09eaf66b34e8bcfc9c22d824cca5d8cc30c8a243.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
154eefd29deac1603176338d45eeedad767e78e0.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/154eefd29deac1603176338d45eeedad767e78e0.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
66a937d18c263121c63ddbeaaece7dbea586e2e9.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/66a937d18c263121c63ddbeaaece7dbea586e2e9.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
087137929349725cb14dbfca9f937e60502c2bf1.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/087137929349725cb14dbfca9f937e60502c2bf1.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
bea79906f25b2f862ebeec3a115cbd1330e7504c.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/bea79906f25b2f862ebeec3a115cbd1330e7504c.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
80d1b9b235317a42792707d3e1883c498cd5eb7c.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/80d1b9b235317a42792707d3e1883c498cd5eb7c.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
c7f54f938d439015f21c0b00e5ddf11df34da72d.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/c7f54f938d439015f21c0b00e5ddf11df34da72d.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
reply
comment.youmaker.com/api/v1/counts/ Frame 1ED7 		481 B
329 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://comment.youmaker.com/api/v1/counts/reply?site=remark&group=&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&id=5491287&post=gids
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/js/main.7036b77e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
97f8f1e7af3a90169dcbeeffbe3b11101c629434f5f6d68416b6fe9389421a5f

Request headers

X-PROVIDER-TOKEN
youmaker
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
accept-language
de-CH,de;q=0.9
X-ACCESS-TOKEN
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-SITE-ID
remark
Content-Type
application/json

Response headers

expires
Thu, 01 Jan 1970 00:00:00 UTC
date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma
no-cache
server
nginx/1.20.1
author
EMG
vary
Accept-Encoding, Origin
app-name
remark
content-type
application/json; charset=utf-8
access-control-allow-origin
https://comment.youmaker.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
app-version
0.1.2
ui_slide.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/ Frame E6A2 		3 KB
4 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/ui_slide.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e99be6ede34fb9a77ad03948bbda182d7d1374775dfe4a8ef431e07381af27e6

Request headers

Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 04 Dec 2023 08:51:34 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
33767
x-amz-server-side-encryption
AES256
etag
"5d76b6d360b6fef033489a2c99a54374"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
Content-Range
bytes 0-3367/3368
accept-ranges
bytes
x-amz-cf-id
RZmFkUJVtDwRhiSD1mXQOMVe22ylY9uu_Z-4Pl_sHGn_KoAVHzDV3g==
Content-Length
3368
truncated
/ Frame E6A2 		82 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b86ca7249e6f28cc9af909dcc5501e67101273ff2a2a19c408779a0fbf27e733

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
loading.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/loading.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2ee5286027f64816df32c866794e4200a9304d855f83b2d0fdfc488b0bbca5e6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:25:51 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
49709
x-amz-server-side-encryption
AES256
etag
"195821d729799ef412033e17b60599d7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1820
x-amz-cf-id
cAj_rE5e2Y41G1SaIx4BuDobT67XRAd4UwjojKiMCGDDnz55hzyWcw==
ping
pagead2.googlesyndication.com/pagead/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/slotcar_library_fy2021.js?bust=31079890
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://html5.gamedistribution.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
ping
pagead2.googlesyndication.com/pagead/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://html5.gamedistribution.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
config.json
notifier-configs.airbrake.io/2020-06-18/config/471165/ Frame E6A2 		222 B
492 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://notifier-configs.airbrake.io/2020-06-18/config/471165/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.8&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&language=JavaScript
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.82.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-82-122.compute-1.amazonaws.com
Software
/
Resource Hash
ca21228cf6890fea685c6e20f24be256a3946c11234905c4f4256544b2193006

Request headers

accept
application/json
cache-control
no-cache,no-store
Referer
https://html5.gamedistribution.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:20 GMT
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length
222
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json; charset=UTF-8
config.json
notifier-configs.airbrake.io/2020-06-18/config/471165/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://notifier-configs.airbrake.io/2020-06-18/config/471165/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.8&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&language=JavaScript
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.82.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-82-122.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
cache-control
Access-Control-Request-Method
GET
Origin
https://html5.gamedistribution.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
allow
OPTIONS, GET
date
Mon, 04 Dec 2023 18:14:20 GMT
arrow.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		208 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/arrow.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
247a772543317efd45f3dac630beea8c77df1371b81d1495b1caad847c9760fe

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:42 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:41:58 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"260472da8f2aae5389d8ad5281187d88"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
208
x-amz-cf-id
OO5QCMtNN4KlEuoARGFFrVf7jL1d7k-YgFLL2Ze8X1e-gRIot9s5Pg==
gem.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		10 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/gem.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
697459e724a25abea1fdda67e431d766298fe99415123e958f041b35403ee303

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 16:53:11 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
4873
x-amz-server-side-encryption
AES256
etag
"6912f4abb3baa70e70bf81f9f8ae659a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
10551
x-amz-cf-id
EHmQoUkAXR_eTwg-Sb9fRsa3SHD1DoemkjpgXQQAjczBd2rzGa9y5Q==
clapper.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/clapper.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
99b6f1b6970464dd47243663dd56651a4ef994ae0777eaba567bcb261f049dff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:07 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46762
x-amz-server-side-encryption
AES256
etag
"54b3f7ce574d5eb2871f41605c620f56"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
3710
x-amz-cf-id
57dv_dV2o992FiUoPNhggHjjblROlJ1vD51bl-_ZnKlDfgWUxcj-rg==
counterBackground.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		604 B
974 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/counterBackground.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c342d254f9c6b527e13f987aaff45efa6945f31a8f10ddcfbbd110b4ad4e88

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 11:10:20 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
25441
x-amz-server-side-encryption
AES256
etag
"e5bbaaee2b3914bc77813972e87ac308"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
604
x-amz-cf-id
jjLMFi6h-ahk--1g3IP7wTaNRmZDxIpDaadLNdOayg_WL8_ldvFL6A==
hintBackground.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/hintBackground.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
28336e54fc1d7f646abb4ab594697df93c7fb557e28f91ba53774b418b7fd8d4

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 18:59:09 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
83712
x-amz-server-side-encryption
AES256
etag
"0f92075ba14a1231713068073d78005d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1157
x-amz-cf-id
PJ-o9WGC7Ev8WBwgGHpeuTm9UIsTD_XPYHoUmeXMJc5TyfzBl7DHYA==
halfCircle.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		401 B
772 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/halfCircle.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2229a6ae6f4fa449b21504e9df1345870a614d9fd065cc7c64e28f0f90f77f58

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:57:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
47798
x-amz-server-side-encryption
AES256
etag
"e599c266f8802d4b19938120a8e8ec9d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
401
x-amz-cf-id
ljZJxmmKirkdhBqKomHFfkqbZTZ0rNAyivPI9UnB7uGc8dGVGDyVxA==
rectangle.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		86 B
454 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/rectangle.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
286d2b0db108321938d2bc7bb726119722bc5c478b136a41731956ae999e623f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:33:24 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
56851
x-amz-server-side-encryption
AES256
etag
"091c2d9c476cfb023fa13fbb26109572"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
86
x-amz-cf-id
eE_8mHZaB9PwlOM4AEN7u2iOjATf2kF_2cEpBd1VXH9n2eqt-8d7zQ==
timeIcon.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		489 B
859 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/timeIcon.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
17627b7fdca38f0ec1e676bf78c197207fc74ea3fe4797bfe1fff2a42071ec52

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 08:55:45 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
33516
x-amz-server-side-encryption
AES256
etag
"320ae00b0a70b1afabfc30e981f4ea53"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
489
x-amz-cf-id
jTTDzH6IR5dP5rPil5XQVQUfGY5Ic65RppFSUf6qc63SxDuYesxAiQ==
snowGlobeFront.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/snowGlobeFront.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0b3998f24c0f15e842b0ac3e0d1cc366d733eb47b37454e72c511e3ba321f2d6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:32 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53749
x-amz-server-side-encryption
AES256
etag
"3319021e280269382f0187a844788a18"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1656
x-amz-cf-id
bnntupo7y14bL2F2WFoRYyKopw8pyecjzyTgsiC91cJWnE_kh26iIw==
snowGlobeGlass.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/snowGlobeGlass.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c02320086cffca4e6865282cd90e1a431344b8049bbff42c60a91dc2f31d86ce

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"87ef155c419f14820552c60757629629"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
6191
x-amz-cf-id
9rE9NJYM7bGNTWuWABnUkpaobf_mEnfVBOFyka81K9p85RdeBsU9cA==
whiteButton.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		11 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/whiteButton.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a8d7806d30891af771cd4b2f6a0abac0f48745cfb46883adcbf065457c6e15a5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"4e4eae9f792d0c2c331e677c190de9b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
10820
x-amz-cf-id
bWzL3EiApbw3Xs2P1Aavmz8B1NleGtXChn7VGKpdNXkW_U6wqUyrgg==
cancel.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/cancel.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8cdd507ea72067bae053f884b4a92b3d937965830f268e1f5ae0e54a37490e40

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:45:07 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30554
x-amz-server-side-encryption
AES256
etag
"d014b5cb48495479516bf48ba92f1343"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4326
x-amz-cf-id
CWPTUw1Ivz0pidoJGt3goZ14RYxXcrYjN8PTdbo4eava_wVG1hqtRg==
voyageCircle.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		10 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/voyageCircle.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29e65993e40c87400ef3aceec146f899954d7573290509b6da4bd941e410208b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:01:29 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
22372
x-amz-server-side-encryption
AES256
etag
"805156d02e972675af3e0ecd5a9385d9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
10679
x-amz-cf-id
PQqyu5t6VpSveVa0qSCDhUSqEhgpRfh3ZIlEqQSO3jEa4BkFuZiBQg==
white_circle_frame.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/white_circle_frame.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2ac81e8312bbad91023b7cfd6b56c3783a68ec6fec7db1527e19779d7cc6d5b0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:31:20 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
49391
x-amz-server-side-encryption
AES256
etag
"40f65bc1b1fad4f13b3584064a44e0dd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4716
x-amz-cf-id
cD7cnJ88FjRLY5METYAtBSOIrBC1y66pQjv6ab1io6omovaC8h0o7w==
progressBarFill.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/progressBarFill.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
327c6d6d6fedd96c190a0ad7bf7c9c59ff7bd38bb246c101c15713eeff60aae0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:32 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53749
x-amz-server-side-encryption
AES256
etag
"e4d77a72d9e7e992542a9c5f5fbd1a71"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
6184
x-amz-cf-id
IsmOZesMYWvcPwvOwJ5mlej3NOqNroK-GeFidfVeUgwYGE8oyy_8Cg==
greenTick.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/greenTick.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf0ffb98a32729058f83b6e6c08e2e7458f5fb97a3d41ee805b191719011e521

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:07 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46762
x-amz-server-side-encryption
AES256
etag
"8b3b7b80fff6272a433eac02299f20a9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1378
x-amz-cf-id
OgsLRY3acNcjP7fuT-70xm1gEXFiRdDHZDn33ZpOrS8XcJ0bUWSThw==
progressbarShine.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		516 B
887 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/progressbarShine.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0838a90416fc3e1fc9b03d679cbae4458d627119d95d6d10e26b155e16b7b17a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:45:07 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30554
x-amz-server-side-encryption
AES256
etag
"12740fb2f56d1b9f6759694e7a215599"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
516
x-amz-cf-id
Ev4XAbox7OExFJuodcJ4TaBvl57eDMW2Uzf_5u10yeNkjqVh6UCmrA==
setImageFrame.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		1015 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/setImageFrame.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ec59969056e6ed0f661daed01453e8690dcb5bef6135f58994cbbde7483ce813

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:01:09 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
22392
x-amz-server-side-encryption
AES256
etag
"5ec1692c07855170e1233807e7d02beb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1015
x-amz-cf-id
dzfrGVrpGKScM-lDwK-f1zMqVbZ2JbvSSCywVFAnl5-l0H0oggWl5w==
setImageMask.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		905 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/setImageMask.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3be908514603b6d40c489a9658ef882f6f756b97377aef5e24f5dc8e96b9328

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:10:26 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
57933
x-amz-server-side-encryption
AES256
etag
"b8902868309d2218c5df972b6218242e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
905
x-amz-cf-id
hjEwQxKk-rCf3uLvbwKM9LQcBQm8r3MNSUxpajztrEjfcoASVANu2A==
MainLogo.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		22 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/MainLogo.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
49db6141b2c6a946efecb340bbbbf3648f78c5ef34fcf66255619c0b50cf5be7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:07 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:41:58 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46762
x-amz-server-side-encryption
AES256
etag
"364d7bfcf020fbdf8f91330d3dcc51b8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
22649
x-amz-cf-id
KRG1UvXPdnV0CXeMfwNS-dlWeeH-N0ciI2UmYh2ZiaqJgI1i4minWg==
MainLogoRussian.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		22 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/MainLogoRussian.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4c10d3dd5cbad71065d28118d060e660877892ec3d8eff3e2f94e3371814cd54

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 15:07:47 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:41:58 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
11194
x-amz-server-side-encryption
AES256
etag
"9da8fd7fd86087d398c758557a8f7830"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
22857
x-amz-cf-id
Tko1yg1TEkUvo7aRUn8bHxcRxs7MWiCeVg3XMVpkRvMbLtIsLv4Kng==
shineImage.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		36 KB
36 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/shineImage.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d48aad4e106f298f502e60ad78640c55965a9a151e13f4ffaf92a692ce204d73

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:10:26 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
57933
x-amz-server-side-encryption
AES256
etag
"d1c992521df6f180870ec4d3e7f3406c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
36951
x-amz-cf-id
oxbZwvrTiuskQZk-NyroS6bBMDdobuizR145AntQ-o2SHsvcx2TyjA==
ButtonShine.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ButtonShine.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fd90bc961c819aae542acd724a90ef805b1f0a57991c8e37db6b9d677aae7634

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:00:04 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
925
x-amz-server-side-encryption
AES256
etag
"67861d27eb4642bd1bafdbba57579481"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1899
x-amz-cf-id
W_Uje785ZT1k-I3GgIbZ5gaVOb2XyZlx4DyDBmfuOf1FgDSVB6GdFg==
spritesheet.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/normal/ Frame E6A2 		101 KB
101 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/normal/spritesheet.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45476301b2259ad412aaba2bfa7ea21b339a4919b0c5ffe0e59dc3d6fd72e01e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"e9afab90e9e373679df630b9e1286e77"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
103044
x-amz-cf-id
EkGYiMsW9lvTfRDNYPJyv1Ei3-SXEcjt6dmTOrMc9fF4Y_Nl4mdysw==
spritesheet.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/normal/ Frame E6A2 		21 KB
1001 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/normal/spritesheet.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1464575fcd2d4b3eec0b1494075103167449725d2824597e8b10634bcd47bf6b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:23:21 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
49860
x-amz-server-side-encryption
AES256
etag
W/"61292ecb9e3ffcb03a252aa90035cd05"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
tLO8soSu8Rg7IfwnOXjuj-AcoCZa_ohV9pjXl39h4vaB_D3gTKA64Q==
spritesheet.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/golden/ Frame E6A2 		111 KB
112 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/golden/spritesheet.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c5e9b6a06e5a3e76a98daffe9dfc99429a800bd01edf9dd5352fa9940bbb2830

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:36:34 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
20280
x-amz-server-side-encryption
AES256
etag
"52ae8325d4bb7595a3824f502bd73566"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
113948
x-amz-cf-id
ogogH-RyOHqMIaG1sCy0v7eWeueXbYPlLkuM_UBCiSVdSHwoOMF99w==
spritesheet.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/golden/ Frame E6A2 		22 KB
998 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/golden/spritesheet.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d341c389c98bf2a17eb90f9049c5ceb77d45d2e71131016ec55169e0ae4504d4

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:07 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46762
x-amz-server-side-encryption
AES256
etag
W/"ff9fca302957d1be4e6973c8611607d9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
xc-jqbmMIJjQ3EowoXogDxUpxkNwpxwYuOedMfkZoJZlWtRAcZ-hQw==
spritesheet.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/legendary/ Frame E6A2 		83 KB
83 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/legendary/spritesheet.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
18736d6de6f0567cd51a5b08165616d08a7b79e5b4ddf97ec2e04dd1851ddc3a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:25:52 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
49709
x-amz-server-side-encryption
AES256
etag
"b8df6b871ada34c258dbc8742a665d91"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
84511
x-amz-cf-id
yc0iMK-K_mx8jDqh9T4Kjv7QGFNhahUlZPi311kQcAr3MmqP--spuw==
spritesheet.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/legendary/ Frame E6A2 		18 KB
951 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/butterflyAtlases/legendary/spritesheet.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f5552d370d49939e79f3387614ddd3a9ae58b649800f82daeac6d4ba00fccc9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:27:33 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53234
x-amz-server-side-encryption
AES256
etag
W/"11f08dc8c1509c60160b4fa4001b69b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
1WO0urucz3R7P5Zupxq7z2s7zYgBHwVf2LuI610BfIqO16RYl54dnQ==
spritesheet.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/giftBoxesAtlas/ Frame E6A2 		45 KB
45 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/giftBoxesAtlas/spritesheet.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
17d42888aadff6e5a91199b3103cc8cf654bcb971c47e60bb965f07b7a1cbcf0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:01:17 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
22384
x-amz-server-side-encryption
AES256
etag
"ed2766dccb70b6f30185aa5af47fffc5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
45703
x-amz-cf-id
M1W6ce61oW5tymKhVOLHpxfoT3j8xTTw7mBobh4_DMLlVc3nFkDmCA==
spritesheet.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/giftBoxesAtlas/ Frame E6A2 		2 KB
647 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/giftBoxesAtlas/spritesheet.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7514edcf566d87ae9b89ec1bc43583d04a293f3b87e43f27b847ec0c96773ae7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:33:24 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
56851
x-amz-server-side-encryption
AES256
etag
W/"13ca862b7616191b767ab9d425b842df"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
BOJrXgoPtrvmGGCre3CY8-1KfrqxQ_B2Ssk_EgGCW_lDR8tQhces-A==
Acta-Medium.otf
img.theepochtimes.com/fonts/ Frame 1ED7 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://img.theepochtimes.com/fonts/Acta-Medium.otf
Requested by
Host: comment.youmaker.com
URL: https://comment.youmaker.com/web/v3/static/css/main.f8b20501.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.198.122 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-19-198-122.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash

Request headers

Referer
https://comment.youmaker.com/
Origin
https://comment.youmaker.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:20 GMT
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/html
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
Access-Control-Allow-Credentials
true
Connection
keep-alive
Akamai-Mon-Iucid-Del
1289467
Access-Control-Allow-Headers
origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
Content-Length
548
801e044b-3448-4292-af70-59c4de7af2f2
https://html5.gamedistribution.com/ Frame E6A2 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/801e044b-3448-4292-af70-59c4de7af2f2
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ee5286027f64816df32c866794e4200a9304d855f83b2d0fdfc488b0bbca5e6

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1820
Content-Type
image/png
d253820c-b91e-4864-8644-815e717cf607
https://html5.gamedistribution.com/ Frame E6A2 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/d253820c-b91e-4864-8644-815e717cf607
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
247a772543317efd45f3dac630beea8c77df1371b81d1495b1caad847c9760fe

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
208
Content-Type
image/png
211cd8c8-7f3e-4b48-996c-59cc96a76e80
https://html5.gamedistribution.com/ Frame E6A2 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/211cd8c8-7f3e-4b48-996c-59cc96a76e80
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
697459e724a25abea1fdda67e431d766298fe99415123e958f041b35403ee303

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
10551
Content-Type
image/png
21ca90bf-052a-4716-af86-67b37ab14743
https://html5.gamedistribution.com/ Frame E6A2 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/21ca90bf-052a-4716-af86-67b37ab14743
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
99b6f1b6970464dd47243663dd56651a4ef994ae0777eaba567bcb261f049dff

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
3710
Content-Type
image/png
b8bc419d-7678-42d2-851c-af249d8c34e1
https://html5.gamedistribution.com/ Frame E6A2 		604 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/b8bc419d-7678-42d2-851c-af249d8c34e1
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2c342d254f9c6b527e13f987aaff45efa6945f31a8f10ddcfbbd110b4ad4e88

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
604
Content-Type
image/png
550c7426-0356-4ebe-ae23-0eb46d2128db
https://html5.gamedistribution.com/ Frame E6A2 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/550c7426-0356-4ebe-ae23-0eb46d2128db
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
28336e54fc1d7f646abb4ab594697df93c7fb557e28f91ba53774b418b7fd8d4

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1157
Content-Type
image/png
dc95c891-f120-45ab-a5c1-5044fd2bfff1
https://html5.gamedistribution.com/ Frame E6A2 		401 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/dc95c891-f120-45ab-a5c1-5044fd2bfff1
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2229a6ae6f4fa449b21504e9df1345870a614d9fd065cc7c64e28f0f90f77f58

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
401
Content-Type
image/png
b33ae8cc-71e2-4ea8-8853-93fe3ae52004
https://html5.gamedistribution.com/ Frame E6A2 		86 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/b33ae8cc-71e2-4ea8-8853-93fe3ae52004
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
286d2b0db108321938d2bc7bb726119722bc5c478b136a41731956ae999e623f

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
86
Content-Type
image/png
93818ff8-cb51-422d-852d-44b186a4e06c
https://html5.gamedistribution.com/ Frame E6A2 		489 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/93818ff8-cb51-422d-852d-44b186a4e06c
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
17627b7fdca38f0ec1e676bf78c197207fc74ea3fe4797bfe1fff2a42071ec52

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
489
Content-Type
image/png
1a1eb5bb-acbd-44f6-9acf-49bdae0df6ab
https://html5.gamedistribution.com/ Frame E6A2 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/1a1eb5bb-acbd-44f6-9acf-49bdae0df6ab
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0b3998f24c0f15e842b0ac3e0d1cc366d733eb47b37454e72c511e3ba321f2d6

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1656
Content-Type
image/png
7dcae9a7-7de5-4674-9ef7-50dcc4eafadc
https://html5.gamedistribution.com/ Frame E6A2 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/7dcae9a7-7de5-4674-9ef7-50dcc4eafadc
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c02320086cffca4e6865282cd90e1a431344b8049bbff42c60a91dc2f31d86ce

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
6191
Content-Type
image/png
2bf3ae39-fc06-4f95-a42d-cd7c26b3a1bc
https://html5.gamedistribution.com/ Frame E6A2 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/2bf3ae39-fc06-4f95-a42d-cd7c26b3a1bc
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a8d7806d30891af771cd4b2f6a0abac0f48745cfb46883adcbf065457c6e15a5

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
10820
Content-Type
image/png
e8e2555b-2eca-4f9c-98fd-0116e48574d0
https://html5.gamedistribution.com/ Frame E6A2 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/e8e2555b-2eca-4f9c-98fd-0116e48574d0
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8cdd507ea72067bae053f884b4a92b3d937965830f268e1f5ae0e54a37490e40

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
4326
Content-Type
image/png
b57e8065-9a93-42ab-8261-b4db2ee14a2e
https://html5.gamedistribution.com/ Frame E6A2 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/b57e8065-9a93-42ab-8261-b4db2ee14a2e
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
29e65993e40c87400ef3aceec146f899954d7573290509b6da4bd941e410208b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
10679
Content-Type
image/png
3a6f327d-5c3f-4c84-9897-d7d6d6997083
https://html5.gamedistribution.com/ Frame E6A2 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/3a6f327d-5c3f-4c84-9897-d7d6d6997083
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ac81e8312bbad91023b7cfd6b56c3783a68ec6fec7db1527e19779d7cc6d5b0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
4716
Content-Type
image/png
924a3b67-aaf3-47cc-8d17-b3decf59c0d9
https://html5.gamedistribution.com/ Frame E6A2 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/924a3b67-aaf3-47cc-8d17-b3decf59c0d9
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cf0ffb98a32729058f83b6e6c08e2e7458f5fb97a3d41ee805b191719011e521

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1378
Content-Type
image/png
75a8a1bd-8bf7-4eaf-9c08-9f207c1ccf00
https://html5.gamedistribution.com/ Frame E6A2 		516 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/75a8a1bd-8bf7-4eaf-9c08-9f207c1ccf00
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0838a90416fc3e1fc9b03d679cbae4458d627119d95d6d10e26b155e16b7b17a

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
516
Content-Type
image/png
785b3df1-9fdb-4e57-a650-e0d3a25622c3
https://html5.gamedistribution.com/ Frame E6A2 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/785b3df1-9fdb-4e57-a650-e0d3a25622c3
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
327c6d6d6fedd96c190a0ad7bf7c9c59ff7bd38bb246c101c15713eeff60aae0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
6184
Content-Type
image/png
12dfd7a4-9919-4e0e-8396-826533c8ffef
https://html5.gamedistribution.com/ Frame E6A2 		1015 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/12dfd7a4-9919-4e0e-8396-826533c8ffef
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ec59969056e6ed0f661daed01453e8690dcb5bef6135f58994cbbde7483ce813

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1015
Content-Type
image/png
53d5f396-91b7-4080-a074-28678f15b41d
https://html5.gamedistribution.com/ Frame E6A2 		905 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/53d5f396-91b7-4080-a074-28678f15b41d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d3be908514603b6d40c489a9658ef882f6f756b97377aef5e24f5dc8e96b9328

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
905
Content-Type
image/png
7e28d794-64b1-423c-b556-e6545d6c13d3
https://html5.gamedistribution.com/ Frame E6A2 		22 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/7e28d794-64b1-423c-b556-e6545d6c13d3
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
49db6141b2c6a946efecb340bbbbf3648f78c5ef34fcf66255619c0b50cf5be7

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
22649
Content-Type
image/png
825edf38-56b3-4221-a10a-e2cae0815df4
https://html5.gamedistribution.com/ Frame E6A2 		22 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/825edf38-56b3-4221-a10a-e2cae0815df4
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c10d3dd5cbad71065d28118d060e660877892ec3d8eff3e2f94e3371814cd54

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
22857
Content-Type
image/png
2f6ebbbb-c11a-45bb-b709-347bd83cd7de
https://html5.gamedistribution.com/ Frame E6A2 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/2f6ebbbb-c11a-45bb-b709-347bd83cd7de
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fd90bc961c819aae542acd724a90ef805b1f0a57991c8e37db6b9d677aae7634

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1899
Content-Type
image/png
ad7ab3b4-b3d4-4121-82cc-00c6188cdd02
https://html5.gamedistribution.com/ Frame E6A2 		101 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/ad7ab3b4-b3d4-4121-82cc-00c6188cdd02
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
45476301b2259ad412aaba2bfa7ea21b339a4919b0c5ffe0e59dc3d6fd72e01e

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
103044
Content-Type
image/png
allLetters.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/ Frame E6A2 		282 KB
282 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/allLetters.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d9b818bdd46120d20f71b7d5591d39425e633c986d64b25ef9180acd02b748b5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:46:03 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30498
x-amz-server-side-encryption
AES256
etag
"b311f8c90176b660989791bb40a4e1ff"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
288449
x-amz-cf-id
bjxMNoss6z2dj6L4CBEGmIG8UeNPPmdiDtBcVbiWBY6CF79UEoUlJQ==
allLetters.xml
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/ Frame E6A2 		59 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/allLetters.xml
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c877d60d8ad6a37cc1b273651610af98635c0ac51b09bcf0632dc742e2ac751a

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:33:24 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
56851
x-amz-server-side-encryption
AES256
etag
W/"19be6bd02ef409e1a632fe39ab9eb3ea"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/xml
x-amz-cf-id
dvYpQjVvce3M1g1woK5UU2MXTTQ0qQxakzU7zTAApum_XKjOcUch_g==
allLetters.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/ Frame E6A2 		282 KB
282 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/allLetters.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d9b818bdd46120d20f71b7d5591d39425e633c986d64b25ef9180acd02b748b5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:46:03 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30498
x-amz-server-side-encryption
AES256
etag
"b311f8c90176b660989791bb40a4e1ff"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
288449
x-amz-cf-id
cln-mzTQaApem1KBaHb_0lWJQs8IMjaSTrHTcseGWvANPNb1HEm6OQ==
allLettersSpaced.xml
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/ Frame E6A2 		59 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/bitmapFont/allLetters/allLettersSpaced.xml
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
41e76977ba4a13e2fce0bb3a7601400871b78503797433cb4c02874ee766bec4

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 07:51:34 GMT
content-encoding
gzip
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
37367
x-amz-server-side-encryption
AES256
etag
W/"a2b2acc9f77f8e28ee3da9a8b61becb6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/xml
x-amz-cf-id
4MtfvYZqHusvDR_3-YikZcMqBFbJ2KurxXd0aH312B_9B1gu6hFARQ==
level_start.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/ Frame E6A2 		28 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/level_start.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a7a1bef3e152fed8de5280d380fc6b7d78bd85cab7b21f2b7fb0f0f8f40d49b4

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 16:48:51 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
5132
x-amz-server-side-encryption
AES256
etag
"f1c6ea618e28ffb15d594b1770786b18"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
28606
x-amz-cf-id
S2aBe8YOns2X5b8nZrQddumrv0SW9Mt3JU5394TjeJlzLQwTSkr40w==
settingsBackground.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/ Frame E6A2 		604 B
974 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/settingsBackground.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c342d254f9c6b527e13f987aaff45efa6945f31a8f10ddcfbbd110b4ad4e88

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:01:09 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
22392
x-amz-server-side-encryption
AES256
etag
"e5bbaaee2b3914bc77813972e87ac308"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
604
x-amz-cf-id
7oYfgcGnMoFSH4_em3Q52zmO5FU1NynvXnduZi1EBqPnDU2yZSsJdA==
settingsIcon.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/ Frame E6A2 		575 B
946 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/settingsIcon.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c65a3178ce5d50e7ae192ca5ddaf928e14653b343ec1548e9dca0428c6e470fc

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:08 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46762
x-amz-server-side-encryption
AES256
etag
"c73fc3ee683f881e88ede4f7c0322913"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
575
x-amz-cf-id
MXmhXp3jWqegNRxSPIC1ZqVEf3CoY1WwztjXETbm_6S3fBOeWzSWtQ==
gem_collect.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/ Frame E6A2 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/gem_collect.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b810b79afc1d7f88bd046f3e61cad81ce27cd38523c374aba2b20b7afd10f3f8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:45:36 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30525
x-amz-server-side-encryption
AES256
etag
"a2db4542f8f16961740ad092fd1ed34e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
3224
x-amz-cf-id
vWrecfQ8qb24hvmb-EszFTaWfSvGbt5s3CmDPfsHdnVcYXiFNZkDaQ==
whiteBg.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/ Frame E6A2 		546 B
916 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/whiteBg.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e43fc8593a253ab1934637090c185357a3f0ef84e5c59b417b695bcdada0f4d2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:01:28 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
22392
x-amz-server-side-encryption
AES256
etag
"c74a3024432ea50b85eb5c8674e551da"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
546
x-amz-cf-id
ecqtPJPRnjlu9AkfWZ8Gu-QoZKAIg1wGDfYug296uy3hgnzWwM7FQA==
background.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/ Frame E6A2 		29 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/background.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6bb69b415e42d2e350095981feaba2984da02076cfdb1290bfb3d328798e2c8d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:00:04 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
922
x-amz-server-side-encryption
AES256
etag
"5a70eb68d6bde9a5e550e164923d71f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
29360
x-amz-cf-id
FqTPI-6x9pGHiVsdqtJGt75lj9bl9TvQX4SBBckHb1-tJ1956rWa0A==
bgBird.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/bgBird/ Frame E6A2 		29 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/bgBird/bgBird.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
070b47ee4fd242bb1dd8447e150ae83b6454adf89c8fdd08088e2bff6d8cec61

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"92f9530d3cda6e3f0c6117a8195c4cbe"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
29755
x-amz-cf-id
zeNbbdFn1Z4U1DQ4fShbivh-kWmdeGSwLzBQ0pFR6SLvUlfL3YddkQ==
bgBird.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/bgBird/ Frame E6A2 		5 KB
689 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/bgBird/bgBird.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f94c318621cb28a1d2c4b46ebc98ced5022fc3a3c871e4fb04f1c9752ddde5a0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:45:09 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
52295
x-amz-server-side-encryption
AES256
etag
W/"1fe3c7bf03be17a829c7b3f835cb82bc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
EymwWrocGhf_uqhBP7RCtHT7r8ccmuMQvZQ26VPBv2MiWJKn20MVbg==
mainMenuBg.jpg
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/ Frame E6A2 		166 KB
166 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/mainMenu/mainMenuBg.jpg
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20c53611aaf88eaaafac78f24d195d23911905026def6113ce500f49aa9f64bb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"e4986a7098924ff0303bdd8c317900b7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
169854
x-amz-cf-id
1TF72e2q10ef6Jqt2RnThmifSryr3B8couP7_btXNCiJrB2nRON6ZA==
particle.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/ Frame E6A2 		330 B
702 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/particle.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ed8f51a02e39a24a9cea2ca4b459fba827212322c00f15525dc1379f3b47a3ea

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 07:33:05 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
38476
x-amz-server-side-encryption
AES256
etag
"d1666a850881ffbf7bc663452f98a2b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
330
x-amz-cf-id
zwVUNHw4dQqJ4gqUBuMCG1OrfKff42GRZaW8UTYZe8-5HJc3b8YJ1Q==
SliceA.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/ Frame E6A2 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/SliceA.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4b3a376b59ce32d35645ee8814802f252093eb2abf04d6cac7fb8ad1fe7676c6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:01:23 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
22378
x-amz-server-side-encryption
AES256
etag
"f94c3b1d3251bdc660296706a562fe68"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
5818
x-amz-cf-id
19VR2hRPKUNODa3SBElC_fOFu-v_7QxP0sPMVXlQZwrQa8fU0HokzQ==
SliceB.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/ Frame E6A2 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/SliceB.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e892bd5342b7801457391691156a04e2567e08a6f5f5bc4c4889b1175480e104

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:25:52 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
49709
x-amz-server-side-encryption
AES256
etag
"61a1c23e89ebf075aa4363f6d8a1d9c3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4541
x-amz-cf-id
NLjMD2u4pWPR6HKP1bJsEkU1Zi4obg7MGcvRl693HDQWT5x_XOQOyg==
SliceC.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/ Frame E6A2 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/SliceC.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2aeddc6156d50347d79fd1ddb2231aed83d3acf84d976b50eb83f4713b049a92

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 16:48:51 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
5132
x-amz-server-side-encryption
AES256
etag
"ca5ce37c0089423bd4d833f61831b8b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
5059
x-amz-cf-id
bWK8b6q5vvQJQNz42VSMz-ISSdR37udLjtQhL17whNrxkJIuZlBpig==
SliceD.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/ Frame E6A2 		5 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/SliceD.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
094a4d627fb5d8acbf50d4f42a0eeb6228957900c66410d62b3df21971646e80

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:46:03 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30498
x-amz-server-side-encryption
AES256
etag
"1fa68d841442f924645610f17a31e17e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
5541
x-amz-cf-id
RWb1QRtF3fNE5sGOFk8BwinmF5dwqxznGiSJFrd_HIBKoQzKXIy9eA==
SliceE.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/ Frame E6A2 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/SliceE.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27e2e94d1bad737f0c63daf3dac4c19caab7f10b3eb97e8222f94b9af46a91b7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:08 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46762
x-amz-server-side-encryption
AES256
etag
"1185472e2457c95276aa5615e849f45f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4369
x-amz-cf-id
3BUM8-rhGcnf-eYVUOcU0MM9tqVgbb4fFLxvm198AQXGb42nXKK9tA==
SliceF.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/ Frame E6A2 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/ClosingSliceBackgrounds/SliceF.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2e62cd951686c0abc1cbcd7ef6b3ebc2406c914bba8299c3947ec3911379099

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:10:26 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
57911
x-amz-server-side-encryption
AES256
etag
"7531ff98819778c20dd06d0446603e69"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
5215
x-amz-cf-id
Xg0gbCZo7aZk6bvEMJFmc50I6P1bagpLXyy1w6md7gcZyLfG0131Cg==
standart_spin_slice_img.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceEffects/ Frame E6A2 		13 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceEffects/standart_spin_slice_img.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3a5235cc38138c3ddc64dc84b9003fd6170e39add20d9fa7c34c36c6cc043854

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:36:55 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
20254
x-amz-server-side-encryption
AES256
etag
"1ace649f2dad7a34453231076b1dc640"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
13685
x-amz-cf-id
LUdoiDv6qhAnmqO4Mr2eekR4EQltaaH4L4kJNiAG8XBECp9FjWaNHQ==
standart_spin_slice_glow_img.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceEffects/ Frame E6A2 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceEffects/standart_spin_slice_glow_img.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fa2369c4c319e0ecf228571ee7377f4d9911b8fca09f1b5eff12b2690aa340d7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53740
x-amz-server-side-encryption
AES256
etag
"184506b48c9fd0d4edf0fdb5a2a4d9e3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
6979
x-amz-cf-id
pfOHh9tax9zLn8BJCV9W7V-j8bEDR5cjBTbi33kCQ_PFuD3rxVywJQ==
CFXM3_T_GlowStar.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceItems/ Frame E6A2 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceItems/CFXM3_T_GlowStar.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c9bdd9313ffaf6f9b8afd8aa7182852af6557d7d9916ada161dd58f6c9af15e2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 16:48:51 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
5132
x-amz-server-side-encryption
AES256
etag
"f5f974db6a9a790bc2ca0423f2ec8bb1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1043
x-amz-cf-id
qCSkLf_udAZR5sw3JCVyjLpO8xn1eAoxbdzFqzlYVIT0NPaBV0MGNA==
Gem.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceItems/ Frame E6A2 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceItems/Gem.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a27cb364b78f8e64593a2196580f84d2d06ff25538bf77f07629f9e033474051

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 11:10:23 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
25438
x-amz-server-side-encryption
AES256
etag
"d1937a14f1680082e246df2c6c7f123f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
5170
x-amz-cf-id
FRgV0xfQy4xN8XIJnG6Ngm2bz8l5Fdu2yXXWHDN58lLR0JhLp5iAZQ==
lighting_icon_img.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceItems/ Frame E6A2 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/Slices/SliceItems/lighting_icon_img.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1c4cb242f0a28257f1675fe096b19b94869b912cb47c3d4371178bb8033dd90

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:46:03 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30498
x-amz-server-side-encryption
AES256
etag
"7133f61fa3d3d32cd1bfeae1c4bf7282"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
3435
x-amz-cf-id
cQ7rGx2ynz2ao-lD5rDlGOlH2vlTqTC6A58IqgajKKS9Axs-dyITJg==
9SlicedButtonWhite-sqr-2.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		11 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/9SlicedButtonWhite-sqr-2.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a8d7806d30891af771cd4b2f6a0abac0f48745cfb46883adcbf065457c6e15a5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53739
x-amz-server-side-encryption
AES256
etag
"4e4eae9f792d0c2c331e677c190de9b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
10820
x-amz-cf-id
GZgDRLpgTVm1T7AEr3mwCXb_iSfizdzX5Mu-oZP6fvmvMORY4Mjr7w==
buttonFrame.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/buttonFrame.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8d90defdf0d8335c4513a8118bfe2c478075f8c25e15264b4af9c43c1e8912b9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53739
x-amz-server-side-encryption
AES256
etag
"c52f8f39ffbb347181d3ca8f73ce7c10"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
5031
x-amz-cf-id
8JZc8aMhGNnwG8u5nQzn0APMJk4hA1pWW0Rz1Kl8ZSaNWll0mB8jpg==
mid_table.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		14 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/mid_table.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
33508bbb19f0b319f64b1c90e719e76101ff80e7acd25d6322b74131881e7aad

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53739
x-amz-server-side-encryption
AES256
etag
"2a964c994c55efe1869373e7bd5e521a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
14379
x-amz-cf-id
ayndZWirwC8FVRh4MbX-hrUloiPdUKqC9_EXZjg9i3WaSfGvIb29MQ==
container.html
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 296D 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:19 GMT
expires
Tue, 03 Dec 2024 18:14:19 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
3ee4e973-a17f-45ad-a013-fd5477957056
https://html5.gamedistribution.com/ Frame E6A2 		83 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/3ee4e973-a17f-45ad-a013-fd5477957056
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
18736d6de6f0567cd51a5b08165616d08a7b79e5b4ddf97ec2e04dd1851ddc3a

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
84511
Content-Type
image/png
619a84f0-1baa-4a66-85e0-3057d2231f2a
https://html5.gamedistribution.com/ Frame E6A2 		36 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/619a84f0-1baa-4a66-85e0-3057d2231f2a
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d48aad4e106f298f502e60ad78640c55965a9a151e13f4ffaf92a692ce204d73

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
36951
Content-Type
image/png
81fbda1a-5428-4235-bdf2-599dbbc4e255
https://html5.gamedistribution.com/ Frame E6A2 		111 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/81fbda1a-5428-4235-bdf2-599dbbc4e255
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c5e9b6a06e5a3e76a98daffe9dfc99429a800bd01edf9dd5352fa9940bbb2830

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
113948
Content-Type
image/png
2477b945-e4a5-49eb-b68f-7baae734f134
https://html5.gamedistribution.com/ Frame E6A2 		45 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/2477b945-e4a5-49eb-b68f-7baae734f134
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
17d42888aadff6e5a91199b3103cc8cf654bcb971c47e60bb965f07b7a1cbcf0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
45703
Content-Type
image/png
middle_pin_top_circle.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/middle_pin_top_circle.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5ee6bdb586691f0f33e190d32d77426e95e0a1b98728c09970a0baab3b548be

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:46:03 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30498
x-amz-server-side-encryption
AES256
etag
"7c3bb1f8107543ebe7f0967f3099be16"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4102
x-amz-cf-id
lnT68h3q_NQ4ri7tpP-uJ9Mo1wiCnVviMGT36Ar5B-6nzEnNWmnd0w==
middle_pin.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		11 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/middle_pin.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cda418d2e3272afa1482d2cf5b393eda0f131da66afb083caea72860d1239bb9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53739
x-amz-server-side-encryption
AES256
etag
"59180a22d2447214f3eedabfc6b774bd"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
11207
x-amz-cf-id
5xw46lO30FMwH3qDgo1fm4d3a2gvYQJoUVX5Ff36KK0weJSkz2amZQ==
slice_stroke.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/slice_stroke.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8ff319462462e5748804a866c2deb70bfa6d660d1db8fa1f2dbd9fbaac1d2ec6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 01:03:49 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
61832
x-amz-server-side-encryption
AES256
etag
"f0fb2a8b424a8fa4a2d83dc52d510b0e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
6621
x-amz-cf-id
R8SSK8RzoNNz1Xz4hQXRnaXby-wUmEY1jE-AQ5I8atN6gUBYQNhoXw==
spin_frame_lamp_img.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/spin_frame_lamp_img.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6464c0f03f85894296249e6b72b4336f0596e50aebd6cf06a1098b2fae7f764e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:33 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53748
x-amz-server-side-encryption
AES256
etag
"d8dc5495a97452795710a90023b06123"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
2382
x-amz-cf-id
MwVLvq2jHo_OUaduhSvhRAvc8Ej7HHvzlMdj2dylrGdR6ifdeKQ0Hg==
spin_frame.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		27 KB
27 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/spin_frame.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b5e64dd26272ff0faef8d484c89acbb7596d142df55d6079f2d18dc5b8a7b89

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 11:10:20 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
25441
x-amz-server-side-encryption
AES256
etag
"8c142ea690ade67b1ab4c3b8737bf83a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
27525
x-amz-cf-id
Ov2qWYIWss31UTle0gDNzdrHFIK-oibXl0LfDm-k-ym4SR0cJBnJoQ==
spin_number_active.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/spin_number_active.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c57bf25d597d1ff1383341c78e43db9993e76d2e1dbbe123a7a2089fa2f7264b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:33 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53748
x-amz-server-side-encryption
AES256
etag
"7c0f72b836dac0106d3e15d96a05aeea"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1969
x-amz-cf-id
SpV1KEEiA0hNGmy0jZL61dBFSx-vnfKbamRiA2oTN9j_4zprZ2B7dA==
spin_number_passive.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		708 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/spin_number_passive.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
89cbd52d4e9254d818f204220fd31473d0b9f187b2a287013c488a25ab948935

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:43 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53739
x-amz-server-side-encryption
AES256
etag
"cb6368bc7b034c4a6e54323781b181b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
708
x-amz-cf-id
0ZowDT3CmtHscQ_bqFJDHyv_IixCKWzceklrnK28UX8nvbRYAgVS9g==
spin-bg.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/ Frame E6A2 		21 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/spin-bg.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e004085a05c3ac823c8da76194524817cf6eee449cfedafe7bfab2eb8593bced

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:40:59 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
27202
x-amz-server-side-encryption
AES256
etag
"fe3eb9faefe6e8cd47f3862bacd02867"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
21117
x-amz-cf-id
c-hGDdu1YSRKsD-cI06GrXhEsgVK3Df_95Zrju884i3fKV1jjyla-Q==
2211d98f14280fca024a86e7adbd05f806883d3b.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/2211d98f14280fca024a86e7adbd05f806883d3b.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
f08710239fafe93e1ac7473157fafed2f5f67b52.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/f08710239fafe93e1ac7473157fafed2f5f67b52.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
4e2a0736be542cc317dd0a24045514274acce5e0.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/4e2a0736be542cc317dd0a24045514274acce5e0.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
154eefd29deac1603176338d45eeedad767e78e0.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/154eefd29deac1603176338d45eeedad767e78e0.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
c1c7aadb94046f5252b115228353ed7631fc22fb.image
comment.youmaker.com/api/v1/avatar/ Frame 1ED7 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comment.youmaker.com/api/v1/avatar/c1c7aadb94046f5252b115228353ed7631fc22fb.image?site=remark
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.33.89 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
89.33.120.34.bc.googleusercontent.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://comment.youmaker.com/web/v3/?host=https://comment.youmaker.com&theme=epochfun&site_id=remark&url=theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287&url_id=5491287&group=&provider=youmaker&token=&page_title=Words%20of%20Wonders
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

app-version
0.1.2
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:20 GMT
via
1.1 google
server
nginx/1.20.1
author
EMG
etag
""
app-name
remark
cache-control
max-age=604800
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
GlassTable.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/WheelInactive/ Frame E6A2 		13 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/WheelInactive/GlassTable.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7a50549f0d7b3fa3516aed9a9a6ae5983cdc801dfb28eaad88a9eda8b245406d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:51:27 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30498
x-amz-server-side-encryption
AES256
etag
"4669174770e39f40bcf42b5acfdf3250"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
13009
x-amz-cf-id
dRQVC6dWsbxctBRVWrA-T4q3QOviHo6OOH14S_cb1Cqm6FToQZgjLw==
GlassTableLight.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/WheelInactive/ Frame E6A2 		18 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/WheelBase/WheelInactive/GlassTableLight.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8449865d1ef6cc1de67cf30036c1a7e5de5e7be65056ae60688796ef2e4dc521

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:55:04 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
55184
x-amz-server-side-encryption
AES256
etag
"8ba83db263c0fdd261171dae269bf112"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
18940
x-amz-cf-id
-4REfn1hMIYVMUrh4lc22soXS61K2vEQKJbOmazszF99R4lcb3f1Xw==
grumi.js
rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/ Frame 296D 		222 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:b000:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9587db6cfe0632c077c8849bcaaf521ba002b3ed7a42a09083e96aca3f984885

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:35:43 GMT
content-encoding
br
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
last-modified
Mon, 04 Dec 2023 17:32:43 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P2
age
2318
etag
W/"3f6a4a6a9b97451adeeec3493674b22a"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-cf-id
bQ30pIzgwUbgrh4GPNGg4Ic37_OTjV6FnNYTAIxgTRqVzH78045N5g==
1085a3ab-fd6d-4905-b145-8d4f98710171
https://html5.gamedistribution.com/ Frame E6A2 		282 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/1085a3ab-fd6d-4905-b145-8d4f98710171
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9b818bdd46120d20f71b7d5591d39425e633c986d64b25ef9180acd02b748b5

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
288449
Content-Type
image/png
lightning.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/ Frame E6A2 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/lightning.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5464bc9da4917e6ae367325f6efab65b790ca2970f129a561ff67f81a0cf60e8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 01:03:49 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
61832
x-amz-server-side-encryption
AES256
etag
"9d551fc36e7b7e70363c57c5486e8612"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1535
x-amz-cf-id
9YNqxHMFyyEycomTsPi3HrNafXO33xklxBMfXyKZjH4FMFdRN5p-Sw==
d49310a8-e337-46f9-b7f3-1ab1b6880627
https://html5.gamedistribution.com/ Frame E6A2 		282 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/d49310a8-e337-46f9-b7f3-1ab1b6880627
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9b818bdd46120d20f71b7d5591d39425e633c986d64b25ef9180acd02b748b5

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
288449
Content-Type
image/png
133f78c3-9664-442a-a475-48e578cb72b6
https://html5.gamedistribution.com/ Frame E6A2 		575 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/133f78c3-9664-442a-a475-48e578cb72b6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c65a3178ce5d50e7ae192ca5ddaf928e14653b343ec1548e9dca0428c6e470fc

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
575
Content-Type
image/png
80d80e21-1387-411e-beba-cba3425cf205
https://html5.gamedistribution.com/ Frame E6A2 		546 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/80d80e21-1387-411e-beba-cba3425cf205
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e43fc8593a253ab1934637090c185357a3f0ef84e5c59b417b695bcdada0f4d2

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
546
Content-Type
image/png
65618cd0-5a2b-4d53-943f-3eeb56d983e6
https://html5.gamedistribution.com/ Frame E6A2 		29 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/65618cd0-5a2b-4d53-943f-3eeb56d983e6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
070b47ee4fd242bb1dd8447e150ae83b6454adf89c8fdd08088e2bff6d8cec61

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
29755
Content-Type
image/png
70fb706e-1d81-4dd9-a864-63610450b77f
https://html5.gamedistribution.com/ Frame E6A2 		166 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/70fb706e-1d81-4dd9-a864-63610450b77f
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
20c53611aaf88eaaafac78f24d195d23911905026def6113ce500f49aa9f64bb

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
169854
Content-Type
image/jpeg
de10c88a-69e5-4f2c-a1b0-84718725db6f
https://html5.gamedistribution.com/ Frame E6A2 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/de10c88a-69e5-4f2c-a1b0-84718725db6f
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed8f51a02e39a24a9cea2ca4b459fba827212322c00f15525dc1379f3b47a3ea

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
330
Content-Type
image/png
d60cf241-679b-417c-8b85-0510f30e10fc
https://html5.gamedistribution.com/ Frame E6A2 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/d60cf241-679b-417c-8b85-0510f30e10fc
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4b3a376b59ce32d35645ee8814802f252093eb2abf04d6cac7fb8ad1fe7676c6

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
5818
Content-Type
image/png
a121723c-9351-4434-9daf-a7228878314d
https://html5.gamedistribution.com/ Frame E6A2 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/a121723c-9351-4434-9daf-a7228878314d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
094a4d627fb5d8acbf50d4f42a0eeb6228957900c66410d62b3df21971646e80

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
5541
Content-Type
image/png
0574ed55-c6b0-460f-828f-392776fdf2b1
https://html5.gamedistribution.com/ Frame E6A2 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/0574ed55-c6b0-460f-828f-392776fdf2b1
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa2369c4c319e0ecf228571ee7377f4d9911b8fca09f1b5eff12b2690aa340d7

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
6979
Content-Type
image/png
b2c28e83-78a2-4319-b0d3-1b013b4c5776
https://html5.gamedistribution.com/ Frame E6A2 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/b2c28e83-78a2-4319-b0d3-1b013b4c5776
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27e2e94d1bad737f0c63daf3dac4c19caab7f10b3eb97e8222f94b9af46a91b7

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
4369
Content-Type
image/png
f6bcd177-26d1-4af6-8ea5-6c9b3894a412
https://html5.gamedistribution.com/ Frame E6A2 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/f6bcd177-26d1-4af6-8ea5-6c9b3894a412
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2e62cd951686c0abc1cbcd7ef6b3ebc2406c914bba8299c3947ec3911379099

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
5215
Content-Type
image/png
eef51fbb-f161-4dd6-8cd7-0e221ae281d6
https://html5.gamedistribution.com/ Frame E6A2 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/eef51fbb-f161-4dd6-8cd7-0e221ae281d6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c9bdd9313ffaf6f9b8afd8aa7182852af6557d7d9916ada161dd58f6c9af15e2

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1043
Content-Type
image/png
7d38afce-2190-468e-806a-f4ea5aa5d008
https://html5.gamedistribution.com/ Frame E6A2 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/7d38afce-2190-468e-806a-f4ea5aa5d008
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d90defdf0d8335c4513a8118bfe2c478075f8c25e15264b4af9c43c1e8912b9

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
5031
Content-Type
image/png
cdf3b1fa-57a6-447f-b24b-a18d05ea77ae
https://html5.gamedistribution.com/ Frame E6A2 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/cdf3b1fa-57a6-447f-b24b-a18d05ea77ae
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d1c4cb242f0a28257f1675fe096b19b94869b912cb47c3d4371178bb8033dd90

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
3435
Content-Type
image/png
9d59979f-f919-488b-8c32-216404694845
https://html5.gamedistribution.com/ Frame E6A2 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/9d59979f-f919-488b-8c32-216404694845
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
33508bbb19f0b319f64b1c90e719e76101ff80e7acd25d6322b74131881e7aad

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
14379
Content-Type
image/png
653cdac8-220a-4957-94f5-293f36ac6253
https://html5.gamedistribution.com/ Frame E6A2 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/653cdac8-220a-4957-94f5-293f36ac6253
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a5235cc38138c3ddc64dc84b9003fd6170e39add20d9fa7c34c36c6cc043854

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
13685
Content-Type
image/png
af59e6b7-54a5-4c22-84b0-069dc12b007b
https://html5.gamedistribution.com/ Frame E6A2 		604 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/af59e6b7-54a5-4c22-84b0-069dc12b007b
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2c342d254f9c6b527e13f987aaff45efa6945f31a8f10ddcfbbd110b4ad4e88

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
604
Content-Type
image/png
c02fe185-11df-4817-8621-6bf4f6de4462
https://html5.gamedistribution.com/ Frame E6A2 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/c02fe185-11df-4817-8621-6bf4f6de4462
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e892bd5342b7801457391691156a04e2567e08a6f5f5bc4c4889b1175480e104

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
4541
Content-Type
image/png
b9c63894-2b98-496c-81cf-d3312f2abc61
https://html5.gamedistribution.com/ Frame E6A2 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/b9c63894-2b98-496c-81cf-d3312f2abc61
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a27cb364b78f8e64593a2196580f84d2d06ff25538bf77f07629f9e033474051

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
5170
Content-Type
image/png
25dbf976-a15f-4aa3-8dfa-adb79c50c2a7
https://html5.gamedistribution.com/ Frame E6A2 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/25dbf976-a15f-4aa3-8dfa-adb79c50c2a7
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2aeddc6156d50347d79fd1ddb2231aed83d3acf84d976b50eb83f4713b049a92

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
5059
Content-Type
image/png
9cd1bbfa-71e4-4cb4-9191-be30b6c52c91
https://html5.gamedistribution.com/ Frame E6A2 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/9cd1bbfa-71e4-4cb4-9191-be30b6c52c91
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a8d7806d30891af771cd4b2f6a0abac0f48745cfb46883adcbf065457c6e15a5

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
10820
Content-Type
image/png
d081c3cb-f81c-48e8-bc30-8d7e5098cbd5
https://html5.gamedistribution.com/ Frame E6A2 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/d081c3cb-f81c-48e8-bc30-8d7e5098cbd5
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5ee6bdb586691f0f33e190d32d77426e95e0a1b98728c09970a0baab3b548be

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
4102
Content-Type
image/png
2a31c689-436a-41be-bacd-f89b64f1b784
https://html5.gamedistribution.com/ Frame E6A2 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/2a31c689-436a-41be-bacd-f89b64f1b784
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ff319462462e5748804a866c2deb70bfa6d660d1db8fa1f2dbd9fbaac1d2ec6

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
6621
Content-Type
image/png
279ec4da-2376-4053-b83c-d6c123ca437e
https://html5.gamedistribution.com/ Frame E6A2 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/279ec4da-2376-4053-b83c-d6c123ca437e
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cda418d2e3272afa1482d2cf5b393eda0f131da66afb083caea72860d1239bb9

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
11207
Content-Type
image/png
e1304462-f5a8-49e3-86ce-da80d769cab4
https://html5.gamedistribution.com/ Frame E6A2 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/e1304462-f5a8-49e3-86ce-da80d769cab4
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6464c0f03f85894296249e6b72b4336f0596e50aebd6cf06a1098b2fae7f764e

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
2382
Content-Type
image/png
437e765c-96e6-4005-ba66-c886fa2af2e8
https://html5.gamedistribution.com/ Frame E6A2 		27 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/437e765c-96e6-4005-ba66-c886fa2af2e8
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b5e64dd26272ff0faef8d484c89acbb7596d142df55d6079f2d18dc5b8a7b89

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
27525
Content-Type
image/png
8fb9760e-3bad-4861-9d43-1465735781c6
https://html5.gamedistribution.com/ Frame E6A2 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/8fb9760e-3bad-4861-9d43-1465735781c6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c57bf25d597d1ff1383341c78e43db9993e76d2e1dbbe123a7a2089fa2f7264b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1969
Content-Type
image/png
1d84351e-08b2-4a52-b076-b388952eebf4
https://html5.gamedistribution.com/ Frame E6A2 		708 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/1d84351e-08b2-4a52-b076-b388952eebf4
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89cbd52d4e9254d818f204220fd31473d0b9f187b2a287013c488a25ab948935

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
708
Content-Type
image/png
3d6c70da-86b0-47ca-96ff-48dbdcf23ed2
https://html5.gamedistribution.com/ Frame E6A2 		21 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/3d6c70da-86b0-47ca-96ff-48dbdcf23ed2
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e004085a05c3ac823c8da76194524817cf6eee449cfedafe7bfab2eb8593bced

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
21117
Content-Type
image/png
b87fac65-e6ec-41c2-b150-a68feb3a69ac
https://html5.gamedistribution.com/ Frame E6A2 		18 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/b87fac65-e6ec-41c2-b150-a68feb3a69ac
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8449865d1ef6cc1de67cf30036c1a7e5de5e7be65056ae60688796ef2e4dc521

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
18940
Content-Type
image/png
694bb1f3-ad12-4552-8cec-8cfee413dfc9
https://html5.gamedistribution.com/ Frame E6A2 		13 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/694bb1f3-ad12-4552-8cec-8cfee413dfc9
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7a50549f0d7b3fa3516aed9a9a6ae5983cdc801dfb28eaad88a9eda8b245406d

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
13009
Content-Type
image/png
FWImage.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/ Frame E6A2 		14 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/FWImage.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27c46c4957cc16de2e83de20d062795cb910f93b3871447176d3b445e30725fd

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 15:07:47 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
11221
x-amz-server-side-encryption
AES256
etag
"bfb6460fe560120435e49b121920b7b9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
14279
x-amz-cf-id
XgIQYMyKQ8syObbYQZkAeFglw7b3841mTDrBPxHdi1qwFTYEc7orDw==
glow_transition.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/glow_transition/ Frame E6A2 		95 KB
96 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/glow_transition/glow_transition.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e07f062112b1fc1be53c2cbfee962cf154485d2a0a584ba547bcd9a87e9bce82

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 15:07:47 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
11196
x-amz-server-side-encryption
AES256
etag
"03b31332eb53977e3378d9cf5c2389a5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
97334
x-amz-cf-id
7q9dWqOY0Vha03D_i9MBwUz8_75LubCX6w-lZdubynr2xSvq3mr9CQ==
glow_transition.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/glow_transition/ Frame E6A2 		8 KB
750 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/glow_transition/glow_transition.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a8506edb7cecc184215763028665efc4fb10a6e79e257ccd8071638e3994dd09

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:08 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46760
x-amz-server-side-encryption
AES256
etag
W/"3c6c0c7f2437b5ddf1d280a41fb61fa6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
K1u_ufxM_jyCZVQ-RwdbvEUPzvDRf-P7dVmJNGiK1VsuaXUYsOWAlA==
spark1.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark1/ Frame E6A2 		26 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark1/spark1.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7948f4c0710d073e8bdb7b09fe5aba4f6870fddc11355c64afe97110bc5be263

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:01:18 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
22382
x-amz-server-side-encryption
AES256
etag
"b04a9562caab2181b2027aa9cccd7513"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
26599
x-amz-cf-id
OXFUiBH9R4XFZWiR7ekoRWDBm0SQEKzgrMOvL4938o4QdeTQ8UD8dg==
spark1.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark1/ Frame E6A2 		9 KB
764 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark1/spark1.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9749ac28429970b13cc51887791e89b0b46ebd9ad594dde8be2a2cb4b157cbc3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:54:06 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
19215
x-amz-server-side-encryption
AES256
etag
W/"c89f8935f77ce6c1d6cfbbc0cd32f724"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
kBTlWEn0jxcRZdxOpexMnJw1YaaWwnuiwaDlSi4Fw6xPBf8w2g548w==
spark2.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark2/ Frame E6A2 		118 KB
118 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark2/spark2.png
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c841754969611c13572695eda297fa34b9653253dbfbe7eb36b09c109d21cbb6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:34 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53747
x-amz-server-side-encryption
AES256
etag
"be0e2dfc5e1c114d006ee79dff02b875"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
120583
x-amz-cf-id
Hio6puPYeOQRWW-dUvfKDtyEf1XQVmggiKQ1SQilKNYnVlQZzUV1HA==
spark2.json
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark2/ Frame E6A2 		16 KB
862 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/lightning_transition/spark2/spark2.json
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b123ab7c59e84a24066d68a900c06b4cfc5a4fc610a8fe7786561ab27b25ae0b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:19:15 GMT
content-encoding
br
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
3306
x-amz-server-side-encryption
AES256
etag
W/"f4a89800bad1e218d104f9356b35a71c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
x-amz-cf-id
qcMsNKr3siXpukDWxmcNJPbTJwevJWDEmKa9mTuY7EtEC2QZzg5R_w==
click.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ Frame E6A2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/click.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aa43723f128e97f050043ade360d208e66573f60f68b6bf6bddbf941ca1a7a04

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 02:10:27 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
57956
x-amz-server-side-encryption
AES256
etag
"b9c51683f5a8b9cc1bbd85510d2a2e6f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
2120
x-amz-cf-id
FatPq3JK4HLfp7-mgK26WwlutQ7HRVk04ZrMQbshyq4896vHCjMy0Q==
collect_coin.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ Frame E6A2 		7 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/collect_coin.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7f2e2597ce84ed8f63918b9abd72fb84b541a79b76bda3d1098989c73c467040

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 13:26:32 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
17269
x-amz-server-side-encryption
AES256
etag
"7ab75f3fb1b09249fc69ccabce4d46ea"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
7592
x-amz-cf-id
TWtOSbYYGPjk4wWqBy5XG8juQ4Ro18dO3KPsjOhWbFpQZdUAuG6sFA==
spinMorfSound.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ Frame E6A2 		14 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/spinMorfSound.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d07cb50924c569c9929f4538aa8f9e3d743d7060a7d52eee27b5c8bd9bc289c2

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 05:17:08 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
46760
x-amz-server-side-encryption
AES256
etag
"040e6b7ff9374ba153c6837adda48b7c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
14288
x-amz-cf-id
pDM5hpYhGXZCvigTM_3nsm-wpfQLhOhe1OnfwQYEtm_Ct38-3UJbHQ==
ui_coin_new.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ Frame E6A2 		5 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ui_coin_new.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b73141dde425aabe0bf349cb00fbed93333bfe8365da38c04f64b8f02b2339a1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:45:38 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30523
x-amz-server-side-encryption
AES256
etag
"1101d5a250ef517ac0665b7765cf2ddc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
5552
x-amz-cf-id
90nrjX_I_76gHjOL0yA9l2x2jgVbDCHBSq6pcHt6vMtyeCvqGsVvIQ==
wheelelectro.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ Frame E6A2 		18 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/wheelelectro.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c947ca356cf3360b7293e4a3bd903436a1172ca30583bb6f508b4eaaf11024f7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 15:07:48 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
11193
x-amz-server-side-encryption
AES256
etag
"b0721dd3eca7b371698a3af19f942a65"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
18050
x-amz-cf-id
15TBUi49CWC5ut7X_iujkbNurEoAeGBwfkeUl_V21KeMlC7ISCTdRA==
wheelspinclick.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ Frame E6A2 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/wheelspinclick.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab9aee954920fa0a4b86754be3a0d08ae296764d6d019c186db8b305d56b8a0e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 03:18:44 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
53739
x-amz-server-side-encryption
AES256
etag
"c2c1449c4961e02d0edb61280cabea4e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
1597
x-amz-cf-id
ePm1H8NtJgpAi5nyWvMHzeBMdVX7hAcD7fQ6aevbV0Xv7vAn8LzzfQ==
fortuneGoldenGemWon.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/ Frame E6A2 		14 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/fortuneWheel/sounds/fortuneGoldenGemWon.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d28ea63fc087de8bd031ea4c03a5fee77fdc8a287fa99cb31429680d626ac28b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:45:38 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
30523
x-amz-server-side-encryption
AES256
etag
"0d406bf9f0b252d0164de08688ed4240"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
14410
x-amz-cf-id
HefFtdpaxiHY_nERQMyS9PRKw0N_zoO4oGT9ZUtnUZe8kTQ5675rWQ==
spinStandardOpening.mp3
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/ Frame E6A2 		27 KB
27 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/sound/spinStandardOpening.mp3
Requested by
Host: html5.gamedistribution.com
URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
815a40676f7838f69ef86709bf36a6b09972b5a061bea76d2387a085d9afaafe

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 07:33:24 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
38457
x-amz-server-side-encryption
AES256
etag
"d9e6a885fd5b9aed6f87ba464cd33d45"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
audio/mpeg
accept-ranges
bytes
content-length
27696
x-amz-cf-id
lLSQi40cy5VRE9CYVhg7LqFB8aOMyjjvnoFWRhZ-jkdDKJBMFnDBvA==
css
fonts.googleapis.com/ Frame 4BC6 		2 KB
979 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 04 Dec 2023 18:14:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 04 Dec 2023 18:09:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 04 Dec 2023 18:14:20 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4BC6 		604 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Dec 2023 20:40:01 GMT
x-content-type-options
nosniff
age
164059
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
604
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sun, 01 Dec 2024 20:40:01 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame 4BC6 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bbbf189ee0fd46edc91bdc96aeac86c78c35c8d497ecd9a786ef318ccb62e985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 22:46:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
70055
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9189
x-xss-protection
0
server
cafe
etag
14682237860056745894
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 22:46:45 GMT
countdown_handler_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame 4BC6 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/countdown_handler_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a11d44a414371df82d6707e8b10d9a23b47d5b919d26ca752730bd1f1b5b3310
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 21:48:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
73542
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7575
x-xss-protection
0
server
cafe
etag
12715230615049273590
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 21:48:38 GMT
senddata
subsapi.epoch.cloud/db/ 		16 B
326 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://subsapi.epoch.cloud/db/senddata
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/_next/static/chunks/668f0bba-02f16f3e7b11d0d2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RcBpoTV4c9q%2BynN%2BnpFAme83%2BcmnQr%2BWzxRW4MUl5KdkmUDIZ1PrkrQvwtz%2B%2FJK6Ev4XVnlNMp%2FHfj2Jvysteu6DgLCHKrvlge%2B16SoNkut6Tk4cFgV3rRmU3q9BqEzcvgWh1A9Anx6WBT0p2SnrFmYf"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE
access-control-allow-origin
*
content-type
text/plain; charset=utf-8
cf-ray
8306074d8d1e4d43-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
16
alt-svc
h3=":443"; ma=86400
senddata
subsapi.epoch.cloud/db/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://subsapi.epoch.cloud/db/senddata
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE
access-control-allow-origin
*
allow
GET, POST, PUT, DELETE
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8306074cbc194d43-FRA
content-length
0
date
Mon, 04 Dec 2023 18:14:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkbaC370p2xJwfv33RjjmgsAnJu8FjFa9owxKUfH8cNlCP2XgFOcNI6EVay5nOxW%2BYlMbwG9LGjIbvlchjblPT%2BOahWEBXxOPlV8cfoEaTIjJDlKbekqA6H3SxTt6w4r%2BrWKoNoB4sGlvxiKAU4sZwCU"}],"group":"cf-nel","max_age":604800}
server
cloudflare
150bb21e-f32d-4495-992c-e2d8bbf9c8ed
https://html5.gamedistribution.com/ Frame E6A2 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/150bb21e-f32d-4495-992c-e2d8bbf9c8ed
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5464bc9da4917e6ae367325f6efab65b790ca2970f129a561ff67f81a0cf60e8

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1535
Content-Type
image/png
05a690d6-0fc6-4076-8148-f2ad627a8c2e
https://html5.gamedistribution.com/ Frame E6A2 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/05a690d6-0fc6-4076-8148-f2ad627a8c2e
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27c46c4957cc16de2e83de20d062795cb910f93b3871447176d3b445e30725fd

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
14279
Content-Type
image/png
99555204-40ca-47fd-beef-f9271c027c5e
https://html5.gamedistribution.com/ Frame E6A2 		95 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/99555204-40ca-47fd-beef-f9271c027c5e
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e07f062112b1fc1be53c2cbfee962cf154485d2a0a584ba547bcd9a87e9bce82

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
97334
Content-Type
image/png
e723cd49-e5ad-43ef-8621-a33949fc50a9
https://html5.gamedistribution.com/ Frame E6A2 		26 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/e723cd49-e5ad-43ef-8621-a33949fc50a9
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7948f4c0710d073e8bdb7b09fe5aba4f6870fddc11355c64afe97110bc5be263

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
26599
Content-Type
image/png
15cb82aa-dc46-48d3-9ed3-445fcd3b559f
https://html5.gamedistribution.com/ Frame E6A2 		118 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
blob:https://html5.gamedistribution.com/15cb82aa-dc46-48d3-9ed3-445fcd3b559f
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c841754969611c13572695eda297fa34b9653253dbfbe7eb36b09c109d21cbb6

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
120583
Content-Type
image/png
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311280101&jk=1358391148197964&bg=!CwilCEfNAAY3kmNgF5I7ADQBe5WfONE0pMa571GZrK46MKhU2mqAuCWi6IuLOTmWkTHRaVMLzFRd4xEksLo_uzVOo6ozAgAAAFdSAAAAAmgBB5kCxjVxrqCVkNLl8vc-2aCJgQGyTaygF808NjUGwA5GhtredMDBs2CjMmOzzm5yf7KEVb7fDYDqPfu3tCTG8F1C1hvM0ImuppaBtLqpS30TfJpLNmImBqW9GDrB2LKJ2rn_vhAjjmoFjFqotRvVWQm6UbbpsfRfw9U4qICVPoxnHtCdYABCTK1ZuSh-0fJ1FMSzMr5pFzjs0jPFq2baQ9hqXZJH_dTM61hMi1No4uPVeemO7HuRsOeaiWy4K0PU1T40Csgq6gu5E_Gk7QevGr1QvjccCyCyXfrflqIEXJ8wTOwtZjLLS6L1EFGR7hP_m74hnKVDR3J2aFZXvQIyiy1auHIxsecmDGPVNErMN7lnWg_0KM0MmTWPfFMn-z3oibWb3DHAbD-15a7AgC2RMDDmxGNx1Nhhk2UVm_ncbr9s4a3P1iDGg6Ehoe_08oB0K0JUrn1QQ8-j0dUH3ivYD9zIrp8DWQRP69nq93Can00SNAJpVJE_9FKrLfTnu103juOGEj_hD55rhH4hJBQ1zL0j-ZuexSVOeUYGkWh4OJ2RJSKav9ZGVLNEyH53Nrx9QUiGWCrI0qKAOAWRuvjJkpz6LaVmS8IVB2d7ZWfnxsmdr0Ry7SRkMrFKonr1dG7WT0F8w5iSqykjnBO6AFjSoGwCR9Gw-JzszXTjM7Q1LFflkPkh9ZfCrhOlfRRM7o3E4hgyBvlO4anqMM2BQdg7aokv_eGxd2ylS8ehZnhUk0tyAuIYgBq15ezx_3wTHajpVrLxxu20uVZ62TX2rf4GTMReL7q49tvVQErJ4F_NvRvs8ZZ5COCZoK3Wy5cz-oOdGCQntyb_4JKsG_2JvSqxY0bwc0yoKpGFBlJ-M9frczEpi39bpAmlsCk3O9rAobGRfP9RNmGrt5yCCPI5EkIu2GpCiKie38sQOVpdck6A5avKeFmeS9F35mjt
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame D105 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231129&jk=4454287763820610&bg=!_v2l_bLNAAY3kmNgF5I7ADQBe5WfOA4t8hGwnoeFLPw3kYTbyMJh8_LZ7nngKO5mzme5MPK6nnb2OUG2eVeilPLb51luAgAAAERSAAAAAWgBB5kC5YUdtkz1Qw1KpE3frXaVATS2ko9N5_oJzGpEXnaRaz7U7D5Knmmpm7decPr0L2IVdN-09DAM5z8nKQ7qqUK21B-zyUNZa5Uyuzdf6aOPmsGSM9-j56bT4ufQo--rM9HJm8LULHqpPVavWF_RwpKPhQximgjALK5txQj1fpPyaL9l7spsf1zkjJ7Rp-DIWtwvGBwk2QB6NkFZ1W_aHw2imrl5f3lKxROlt4UY5ReOlWdLYXwyuh_TVR5BJSJkM7ULjbNhDV_YIB1QYJOuBGj7qKrnkiXfHD2ayGZdZ-wt0szNYCt8mrhPLcS9_Sm9KaN78rL3G6_PWfZzQFiIKgBB87SFF-XohaEktRQvhKXgrTodaoX7F7cG25IQX8ifidJTCmiY792c3mVanY71Z_uKNq1hblDRcud3AyeJBr1xwyuFX_VrPf8_e4tDvWfh-ltwtP90aXD5qHKJ51YY7YaKhIid4yULPQXEbswsXgUp_2TIZZ8xpk2M53KRfTrpVb7OtIXzaW5t5R1TJUe9-QUWU_KRwJObCVXrL9Vua5LDh-1xAU4n3_Z_iM9uok1xYFm4QMy3EGJbLgwC8d6PuoIt_iDqCqxWOjF34dGnj_VtKWARQ3zYG7LRmjQQCjPVd9mLSMgIqiovfHkhKEBoe_QUtR3w1ImInOs9TvQhjx0Z1zxBv0ZaGxJqvD0FdFLdYN8cPp7y4qypTBIMTDta_xwdfUjaYR3follwaUk85MC3bvXg_SQr5nQY3kyykn7aYNqG0gRMZ7jn2pj2AJzZoypI1OGxW8UGf5LFLaTCsBAQy_LRurteTParK7VYl7aD_kO9WPiUGu5kC1uuLOdkVblq7tvNRbHEk82qE2ZVRlCYY0W9B2ZT_7rocBMGy84uF2oyO7wA4KtcVmO7TY_Capdy6Uny0OacAWPOI7O5qOYtUwxWCX0wlR9cDooIWwlUew1ZfmtxvoadMU2zda6SN4uguttmGesClA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame 3983 		478 B
195 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQt6j7zAIYo6rV5gEwAQ&v=APEucNWd40ThvCMns9q779CLQoaxgFN4w_xXkKiC7X-ua3CCBokgztu7x2U5y8LXEyWyZEeq7bCS7s13VeKSDxA9-A_maEmfLw
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:21 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 296D 		172 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Origin
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 11:48:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23152
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61485
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:43:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Dec 2023 11:48:29 GMT
omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame 296D 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:45:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
30530
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3071
x-xss-protection
0
server
cafe
etag
10674441169935035545
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Dec 2023 09:45:30 GMT
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame 296D 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 22:40:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
70404
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9305
x-xss-protection
0
server
cafe
etag
13635642240219548939
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 22:40:56 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 296D 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
259752
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Nov 2024 18:05:08 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 296D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:45:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
1745
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Dec 2023 17:45:15 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 1288 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
6970
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 16:18:10 GMT
etag
48472445140208031
expires
Tue, 05 Dec 2023 16:18:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 296D 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 20:02:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
79930
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8544
x-xss-protection
0
server
cafe
etag
17124069415086231762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 20:02:10 GMT
l
www.google.com/ads/measurement/ Frame 296D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSSwhs2QdHbMIosSTGyZmHk9EyflBIT7KHsCdhOkfbsLO0S9aZM8YfkkkgSUKqw_TARpmSPlKWdTWge-zWfD-Rx46Ip6A
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 296D 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65067
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1701261208926228"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:21 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 296D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CkZuPjjh-NG89wmdkIag1TDNT65hq2UmIsuMkntFdp79d_u3brJ8lxajrDbvZt3LDmmuhwlLl-NcxWZ32Ttr9M_HJzW-SbQ69lJ1QQEStUPJyHYA4
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
grumi.js
rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/ Frame 3783 		222 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:b000:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0ab00d638ea969f39da82f58bc8724b92bcf747b275cdd90548b818211527616

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:35:29 GMT
x-amz-version-id
AueqzGVqi8TbIIGsmFOlCT2lfUu.z3JY
content-encoding
br
last-modified
Mon, 04 Dec 2023 17:32:43 GMT
server
AmazonS3
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P2
etag
W/"32c6f95e8b517cd9e0006f074acc8a20"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age
2333
x-amz-cf-id
Fg-6APFvLYLmyW41Ge3sqZ0NJTOv2WruyrheH086px4wLsri_9_7jQ==
stf.js
d7d3cf2e81d293050033-3dfc0615b0fd7b49143049256703bfce.ssl.cf1.rackcdn.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d7d3cf2e81d293050033-3dfc0615b0fd7b49143049256703bfce.ssl.cf1.rackcdn.com/stf.js?v=2023-12-04T18
Requested by
Host: services.epoch.cloud
URL: https://services.epoch.cloud/public-labs/epoch-ai/smarto/et_so_utils.js?v=2023-12-04T18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.212.202.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-202-217.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
27d67175ee9fdf263362ffaf194a4244d29c77f3dd277473d018cd2e2f704cbb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:21 GMT
Content-Encoding
gzip
Origin
https://mycloud.rackspace.com
Last-Modified
Thu, 21 Sep 2023 08:44:12 GMT
ETag
0d37391e8a5f279465d0e10237e522ba
Vary
Accept-Encoding
Content-Type
text/javascript
X-Timestamp
1695285851.87047
Cache-Control
public, max-age=254742
Connection
keep-alive
Accept-Ranges
bytes
X-Trans-Id
tx76027340e9164d48b5794-00656e05dbdfw1
Content-Length
4958
Expires
Thu, 07 Dec 2023 17:00:03 GMT
langTick.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/icons-settings/ Frame E6A2 		747 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/icons-settings/langTick.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf6a511ee5602752a6968705fa9c53a5d0a06612fa3770286868339846d945ee

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 19:22:01 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
82341
x-amz-server-side-encryption
AES256
etag
"d13f44c1d89d1b3ac9bde4b3f4118fd1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
747
x-amz-cf-id
o3DXGKTsiQnkpSF9uw6N8Nd6gEjH5Q8708o0n5IPBdsaJRNFbL_6TQ==
CaretDownIcon.png
html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/icons-settings/ Frame E6A2 		323 B
694 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/assets/icons-settings/CaretDownIcon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:c400:5:4275:8dc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
966f73d75c3c4673169d0614ed1be2fc631ec6647f0a44636816186e0e1b37dc

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/index.html?gd_sdk_referrer_url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2F&width=510&height=900&language=es&gdpr-tracking=1&gdpr-targeting=1&gd_zone_config=eyJwYXJlbnRVUkwiOiJodHRwczovL3d3dy50aGVlcG9jaHRpbWVzLmNvbS9lcG9jaGZ1bi93b3Jkcy1vZi13b25kZXJzLWFkLXN1cHBvcnRlZC01NDkxMjg3LyIsInBhcmVudERvbWFpbiI6InRoZWVwb2NodGltZXMuY29tIiwidG9wRG9tYWluIjoidGhlZXBvY2h0aW1lcy5jb20iLCJoYXNJbXByZXNzaW9uIjpmYWxzZSwibG9hZGVyRW5hYmxlZCI6dHJ1ZSwiaG9zdCI6Imh0bWw1LmdhbWVkaXN0cmlidXRpb24uY29tIiwidmVyc2lvbiI6IjEuNS4xNiJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:38:52 GMT
via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 14:42:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
age
20132
x-amz-server-side-encryption
AES256
etag
"4b44a3489f25aca2f064c3b868b64b4a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
323
x-amz-cf-id
wmHS35VE4Fm9xBgizH0Tj8RvnCCMuqB6hfeaFEw23o9YapPOqb23Ig==
css
fonts.googleapis.com/ Frame 0768 		2 KB
775 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 04 Dec 2023 18:08:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 04 Dec 2023 18:14:21 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 0768 		2 KB
822 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 21:48:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
73545
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 21:48:36 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame 0768 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 20:02:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
79931
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9305
x-xss-protection
0
server
cafe
etag
13635642240219548939
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 20:02:10 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 0768 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:45:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
1746
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Dec 2023 17:45:15 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 095C 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
6971
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 16:18:10 GMT
etag
48472445140208031
expires
Tue, 05 Dec 2023 16:18:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 0768 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 20:02:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
79931
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8544
x-xss-protection
0
server
cafe
etag
17124069415086231762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 20:02:10 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 0768 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65067
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1701261208926228"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:21 GMT
7a8419aef3683f04c437bd15cecf843d.js
www.gstatic.com/mysidia/ Frame 0768 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/7a8419aef3683f04c437bd15cecf843d.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Dec 2023 22:31:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
157367
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 19:10:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Fri, 01 Mar 2024 22:31:34 GMT
pixel
cm.g.doubleclick.net/ Frame 3983 		170 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQt6j7zAIYo6rV5gEwAQ&v=APEucNWd40ThvCMns9q779CLQoaxgFN4w_xXkKiC7X-ua3CCBokgztu7x2U5y8LXEyWyZEeq7bCS7s13VeKSDxA9-A_maEmfLw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 3983
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1&C=1
43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQt6j7zAIYo6rV5gEwAQ&v=APEucNWd40ThvCMns9q779CLQoaxgFN4w_xXkKiC7X-ua3CCBokgztu7x2U5y8LXEyWyZEeq7bCS7s13VeKSDxA9-A_maEmfLw
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pe457Ce%2Fmd0lQyvfa5SIeaQHxJzyuXCU1e0QKOk93n8qdZ0iKZiZPY3hhPncaB%2Bo4b6TRQJ5tt0N%2BgQz0JGVSOlnwyaT%2Bnjt0HTEGFw%2Fhla%2B2k5CM1ZozJTzNBtWEaU%2FmMGZ8RbbKczzuA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8306074eefa94d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQAQkkxHrcp%2FOvQsvjBsT5u882q70kFq3DIPdCQFZpVQ3iOr3zi73e813Ptn%2FY5AV9cKrIsgNkW4U0%2BUP%2BGK%2BlnrIsAo2tuRVe3cSKLsunnOQZ716oDCE4T0YwQWKAzNopBW4khH3g5STA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1&C=1
cache-control
no-cache
cf-ray
8306074e88093a3e-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame 3983
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW4W-SAFyxM2N7grS6e6YQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1
43 B
732 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQt6j7zAIYo6rV5gEwAQ&v=APEucNWd40ThvCMns9q779CLQoaxgFN4w_xXkKiC7X-ua3CCBokgztu7x2U5y8LXEyWyZEeq7bCS7s13VeKSDxA9-A_maEmfLw
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePmZCEvdNuIJ7wToGw1IkVxsoPCJhD9jBvqpu8kaINDWIweHY078kag3QYFe8YjIgvRY8N0QRDkzcYm%2Fltz8U%2F3YtWDU80BfP2demOM77WU2P85hXqp6DKqxNQ4IOxx7v0zaAxkHd91mUA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8306074f1fec4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELwJFy2q2bve5dZS3LSjSD0&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css2
fonts.googleapis.com/ Frame FEFE 		4 KB
744 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 04 Dec 2023 16:35:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 04 Dec 2023 18:14:21 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame FEFE 		205 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:58:29 GMT
x-content-type-options
nosniff
age
952
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 03 Dec 2024 17:58:29 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame FEFE 		604 B
669 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Dec 2023 20:40:01 GMT
x-content-type-options
nosniff
age
164060
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
604
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sun, 01 Dec 2024 20:40:01 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame FEFE 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bbbf189ee0fd46edc91bdc96aeac86c78c35c8d497ecd9a786ef318ccb62e985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 22:46:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
70056
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9189
x-xss-protection
0
server
cafe
etag
14682237860056745894
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 22:46:45 GMT
72731
idx.liadm.com/idex/unknown/ 		0
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/unknown/72731?duid=57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt&resolve=md5
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/lc2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.82.17.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-17-205.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
request-time
2
access-control-allow-origin
https://www.theepochtimes.com
cache-control
max-age=3599, private
access-control-allow-credentials
true
trace-id
8fcdecb2d2312a62
expires
Mon, 04 Dec 2023 19:14:21 GMT
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 1288
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKwngGYRXnp3nykPq7lrG04&google_cver=1&google_push=AXcoOmQqU2P9S8R_F2TTWHI_AzpdpKYNfmYoWSezpktXkvb27mmHo4-wdU5NHwr2Go9F0xK1tPgwxgbI1SMokRE0hOiPvXbHjRA
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDE4NTE1MjE1NTkxMjY2NDE0Mg==&gdpr=&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKwngGYRXnp3nykPq7lrG04&google_cver=1
43 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKwngGYRXnp3nykPq7lrG04&google_cver=1
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKwngGYRXnp3nykPq7lrG04&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1288
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEMzFssmdbBW6nTetwDYBKAg&google_cver=1&google_push=AXcoOmQx-IqPopX0BzHud-nkoT5zz9VJMJZS4BbI_Cu7HD1XQC22ewUQ2EYI-APh3T5WEQfFfp_SsMAE2N-KuVAydvxwTe9OdfUQ
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQx-IqPopX0BzHud-nkoT5zz9VJMJZS4BbI_Cu7HD1XQC22ewUQ2EYI-APh3T5WEQfFfp_SsMAE2N-KuVA...
170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQx-IqPopX0BzHud-nkoT5zz9VJMJZS4BbI_Cu7HD1XQC22ewUQ2EYI-APh3T5WEQfFfp_SsMAE2N-KuVAydvxwTe9OdfUQ
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQx-IqPopX0BzHud-nkoT5zz9VJMJZS4BbI_Cu7HD1XQC22ewUQ2EYI-APh3T5WEQfFfp_SsMAE2N-KuVAydvxwTe9OdfUQ
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Sun, 03 Dec 2023 18:14:21 GMT
pixel
cm.g.doubleclick.net/ Frame 1288
Redirect Chain
  • https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESELD8xwO0x_jpjqG0m9IgZm4&google_cver=1&google_push=AXcoOmRUzRTB2RXe2Ytwfv1P0Q_iAEPKVMX8ttFImC_aQpE1oXiJuj37uR-b30KQB37JZBw4KQkeKOCbfLhGV3MRzo...
  • https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTY4ODYwMjcyOTg2Njk2NDgwNTM&google_push=AXcoOmRUzRTB2RXe2Ytwfv1P0Q_iAEPKVMX8ttFImC_aQpE1oXiJuj37uR-b30KQB37JZBw4KQkeKOCbfLhGV3MRzojU...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTY4ODYwMjcyOTg2Njk2NDgwNTM&google_push=AXcoOmRUzRTB2RXe2Ytwfv1P0Q_iAEPKVMX8ttFImC_aQpE1oXiJuj37uR-b30KQB37JZBw4KQkeKOCbfLhGV3MRzojUq7wTRoSt
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTY4ODYwMjcyOTg2Njk2NDgwNTM&google_push=AXcoOmRUzRTB2RXe2Ytwfv1P0Q_iAEPKVMX8ttFImC_aQpE1oXiJuj37uR-b30KQB37JZBw4KQkeKOCbfLhGV3MRzojUq7wTRoSt
Date
Mon, 04 Dec 2023 18:14:21 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 1288
Redirect Chain
  • https://google.partners.tremorhub.com/sync?UIDF=CAESEMHCKeSK8oQuG9jO0zTp-SU&google_cver=1&google_push=AXcoOmR1mcpgwgKRy8NpkJPBSAvY8syMJ6IxoAA7DJl4Os0zhoORQSjlPqP_vcKrnXCGHIO5fL7QssaNbH6aiJPSuyNgXLF...
  • https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=NmVjYjk5OGUwMTRkNGRlYzgxYmViYzYzOGFlYTJjMTg%3D&UIDF=CAESEMHCKeSK8oQuG9jO0zTp-SU&google_cver=1&google_push=AXcoOmR1mcpgwgKRy8NpkJPBSAvY...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=NmVjYjk5OGUwMTRkNGRlYzgxYmViYzYzOGFlYTJjMTg%3D&UIDF=CAESEMHCKeSK8oQuG9jO0zTp-SU&google_cver=1&google_push=AXcoOmR1mcpgwgKRy8NpkJPBSAvY8syMJ6IxoAA7DJl4Os0zhoORQSjlPqP_vcKrnXCGHIO5fL7QssaNbH6aiJPSuyNgXLFdqkk
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tremor&google_hm=NmVjYjk5OGUwMTRkNGRlYzgxYmViYzYzOGFlYTJjMTg%3D&UIDF=CAESEMHCKeSK8oQuG9jO0zTp-SU&google_cver=1&google_push=AXcoOmR1mcpgwgKRy8NpkJPBSAvY8syMJ6IxoAA7DJl4Os0zhoORQSjlPqP_vcKrnXCGHIO5fL7QssaNbH6aiJPSuyNgXLFdqkk
date
Mon, 04 Dec 2023 18:14:21 GMT
server
nginx
content-length
0
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
/
onetag-sys.com/match/ Frame 1288
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJL4yZA79_cIe4ymZBPq9YA&google_cver=1&google_push=AXcoOmSwJxTKVzulxqZ5ERWVJR0nur2uz54U-GiOW4_moDK4m3mi6hCJXnB8odUR5k_T21CmVbHVKWRDpsK...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSwJxTKVzulxqZ5ERWVJR0nur2uz54U-GiOW4_moDK4m3mi6hCJXnB8odUR5k_T21CmVbHVKWRDpsKf1TptztDfBLXaTtvmSQ
  • https://onetag-sys.com/match/?int_id=19&google_error=5
0
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=19&google_error=5
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
255
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1288
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEI3rox4QxwbY6XECj8pGpEs&google_cver=1&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPz...
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESEI3rox4QxwbY6XECj8pGpEs&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPz...
  • https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPzHneqtKb9xT3MKwCRdnltkjX&google_hm=dmkzb2NDeXAzdkdu...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPzHneqtKb9xT3MKwCRdnltkjX&google_hm=dmkzb2NDeXAzdkduaFdjNmpYLXU=
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:21 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AXcoOmT7ZQxqYxACgFHUWGTYFDLxTIj8dfs4TCNZNHX9eMUFRhaWokil2lqoU-Vrlyo6YS_V0KFPzHneqtKb9xT3MKwCRdnltkjX&google_hm=dmkzb2NDeXAzdkduaFdjNmpYLXU=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
240
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1288
Redirect Chain
  • https://csync.loopme.me/?pubid=11537&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_109}&redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dloopme_eb_%26google_hm%3D{viewer_token}&google_...
  • https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&google_cver=1&google_gid=CAESEBsnZ3CC3p6UX9_moExVORs&gdpr_consent=${GDPR_CONSENT_109}&google_...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&google_cver=1&google_gid=CAESEBsnZ3CC3p6UX9_moExVORs&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmT00L4PxiCzjMUy2SgPbwjzhEC5en3YAVSZZZwQq14XqA-y04FOuAGUwAn9loZscoIIGZohH2ltfogWGmVV1GEmnIeLEjRuKw&gdpr=${GDPR}
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=loopme_eb_&google_hm=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&google_cver=1&google_gid=CAESEBsnZ3CC3p6UX9_moExVORs&gdpr_consent=${GDPR_CONSENT_109}&google_push=AXcoOmT00L4PxiCzjMUy2SgPbwjzhEC5en3YAVSZZZwQq14XqA-y04FOuAGUwAn9loZscoIIGZohH2ltfogWGmVV1GEmnIeLEjRuKw&gdpr=${GDPR}
date
Mon, 04 Dec 2023 18:14:21 GMT
server
_
content-length
0
attr
cm.g.doubleclick.net/pixel/ Frame 1288 		0
130 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JYkrKWjsQhPvjqy6N6DGMosporIVmApeXlCr3vceENCjYEZwq9YX-6o1OD1bqDwc79LyO6KGpQ
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
index.html
s0.2mdn.net/sadbundle/17794596359158718273/ Frame 3DA4 		128 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
085d80a6c1fd0431e8e6612e15f88b28a4b79ebfcda1d9f59247403455bf3c74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:21 GMT
expires
Tue, 03 Dec 2024 18:14:21 GMT
last-modified
Fri, 24 Feb 2023 11:06:34 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
truncated
/ Frame 296D 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0b68fe05468bd3287b0c141fd38bae4d34176b570a99c29197c13a37ea3e1989

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
view
googleads4.g.doubleclick.net/pcs/ Frame 296D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv90p_ApL8xG4C-GHDOp3gfjeXv3Nr2hYL0N_Q5BkhyvTGVpIIgfMFzSNK8jIM3hhuzknUmisdBARLySWOpUxrPtzVQl23R8ENjg6aI_My4v_4dNcptpb4T3DVZ5Cpko6YP3rU6M74AF1Gffhtn5Knh-A29gWPZTCHNC1CLagqkRTs5MbYLY7mGGkE3H-amTLSWPA2Y8mJBTb17b97Va0DyCZBXi-cWwq63e6Y2rexwMgJI6WqlibdkP8l4kxenJoZnBXYBYot7ic8NZLvUhq3CqhCB_bJeXHbT7x-VPrspWG_iqldSnkQ3IWLlhumHlfquW2RajAUVWYb7lcOt-3VPBDTMkIRfgwkBiU7cByevXOfzM30LsHWmXSDwgJM3yFcixvgzvLUcG1RDJQUBW1UbzZtHZ1QMnA_vrx2sB8VHNm_Mg2C2t22G9gCq3MzoP2-p0b1Xrw8nW2myup9CGJnDvqqhos6MsJdWu00IG__9KbI-Q1N3VACKgw0Ftm5KPkPgBu8cmUOCBTPnuu6cr5vQH5XChsZnCycY16ZMwTqYKlAsF6y136Rp5Lhta6YmHPgVGHqlrVHOhR7nqMnRUoUhVR_qaahM8oUAlu1z8BPWK5XwRt_CcQSYRve03KTfRjYCG73WouMhJ_KMrrBz9bQdaS8Y-UxHRfGw70trQylL0GV00krHadEJ_Bu46-LqWo3QUpYfmZgvo6bBcY3heTVKumzH_pRjSEtEg-keU8Q7IV51Qjpa8m0IlDXVNO3bfKVD-85pDXPXTa7mFml0bS6wNZRfh8n3_idQqghkgxMfNQP60XrvrSn26c0w3QWmicTofkXwmldX0oUp5xKTdFgTBLvvg76FfWEimNn_gIxx9mAtZw6P01GG4XM1aklwiZZ1SHg_s5kNDSC0RyZI9RkAa-3UCPMqJOnquzG2MTVgYdqrkev6Zo3VxuuHhHDpzkz9Ua-0iOnE6zr8oCkvdbhzqVKdOPRttbmETCOfDf02TSAe_-TrK-xWniucI717PmuNxQFn2PGr0f3iYcq-t6An2Qg4qhk7Q0w0xH2vv6IBxX_x3XIu-nj9n4BB6h4_8VS-XQj4IpTcO5AEC-CBPmEIWQypXALB4V_lfIMkDd9mdcLCfaGnHAUU470WOgFBsZqrzh5lEP4DaoNXOc8zWC2_KSMMXdj1yxBfqQwC7bX_m9IfKbdmyM_nPOGuvHTmCn0Um_ZAwlRNZvIs7o1oyyfMfXUVQGH4yn75oPsGN9cOFotftRgWU8O0_9F7sot9JSuveddSgB6HwcFWUf4peBl5qJAEVrLeguYDuz4stpg_WBWBNfv2bLVY966LJzU3atGxobS1qqa5kn6CP5gPvR-qsY0npACkJ66k9pntSLgkJAuTbnlgN2fed8F_dy6wQl0PLUt8kf25Q-TfoyBhMxyqx2arOFOfhDdad00x6kWzPAd3KezXYhqJlUXmqjTik8-5uY0JGGcXSWenC3Jqstu-7JZyp5CNbQHNg83tX0BdyKQCvg&sai=AMfl-YTIYBj701G5fpC6PjKj7KCpts87-YTPpBbUfcyA6tvJJeGENI0umNkpXzhgeREOL20bwxMkOgGMp8E-6q1FklGceN1KM7uRvi41O6fWOPrM5OhSijSVsyG3vh9g5Eh2tHkqm1QGhUppHNKeBIeNBayNWtxGpizm7g7c_u3InW8AP--Au19ldyyXkb7vmB93CFm_5jlyKw08p4NJoL9oKokx0mhk1QLtRHbTByAESUSNncb_2pspBnbcxDhgQlbeS9N1bpFe-fHwEodBZtPtNA3Gd5JZ8cjw_2AumMl4Ejbe-T9bCvgILGHpDrrplUodJcNOtVuvxJQurF8S9WM5iMLQzqb_4bO-f9SoMv3CrIspJ6dA_xyRGDrkbTxYOnA5hMtd8gUMwp3Bred3TamjkALXuVSa&sig=Cg0ArKJSzFP1rZUUC-B4EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=156&cbvp=1&cstd=148&cisv=r20231129.94988&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012310301456000/ Frame 3783 		196 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 29 Nov 2023 17:10:37 GMT
age
435824
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56081
x-xss-protection
0
server
sffe
etag
"6a17d296884b026a"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 28 Nov 2024 17:10:37 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 3783 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 30 Nov 2023 21:48:00 GMT
age
332781
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5225
x-xss-protection
0
server
sffe
etag
"0b7142e00666043e"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 29 Nov 2024 21:48:00 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 3783 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-analytics-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 02 Dec 2023 01:47:30 GMT
age
232011
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29077
x-xss-protection
0
server
sffe
etag
"7b1f1965b6cd6fda"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 01 Dec 2024 01:47:30 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 3783 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-fit-text-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 01 Dec 2023 22:04:26 GMT
age
245395
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1911
x-xss-protection
0
server
sffe
etag
"5b0a82507b260c6e"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 30 Nov 2024 22:04:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 3783 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012310301456000/v0/amp-form-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sun, 03 Dec 2023 21:52:54 GMT
age
73287
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12952
x-xss-protection
0
server
sffe
etag
"9817e561a46c70fa"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Mon, 02 Dec 2024 21:52:54 GMT
css
fonts.googleapis.com/ Frame 3783 		4 KB
655 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 04 Dec 2023 17:50:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 04 Dec 2023 18:14:21 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3783 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 11:53:15 GMT
x-content-type-options
nosniff
server
cafe
age
22866
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Tue, 05 Dec 2023 11:53:15 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3783 		295 B
321 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:24:32 GMT
x-content-type-options
nosniff
server
cafe
age
2989
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Tue, 05 Dec 2023 17:24:32 GMT
l
www.google.com/ads/measurement/ Frame 3783 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTKlyBHvH34ptuXeIFUNmRqpNQ5pp-_6B9VXsnS8SjYIyC5VpOhAzs4WFTVBK9t4tkz_SeNrsZnGtZLSgXQ0dIbLRJ2Bg
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 3660 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
73545
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 03 Dec 2023 21:48:36 GMT
expires
Mon, 02 Dec 2024 21:48:36 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
i.match
s.tribalfusion.com/z/ Frame 095C
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEJSljpuA-jYS58KUQk-gel0&google_cver=1&google_push=AXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR...
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSljpuA-jYS58KUQk-gel0&google_cver=1&google_push=AXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7...
43 B
418 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSljpuA-jYS58KUQk-gel0&google_cver=1&google_push=AXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol
H2
Server
2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
x-function
302
server
cloudflare
content-type
image/gif; charset=utf-8
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
830607504de018b9-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
x-function
206
server
cloudflare
x-reuse-index
31
content-type
text/html
location
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEJSljpuA-jYS58KUQk-gel0&google_cver=1&google_push=AXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSY_-PZq9ztH9iBlDE6OgVkIaKckkL77e7mToc2KbAYpIT58D65IrSOwbaAVRK3ndKw4fhJO_KZAf1xi1pFF7zNZmDU4f7mR6I5U4JPHmSxaBj7_WkVo7bmoiG0VV2GYWXlMlnf0PBBQyOt8pF3vqia0IY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
8306074efbec18b9-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 095C
Redirect Chain
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESENHYKjsc3tbdIhjVONFZcrY&google_cver=1&google_push=AXcoOmRWY6rDlMeVhbTVU5KtWiojOq5GG2V-qSuXTJQZOE0iWfDwRha21rS_L5lo8JjTZkzJbDVzbOEdEvLeYrOG...
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lKGTYD3QRrQ6R60-t2BRNg&google_push=AXcoOmRWY6rDlMeVhbTVU5KtWiojOq5GG2V-qSuXTJQZOE0iWfDwRha21rS_L5lo8JjTZkzJbDVzbOEdEvLeYrOGzceaFWxO2iLv1u6...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lKGTYD3QRrQ6R60-t2BRNg&google_push=AXcoOmRWY6rDlMeVhbTVU5KtWiojOq5GG2V-qSuXTJQZOE0iWfDwRha21rS_L5lo8JjTZkzJbDVzbOEdEvLeYrOGzceaFWxO2iLv1u6IUZdMGLbayyaL3G376RsosdfIiiHRaanPn52feY9t7YKj-wxJTV9dZlo
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
via
1.1 google
x-engine-version
0.0.0
server
nginx/1.21.6
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=lKGTYD3QRrQ6R60-t2BRNg&google_push=AXcoOmRWY6rDlMeVhbTVU5KtWiojOq5GG2V-qSuXTJQZOE0iWfDwRha21rS_L5lo8JjTZkzJbDVzbOEdEvLeYrOGzceaFWxO2iLv1u6IUZdMGLbayyaL3G376RsosdfIiiHRaanPn52feY9t7YKj-wxJTV9dZlo
x-host
tde-deliveryengine-production-6987bbc57b-v7vhf
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame 095C
Redirect Chain
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=...
  • https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MTA4MGZkNTEtZjJhOC00NWZiLTliNmUtOWRlZjg1MWRmYjJm&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQk...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MTA4MGZkNTEtZjJhOC00NWZiLTliNmUtOWRlZjg1MWRmYjJm&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQkpQO1an2rN0pn45Th4UmA8nnBApNVdkGAnTgWs0757bKGCaURMliCMVPsKdH938TwCqazwfebQIVpoc-EcbSxuj4NGGDYHnAt65J1iRFDxAQtNgGh-S8K-Oqydy9a1l3JYt1OXOmHWkfKyHcLySdFmpk
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MTA4MGZkNTEtZjJhOC00NWZiLTliNmUtOWRlZjg1MWRmYjJm&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQkpQO1an2rN0pn45Th4UmA8nnBApNVdkGAnTgWs0757bKGCaURMliCMVPsKdH938TwCqazwfebQIVpoc-EcbSxuj4NGGDYHnAt65J1iRFDxAQtNgGh-S8K-Oqydy9a1l3JYt1OXOmHWkfKyHcLySdFmpk
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 095C
Redirect Chain
  • https://a.c.appier.net/gcm?google_gid=CAESEABYIyhjev9ohuiz3pPaqBc&google_cver=1&google_push=AXcoOmSKvo1-cIvT3uGfBKamE9FQtP6fKWFIJI36xBzlxrO2Yc30YR418wVPI2mZXfJbRVKj5keSe-0NFUPNniR-pq7s9EELkGdWSlgHS...
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=RU12U3pRejlELW1TSjUtc19SWnVaUQ%3D%3D&google_push=AXcoOmSKvo1-cIvT3uGfBKamE9FQtP6fKWFIJI36xBzlxrO2Yc30YR418wVPI2mZXfJbRVKj5keSe-0NFUPNn...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=RU12U3pRejlELW1TSjUtc19SWnVaUQ%3D%3D&google_push=AXcoOmSKvo1-cIvT3uGfBKamE9FQtP6fKWFIJI36xBzlxrO2Yc30YR418wVPI2mZXfJbRVKj5keSe-0NFUPNniR-pq7s9EELkGdWSlgHSW6yUcC0csObMtOVR35oPzKQorptgBaDdk4xLKUWF63GzCBScXVyEB0
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
nginx
accept-ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=RU12U3pRejlELW1TSjUtc19SWnVaUQ%3D%3D&google_push=AXcoOmSKvo1-cIvT3uGfBKamE9FQtP6fKWFIJI36xBzlxrO2Yc30YR418wVPI2mZXfJbRVKj5keSe-0NFUPNniR-pq7s9EELkGdWSlgHSW6yUcC0csObMtOVR35oPzKQorptgBaDdk4xLKUWF63GzCBScXVyEB0
content-type
text/html; charset=utf-8
cache-control
no-store
content-length
302
pixel
cm.g.doubleclick.net/ Frame 095C
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_cver=1&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5PjUHRuYfCK4jR8wa5HnRcvp6T_cVy_ugpPsdyYsh7IftrN...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5PjUHRuYfCK4jR8wa5HnRcvp6T_cVy_ugpPsdyYsh7IftrN5xTxiUjZu5g2SMZ52z7NNCvWYEWE&google_hm=RkI3NU5JSndERkpwS1A0Q0QxN1Q=
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:21 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSttxsF_Loi25BbcsUFjusuFla8CKFfbWlncWbL-NDbpDssfPatvCqEm-NOXpuwe76BZKypwpX0G_nx5PjUHRuYfCK4jR8wa5HnRcvp6T_cVy_ugpPsdyYsh7IftrN5xTxiUjZu5g2SMZ52z7NNCvWYEWE&google_hm=RkI3NU5JSndERkpwS1A0Q0QxN1Q=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
295
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 095C
Redirect Chain
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIVeWUcy0G0nzJj-NA968-A&google_cver=1&google_push=AXcoOmQO6DCmcas1ZpUPY0Tt4GtCIGR2EruYyhGWHojhAwFUompSc-KXJx0jzX_fra5k86MGmy-FEuM2uFflLeZCAsVI4aa...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQO6DCmcas1ZpUPY0Tt4GtCIGR2EruYyhGWHojhAwFUompSc-KXJx0jzX_fra5k86MGmy-FEuM2uFflLeZCAsVI4aafrhm4meeI2eY3aubpobpOqmJJum...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQO6DCmcas1ZpUPY0Tt4GtCIGR2EruYyhGWHojhAwFUompSc-KXJx0jzX_fra5k86MGmy-FEuM2uFflLeZCAsVI4aafrhm4meeI2eY3aubpobpOqmJJumtUeEKxZFjjYqO059hCvyVpl9Hx6WzTGtET4EE&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmQO6DCmcas1ZpUPY0Tt4GtCIGR2EruYyhGWHojhAwFUompSc-KXJx0jzX_fra5k86MGmy-FEuM2uFflLeZCAsVI4aafrhm4meeI2eY3aubpobpOqmJJumtUeEKxZFjjYqO059hCvyVpl9Hx6WzTGtET4EE&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Date
Mon, 04 Dec 2023 18:14:21 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
spacer.gif
an.yandex.ru/resource/ Frame 095C
Redirect Chain
  • https://an.yandex.ru/mapuid/google/CAESEEKCHEEdGNAINLekd9JbUeo?ext-param=AXcoOmRYnXcVu5QntGjq6CViEYWD7J6J9p6lMb4l2gbZFjVXknyG2tl1vN7OVRyBfTR9cMRuaVO0i79H9YJih_5MQT0HmYLAVYe3crcyMcXAm_N9UYCOo9ET2ULr...
  • https://an.yandex.ru/mapuid/google/CAESEEKCHEEdGNAINLekd9JbUeo?redir-setuniq=1&ext-param=AXcoOmRYnXcVu5QntGjq6CViEYWD7J6J9p6lMb4l2gbZFjVXknyG2tl1vN7OVRyBfTR9cMRuaVO0i79H9YJih_5MQT0HmYLAVYe3crcyMcXA...
  • https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEEKCHEEdGNAINLekd9JbUeo&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
  • https://an.yandex.ru/resource/spacer.gif
43 B
144 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://an.yandex.ru/resource/spacer.gif
Protocol
H2
Server
2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 18 Apr 2001 10:28:03 GMT
content-type
image/gif
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Mon, 18 Nov 2024 18:14:21 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://an.yandex.ru/resource/spacer.gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
237
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 095C 		0
40 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IDlOUCeVB7ddlzWziToC9za6v4DpHdEU2cloRXbRR-pMEFkZhS55skn7azbtzvIRV7nhJIYI4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=1300378861&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=11&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660275&bpp=1&bdt=1545&idt=0&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0%2C975x731&nras=3&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=3.ujf7puxi3pax&fsb=1&dtd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
css
fonts.googleapis.com/ Frame E12D 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 04 Dec 2023 17:16:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 04 Dec 2023 18:14:21 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame E12D 		2 KB
822 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 21:48:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
73545
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 21:48:36 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame E12D 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 20:02:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
79931
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9305
x-xss-protection
0
server
cafe
etag
13635642240219548939
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 20:02:10 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame E12D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:45:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
1746
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Dec 2023 17:45:15 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 4526 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
6971
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 16:18:10 GMT
etag
48472445140208031
expires
Tue, 05 Dec 2023 16:18:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame E12D 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 20:02:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
79931
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8544
x-xss-protection
0
server
cafe
etag
17124069415086231762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 20:02:10 GMT
l
www.google.com/ads/measurement/ Frame E12D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRKXLQOVGr4r5VZ3PdhFISjcG7REGJfiMbyTUHzRdqsNavQfUrbL9-En5DbzNMykM60dPcdApXM4POY35Ia0weD2K_d8g
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame E12D 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65067
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1701261208926228"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:21 GMT
7a8419aef3683f04c437bd15cecf843d.js
www.gstatic.com/mysidia/ Frame E12D 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/7a8419aef3683f04c437bd15cecf843d.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Dec 2023 22:31:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
157367
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Wed, 29 Nov 2023 19:10:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Fri, 01 Mar 2024 22:31:34 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/11137702778264513102/ Frame 3783 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/11137702778264513102/14763004658117789537?w=600&h=314&tw=1&q=75
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d6b8ae11f53844e9c63027df0fb8f06a68978409d93474a92c86620e8b3e0ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 06:41:24 GMT
x-content-type-options
nosniff
age
300777
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41224
x-xss-protection
0
last-modified
Tue, 28 Jun 2022 18:22:25 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 30 Nov 2024 06:41:24 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/14222512034152686159/ Frame 3783 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/14222512034152686159/14763004658117789537?w=100&h=100&tw=1&q=75
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8ae3f04fcc4413086348e378e6e90a9e26715b0df41d4adddaef9d7e183bc0ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1621
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 15:48:02 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Dec 2024 18:14:21 GMT
truncated
/ Frame 3783 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a93e43defae47723c1bba144137d39d486ae5e3dce2f0458e1bbd94e17ca859a

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 3DA4 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:12:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50508
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Dec 2023 04:12:33 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3783 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.theepochtimes.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 16:05:47 GMT
x-content-type-options
nosniff
age
7714
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 03 Dec 2024 16:05:47 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3783 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.theepochtimes.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Dec 2023 13:37:09 GMT
x-content-type-options
nosniff
age
189432
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 01 Dec 2024 13:37:09 GMT
init
gw.geoedge.be/api/ 		0
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:d400:10:43f:4352:ad61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:21 GMT
via
1.1 0455d1ec539ef7b27f0e90c40cf5cc10.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-P1
content-length
0
x-amz-cf-id
0rDH7NSuypRn66NXI7OuB7hPhA7Zb9G0cKfuUN-LEgzVUTOFM8UthA==
x-cache
Miss from cloudfront
gen_204
pagead2.googlesyndication.com/pagead/ Frame D105 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=slotcar&type=2&src=1&stats=1&timing=1002&event=prf_suc&client=ca-pub-2316275586951220&bow_v=r20231129&js_v=m202311300101&fetcher=adsense&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
init
gw.geoedge.be/api/ Frame 296D 		0
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:d400:10:43f:4352:ad61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:21 GMT
via
1.1 0455d1ec539ef7b27f0e90c40cf5cc10.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-P1
content-length
0
x-amz-cf-id
5BU_stoRJ7zBf_zwneve1JC_ME2RASS3fS3pJlKNLgNFYCD0IuI9xA==
x-cache
Miss from cloudfront
container.html
6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DAB9 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:19 GMT
expires
Tue, 03 Dec 2024 18:14:19 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 3783 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1d9e0d05669a3610c7263c551b8b406344c148713485f7e8124f61b05e2463cd

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
tentacle.js
tentacles.smartocto.com/ten/ 		36 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tentacles.smartocto.com/ten/tentacle.js?v=2023-12-04T18
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1081 /
Resource Hash
30cba8c6f7374a344b5a6d97dda6da6f92281144a7123bd7168349de7d85f4b3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-383
cdn-cachedat
11/28/2023 09:17:30
cdn-pullzone
1448885
last-modified
Tue, 28 Nov 2023 09:17:22 GMT
server
BunnyCDN-DE1-1081
cdn-fileserver
709
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"6565b022-9011"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
92c47c19-149d-4a6b-809d-6a585867c24c
cache-control
public, max-age=60
cdn-requestid
e767ad93e998a7e91914696e293942ed
cdn-requestcountrycode
CH
cdn-status
200
cdn-requestpullsuccess
True
1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
pagead2.googlesyndication.com/bg/ Frame 8E72 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 13:53:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
15656
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19719
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 13:53:25 GMT
p
ingestion.contentinsights.com/ 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ingestion.contentinsights.com/p?a=Epoch%20Puzzles&b=&c=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&d=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&e=Free%20Games%20-%20Ad-supported&f=2748&g=2023-09-14T02%3A45%3A59Z&h=epochfun-137957%2Cjoypass-free-155614%2Cspecial-epoch-games-155638%2Cfree-games-ad-supported-172624%2Cfrontaudio-161329&i=&j=free&k=news&l=&m=anonymous&ch=&pid=5491287&u=1701713661312.498041172.29534197&ul=1701713661313.498582977.0347414&x=0.7677101811062093&t=0&err=&ver=21
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.12.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-12-87.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection
keep-alive
Date
Mon, 04 Dec 2023 18:14:21 GMT
popup.html
rumcdn.geoedge.be/rbu/ 		40 KB
22 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/rbu/popup.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:b000:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8496667e6ca10b43d843e825b1f87efa7afc417328b26f815c1b3c5b533ec1a8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:35:22 GMT
x-amz-version-id
syIMtMYORg3qGAt5iZTB_5DSJtjB6jsO
content-encoding
br
via
1.1 2667cbb82aabb944a65b99430aa06d1a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P2
age
2340
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 08 Aug 2023 11:45:58 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1691495156/ctime:1691495156/gid:497/gname:jenkins/md5:52896e48320c4224eb8de1f2c93cb04d/mode:33188/mtime:1691495156/uid:498/uname:jenkins
etag
W/"52896e48320c4224eb8de1f2c93cb04d"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
x-amz-cf-id
5jQBAkIkdw0pkhyEFCksut6ASMnoF9MBbp_Jeo6XlghBAtm5KbpJsA==
pixel
cm.g.doubleclick.net/ Frame 4526
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEMzFssmdbBW6nTetwDYBKAg&google_cver=1&google_push=AXcoOmQlDZukmN71yr1ixnr-wMOYDYRL9mQttAxO-6eJSgI8gfvdeG4Or6v-X5uRhCAOBzvA4lC-nk0CpgZyxdZtAKH6VGeEZ71IXS4Y
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQlDZukmN71yr1ixnr-wMOYDYRL9mQttAxO-6eJSgI8gfvdeG4Or6v-X5uRhCAOBzvA4lC-nk0CpgZyxdZ...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQlDZukmN71yr1ixnr-wMOYDYRL9mQttAxO-6eJSgI8gfvdeG4Or6v-X5uRhCAOBzvA4lC-nk0CpgZyxdZtAKH6VGeEZ71IXS4Y
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQlDZukmN71yr1ixnr-wMOYDYRL9mQttAxO-6eJSgI8gfvdeG4Or6v-X5uRhCAOBzvA4lC-nk0CpgZyxdZtAKH6VGeEZ71IXS4Y
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Sun, 03 Dec 2023 18:14:21 GMT
pixel
cm.g.doubleclick.net/ Frame 4526
Redirect Chain
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=...
  • https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=Njg3NDQxM2QtOWM4NC00NjEwLTlmZmMtMWEyYjE0MjBmZGUx&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQW...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=Njg3NDQxM2QtOWM4NC00NjEwLTlmZmMtMWEyYjE0MjBmZGUx&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQWMMDzfzGcgMTj0tsm0zeHTwX9rfNpySsKurRZOlZ13lKu4TFFIKqCtc8gtrsVfR3S9skYO6NdzvQgi6X4CM-XSr6De4FcfQKG
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=Njg3NDQxM2QtOWM4NC00NjEwLTlmZmMtMWEyYjE0MjBmZGUx&google_gid=CAESEN4HksVJ7zdsgnNa176RJNI&google_cver=1&google_push=AXcoOmQWMMDzfzGcgMTj0tsm0zeHTwX9rfNpySsKurRZOlZ13lKu4TFFIKqCtc8gtrsVfR3S9skYO6NdzvQgi6X4CM-XSr6De4FcfQKG
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4526
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEAqLkz6OeF1gfVEqNuWDlRo&google_cver=1&google_push=AXcoOmTZHQJpmvEhPByDkB9yJgXOZWlcOxJEXCyPfUbArHrLO28HVn_STPYZh_-aDQ8qnQfWaIuJbKaix_vibscLlHLvm1x...
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZHQJpmvEhPByDkB9yJgXOZWlcOxJEXCyPfUbArHrLO28HVn_STPYZh_-aDQ8qnQfWaIuJbKaix_vibscLlHLvm1xS-32dsazE&google_hm=eS0wdlJraXJkRTJwSF...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZHQJpmvEhPByDkB9yJgXOZWlcOxJEXCyPfUbArHrLO28HVn_STPYZh_-aDQ8qnQfWaIuJbKaix_vibscLlHLvm1xS-32dsazE&google_hm=eS0wdlJraXJkRTJwSF85OTNWNEg1T0JvcnNfTV9KcEFjWH5B
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTZHQJpmvEhPByDkB9yJgXOZWlcOxJEXCyPfUbArHrLO28HVn_STPYZh_-aDQ8qnQfWaIuJbKaix_vibscLlHLvm1xS-32dsazE&google_hm=eS0wdlJraXJkRTJwSF85OTNWNEg1T0JvcnNfTV9KcEFjWH5B
content-length
0
pixel
cm.g.doubleclick.net/ Frame 4526
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEA6QefFt9EbuNwE2EUtQeu8&google_cver=1&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQhK8__y...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEA6QefFt9EbuNwE2EUtQeu8&google_cver=1&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQh...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg2NDUzNDY2MDY2MjE3NjQ0Mg&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQhK8_...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg2NDUzNDY2MDY2MjE3NjQ0Mg&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQhK8__yOJhEGn-rTLfO1t8XQ-9C9Qs
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg2NDUzNDY2MDY2MjE3NjQ0Mg&google_push=AXcoOmS5Tb2uHfjXUZ_6S4DLwd_ECjHFx9YZv9q29K3lnGwisHEg5ng38FA_yHN2S9wfLKLLSQhK8__yOJhEGn-rTLfO1t8XQ-9C9Qs
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame 4526
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_cver=1&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX6...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEOaS11jV_bYVEHi0PTU9Aq0&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX6...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX641y5KJ5AMzIAsJUim3e&google_hm=RDhHeUNiYTlHVG9H...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX641y5KJ5AMzIAsJUim3e&google_hm=RDhHeUNiYTlHVG9HR29jclgzSUk=
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:21 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmTh48I8f5uiaq1fW5pU9DxgPlZHRhnbdk1X2Ge5prQKNVPef_rhxVTJZol0T1TviMe239cjin4_M9YX641y5KJ5AMzIAsJUim3e&google_hm=RDhHeUNiYTlHVG9HR29jclgzSUk=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
240
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4526
Redirect Chain
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIVeWUcy0G0nzJj-NA968-A&google_cver=1&google_push=AXcoOmSXj73ZN342s-2WlPKYXmzWs7iw0tIyOVNsVVmOCG6LEKSPw40Ww36Nyizii6TQ3SInC1-fbPo4LcsuOxAOUnwJgFy...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmSXj73ZN342s-2WlPKYXmzWs7iw0tIyOVNsVVmOCG6LEKSPw40Ww36Nyizii6TQ3SInC1-fbPo4LcsuOxAOUnwJgFyDgz8BwS_AYg&google_hm=NzkwN...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmSXj73ZN342s-2WlPKYXmzWs7iw0tIyOVNsVVmOCG6LEKSPw40Ww36Nyizii6TQ3SInC1-fbPo4LcsuOxAOUnwJgFyDgz8BwS_AYg&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmSXj73ZN342s-2WlPKYXmzWs7iw0tIyOVNsVVmOCG6LEKSPw40Ww36Nyizii6TQ3SInC1-fbPo4LcsuOxAOUnwJgFyDgz8BwS_AYg&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Date
Mon, 04 Dec 2023 18:14:21 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 4526
Redirect Chain
  • https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEJiSBWtHv-MpQeB57YaOwKk&google_cver=1&google_push=AXcoOmSnMBFJFdYHUjareBFCZNIiQOZaaT5ohXAPziPT_MKi8a2M-hYXjqGAQPpmd2w...
  • https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSnMBFJFdYHUjareBFCZNIiQOZaaT5ohXAPziPT_MKi8a2M-hYXjqGAQPpmd2w8BOKphW2GkfK7x6jaFtFju2AW35xWQlG27FX2mw
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSnMBFJFdYHUjareBFCZNIiQOZaaT5ohXAPziPT_MKi8a2M-hYXjqGAQPpmd2w8BOKphW2GkfK7x6jaFtFju2AW35xWQlG27FX2mw
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id
1fa4c250.1aae5070
date
Mon, 04 Dec 2023 18:14:21 GMT
x-bytefaas-request-id
2023120418142189B20A2E5773E66F5956
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a2-16-121-72.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52183077) (-)
x-parent-response-time
98,2.16.121.72
server-timing
cdn-cache; desc=MISS, edge; dur=91, origin; dur=8, inner; dur=5
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2023120418142189B20A2E5773E66F5956
x-cache-remote
TCP_MISS from a23-32-17-20.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52183077) (-)
access-control-max-age
86400
access-control-allow-methods
*
location
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSnMBFJFdYHUjareBFCZNIiQOZaaT5ohXAPziPT_MKi8a2M-hYXjqGAQPpmd2w8BOKphW2GkfK7x6jaFtFju2AW35xWQlG27FX2mw
x-bytefaas-execution-duration
4.10
access-control-allow-origin
*
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
011ac730b1942e561932afdfb7a3a75926a8573c990b4de05b63939032adc564bd0126f466b94a75cf8bc1de735e6520db2c29be160563fcd0d621e5efb71d8e2c689afc47993b064c302202589eade877d8241252961c1dc0fe6f2c1ded8a360dacaccead595ffa7257ddf533834c784c
x-origin-response-time
8,23.32.17.20
cache-control
max-age=0, no-cache, no-store
access-control-allow-headers
*
expires
Mon, 04 Dec 2023 18:14:21 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 4526 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IU69W08bYoyeHFs4bngDlip91dRCCtiErgQ0nZ6iPoCMLOoZoCcENlPPHpqfMJgbSX4ZaWfNM
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2316275586951220&output=html&h=731&adk=3591953100&adf=2873238072&w=975&vpmute=0&channel=4089988593&format=975x731&url=https%3A%2F%2Fwww.theepochtimes.com%2F&ea=0&pra=3&wgl=1&fa=10&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701713660271&bpp=1&bdt=1541&idt=1&shv=r20231129&mjsv=m202311300101&ptt=9&saldr=aa&prev_fmts=0x0&nras=2&correlator=242626550806&pv_ch=4089988593%2B&frm=24&ife=1&pv=1&ga_vid=1052713507.1701713659&ga_sid=1701713660&ga_hid=1383172527&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=975&ish=731&ifk=4072125051&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071&oid=2&pvsid=4454287763820610&tmod=1773398861&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C975%2C731&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.fp7vbcskhl7c&fsb=1&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
119979b6-29aa-4cf0-8c31-b0bc086bfdb6
https://www.theepochtimes.com/ 		252 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.theepochtimes.com/119979b6-29aa-4cf0-8c31-b0bc086bfdb6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b53b1d1a70352315b96b2659e0f80fbc988b1a19a3d177bcbb0a16a5fa32c45a

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
252
Content-Type
text/javascript
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 3660 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:24:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
28189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 10:24:32 GMT
GenesisSansHead-Light.woff2
s0.2mdn.net/sadbundle/17794596359158718273/ Frame 3DA4 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17794596359158718273/GenesisSansHead-Light.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bba2d5622e1a33c1bd924e07f396c234a390f0bf9bb5fd1394521df422ad3607
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 04:53:17 GMT
x-content-type-options
nosniff
age
307264
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23900
x-xss-protection
0
last-modified
Fri, 24 Feb 2023 11:06:34 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 30 Nov 2024 04:53:17 GMT
GenesisSansHead-Regular.woff2
s0.2mdn.net/sadbundle/17794596359158718273/ Frame 3DA4 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17794596359158718273/GenesisSansHead-Regular.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
43cbe861b09360a856de530e3aac37acab9201d0eb166c906b26e0f71fc6ff23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 12:40:46 GMT
x-content-type-options
nosniff
age
279215
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23636
x-xss-protection
0
last-modified
Fri, 24 Feb 2023 11:06:34 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 30 Nov 2024 12:40:46 GMT
GenesisSansText-Regular.woff2
s0.2mdn.net/sadbundle/17794596359158718273/ Frame 3DA4 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/17794596359158718273/GenesisSansText-Regular.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46b2dc3fc5e9ccbcde38dfcc96d4545befae794ae947ea3602693f2e7126b057
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:53:32 GMT
x-content-type-options
nosniff
age
19249
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38296
x-xss-protection
0
last-modified
Fri, 24 Feb 2023 11:06:34 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 03 Dec 2024 12:53:32 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D105 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=slotcar&type=1&src=1&stats=1&timing=1107&event=prf_suc&client=ca-pub-2316275586951220&bow_v=r20231129&js_v=m202311300101&fetcher=adsense&eid=44759875%2C44759926%2C31079865%2C44809003%2C31078301%2C31079890%2C44807763%2C44808148%2C44808284%2C44809071
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://html5.gamedistribution.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
grumi.js
rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/ Frame DAB9 		222 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:b000:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0ab00d638ea969f39da82f58bc8724b92bcf747b275cdd90548b818211527616

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:35:29 GMT
x-amz-version-id
AueqzGVqi8TbIIGsmFOlCT2lfUu.z3JY
content-encoding
br
last-modified
Mon, 04 Dec 2023 17:32:43 GMT
server
AmazonS3
via
1.1 e60c6ee10489538b535a3fc65e54d028.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P2
etag
W/"32c6f95e8b517cd9e0006f074acc8a20"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
age
2333
x-amz-cf-id
Gl3imUbvLc8U7NeJ9151NOygKMqVN6U15VNNm8kfYLQpwrOoOGrUBg==
ping
pagead2.googlesyndication.com/pagead/ Frame D105 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/slotcar_library_fy2021.js?bust=31079890
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://html5.gamedistribution.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
pagead2.googlesyndication.com/bg/ Frame 3977 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 13:53:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
15656
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19719
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 13:53:25 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 296D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv90p_ApL8xG4C-GHDOp3gfjeXv3Nr2hYL0N_Q5BkhyvTGVpIIgfMFzSNK8jIM3hhuzknUmisdBARLySWOpUxrPtzVQl23R8ENjg6aI_My4v_4dNcptpb4T3DVZ5Cpko6YP3rU6M74AF1Gffhtn5Knh-A29gWPZTCHNC1CLagqkRTs5MbYLY7mGGkE3H-amTLSWPA2Y8mJBTb17b97Va0DyCZBXi-cWwq63e6Y2rexwMgJI6WqlibdkP8l4kxenJoZnBXYBYot7ic8NZLvUhq3CqhCB_bJeXHbT7x-VPrspWG_iqldSnkQ3IWLlhumHlfquW2RajAUVWYb7lcOt-3VPBDTMkIRfgwkBiU7cByevXOfzM30LsHWmXSDwgJM3yFcixvgzvLUcG1RDJQUBW1UbzZtHZ1QMnA_vrx2sB8VHNm_Mg2C2t22G9gCq3MzoP2-p0b1Xrw8nW2myup9CGJnDvqqhos6MsJdWu00IG__9KbI-Q1N3VACKgw0Ftm5KPkPgBu8cmUOCBTPnuu6cr5vQH5XChsZnCycY16ZMwTqYKlAsF6y136Rp5Lhta6YmHPgVGHqlrVHOhR7nqMnRUoUhVR_qaahM8oUAlu1z8BPWK5XwRt_CcQSYRve03KTfRjYCG73WouMhJ_KMrrBz9bQdaS8Y-UxHRfGw70trQylL0GV00krHadEJ_Bu46-LqWo3QUpYfmZgvo6bBcY3heTVKumzH_pRjSEtEg-keU8Q7IV51Qjpa8m0IlDXVNO3bfKVD-85pDXPXTa7mFml0bS6wNZRfh8n3_idQqghkgxMfNQP60XrvrSn26c0w3QWmicTofkXwmldX0oUp5xKTdFgTBLvvg76FfWEimNn_gIxx9mAtZw6P01GG4XM1aklwiZZ1SHg_s5kNDSC0RyZI9RkAa-3UCPMqJOnquzG2MTVgYdqrkev6Zo3VxuuHhHDpzkz9Ua-0iOnE6zr8oCkvdbhzqVKdOPRttbmETCOfDf02TSAe_-TrK-xWniucI717PmuNxQFn2PGr0f3iYcq-t6An2Qg4qhk7Q0w0xH2vv6IBxX_x3XIu-nj9n4BB6h4_8VS-XQj4IpTcO5AEC-CBPmEIWQypXALB4V_lfIMkDd9mdcLCfaGnHAUU470WOgFBsZqrzh5lEP4DaoNXOc8zWC2_KSMMXdj1yxBfqQwC7bX_m9IfKbdmyM_nPOGuvHTmCn0Um_ZAwlRNZvIs7o1oyyfMfXUVQGH4yn75oPsGN9cOFotftRgWU8O0_9F7sot9JSuveddSgB6HwcFWUf4peBl5qJAEVrLeguYDuz4stpg_WBWBNfv2bLVY966LJzU3atGxobS1qqa5kn6CP5gPvR-qsY0npACkJ66k9pntSLgkJAuTbnlgN2fed8F_dy6wQl0PLUt8kf25Q-TfoyBhMxyqx2arOFOfhDdad00x6kWzPAd3KezXYhqJlUXmqjTik8-5uY0JGGcXSWenC3Jqstu-7JZyp5CNbQHNg83tX0BdyKQCvg&sai=AMfl-YTIYBj701G5fpC6PjKj7KCpts87-YTPpBbUfcyA6tvJJeGENI0umNkpXzhgeREOL20bwxMkOgGMp8E-6q1FklGceN1KM7uRvi41O6fWOPrM5OhSijSVsyG3vh9g5Eh2tHkqm1QGhUppHNKeBIeNBayNWtxGpizm7g7c_u3InW8AP--Au19ldyyXkb7vmB93CFm_5jlyKw08p4NJoL9oKokx0mhk1QLtRHbTByAESUSNncb_2pspBnbcxDhgQlbeS9N1bpFe-fHwEodBZtPtNA3Gd5JZ8cjw_2AumMl4Ejbe-T9bCvgILGHpDrrplUodJcNOtVuvxJQurF8S9WM5iMLQzqb_4bO-f9SoMv3CrIspJ6dA_xyRGDrkbTxYOnA5hMtd8gUMwp3Bred3TamjkALXuVSa&sig=Cg0ArKJSzFP1rZUUC-B4EAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=482&vt=11&dtpt=326&dett=3&cstd=148&cisv=r20231129.94988&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
css2
fonts.googleapis.com/ 		7 KB
722 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 04 Dec 2023 17:48:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 04 Dec 2023 18:14:21 GMT
truncated
/ 		665 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5d103df41045bc8e9538ed05d79fdd7750af623fa8dd55fdc3b74d90d6ba20a0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		19 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52c854815f543b120f9314bf012a95ff9902edef46b232928855005edd9cf67c

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
sodar
pagead2.googlesyndication.com/getconfig/ Frame 3DA4 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc1578883d80e9554799564e57dcc56c577e0965451ff70665632a7f1e00d6a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5846
x-xss-protection
0
logo.png
s0.2mdn.net/sadbundle/17794596359158718273/ Frame 3DA4 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/17794596359158718273/logo.png
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2a78ec0800976a7fbcd2f14881e6be9588f6f95d7e2ebcae41236f6ecfe3206
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 21:16:55 GMT
x-content-type-options
nosniff
age
248246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8111
x-xss-protection
0
last-modified
Fri, 24 Feb 2023 11:06:34 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 30 Nov 2024 21:16:55 GMT
60015186_20230206055407014_award_logo_GV60_CH-DE_300x600.png
s0.2mdn.net/ads/richmedia/studio/60015186/ Frame 3DA4 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60015186/60015186_20230206055407014_award_logo_GV60_CH-DE_300x600.png
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c2644f0bb64b3a4ea6c293f254d8f457cea99295bc592908a0e402a519795283
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 22:59:04 GMT
x-content-type-options
nosniff
age
69317
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54629
x-xss-protection
0
last-modified
Mon, 06 Feb 2023 13:54:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 22:59:04 GMT
60015186_20230208071257692_certificate-A.jpg
s0.2mdn.net/ads/richmedia/studio/60015186/ Frame 3DA4 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60015186/60015186_20230208071257692_certificate-A.jpg
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8076319603b1eaf05c0a1943377d9365c5c3bfb49d7e93923b6aa5e634f4076
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:55:06 GMT
x-content-type-options
nosniff
age
26355
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18322
x-xss-protection
0
last-modified
Wed, 08 Feb 2023 15:12:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Dec 2023 10:55:06 GMT
60015186_20230628024437455_300x600_GV60_dynamic-drving.jpg
s0.2mdn.net/ads/richmedia/studio/60015186/ Frame 3DA4 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60015186/60015186_20230628024437455_300x600_GV60_dynamic-drving.jpg
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6cbe43d61c59982190c10b521b67b8c769071ef8724645620c7584774182fc9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/17794596359158718273/index.html?e=69&leftOffset=0&topOffset=0&c=qNAZSIMsft&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:23:37 GMT
x-content-type-options
nosniff
age
28244
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34121
x-xss-protection
0
last-modified
Wed, 28 Jun 2023 09:44:37 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Dec 2023 10:23:37 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 8341 		611 B
263 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYn6KkgAIwAQ&v=APEucNV74OYY2cwpqwE9u2qa9ygYualgexktEFncv0CcbfS2-q4eQkIi2Ppg0z2jx5_dkVC_ng2DBR9onzwN5kSVhKliKP9DCg
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
243
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:21 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame DAB9 		172 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Origin
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 11:48:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23152
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61485
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:43:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Dec 2023 11:48:29 GMT
omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/ Frame DAB9 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/elements/html/omrhp_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 09:45:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
30531
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3071
x-xss-protection
0
server
cafe
etag
10674441169935035545
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Dec 2023 09:45:30 GMT
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/ Frame DAB9 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231129/r20110914/abg_lite_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 22:40:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
70405
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9305
x-xss-protection
0
server
cafe
etag
13635642240219548939
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 22:40:56 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame DAB9 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
259753
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Nov 2024 18:05:08 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame DAB9 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 17:45:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
1746
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Dec 2023 17:45:15 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 5AED 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
6971
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 16:18:10 GMT
etag
48472445140208031
expires
Tue, 05 Dec 2023 16:18:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame DAB9 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 20:02:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
79931
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8544
x-xss-protection
0
server
cafe
etag
17124069415086231762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 17 Dec 2023 20:02:10 GMT
l
www.google.com/ads/measurement/ Frame DAB9 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQHkL4_1cVs6oR0zSNJx2v4NGDKtcXasKpkaEQtAX1cFSJhhvGJbdPXWUUQMXEUgglUYOHJf-G57j5vPW6HXdVLfNQybg
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame DAB9 		202 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65067
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1701261208926228"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 04 Dec 2023 18:14:21 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame DAB9 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DUnasLOuarB6uQF47of2XU3ZFO68HvtRVPs66fe_8UQlG_0jcFssGPDIYk7yVWu5g2zaxi0a7Qb5OonIFR5cQgfCglleGVfrwlOVmdToGAvy8PEpA
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
p.gif
p.alocdn.com/c/vn3d8u2u/a/etarget/
Redirect Chain
  • https://p.alocdn.com/c/vn3d8u2u/a/etarget/p.gif?label=5N0H11N-collect-%257B%2522script%2522%253A%2522https%253A%252F%252Fs3-us-west-2.amazonaws.com%252Fjsstore%252Fa%252F5n0h11n%252Fge.js%2522%252C...
  • https://p.alocdn.com/c/vn3d8u2u/a/etarget/p.gif?label=5N0H11N-collect-%257B%2522script%2522%253A%2522https%253A%252F%252Fs3-us-west-2.amazonaws.com%252Fjsstore%252Fa%252F5n0h11n%252Fge.js%2522%252C...
42 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.alocdn.com/c/vn3d8u2u/a/etarget/p.gif?label=5N0H11N-collect-%257B%2522script%2522%253A%2522https%253A%252F%252Fs3-us-west-2.amazonaws.com%252Fjsstore%252Fa%252F5n0h11n%252Fge.js%2522%252C%2522ver%2522%253A%25221.6.1%2522%252C%2522guid%2522%253A%2522326d3e35-56a8-4b12-8271-4ba1e2bb4962%2522%257D&title=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tdc=1
Protocol
H2
Server
54.71.111.90 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-71-111-90.us-west-2.compute.amazonaws.com
Software
nginx/1.20.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date
Mon, 04 Dec 2023 18:14:22 GMT
server
nginx/1.20.1
content-type
image/GIF

Redirect headers

location
/c/vn3d8u2u/a/etarget/p.gif?label=5N0H11N-collect-%257B%2522script%2522%253A%2522https%253A%252F%252Fs3-us-west-2.amazonaws.com%252Fjsstore%252Fa%252F5n0h11n%252Fge.js%2522%252C%2522ver%2522%253A%25221.6.1%2522%252C%2522guid%2522%253A%2522326d3e35-56a8-4b12-8271-4ba1e2bb4962%2522%257D&title=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tdc=1
date
Mon, 04 Dec 2023 18:14:22 GMT
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
server
nginx/1.20.1
content-type
image/GIF
adview
securepubads.g.doubleclick.net/pagead/ Frame 3783 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CTkI4_BZuZemTHYPG7_UP39-N6A3tr8bpZpKWidXRDZbA6ozDJhABIOjQsB9g9ZXOgeAEoAGKvZPeAsgBCakCGpjOiCM9sz7gAgCoAwHIAwqqBOMCT9Cu_-bA81EVfVwgcIaY4ZzDxwSi0TILnMsFxuXZo2vPKZdyqtPC4_IjfdQdasp6fPy5ikqDk40GR5kbxVfV6duxAU1MpIe4oxUYR56LdmPgEF9f3h0hLtkHYaczHT6tgiEuPIPgtET8g9WT7ZaQfyXONEp9bBtbxcHDHcFA-58DvUv_9oOej7Xny7X-NMqKQxxUXS-MKRRJKL_RgfBZIwB_xEDA9Rm0leYjoeqhVIV6hAONAPClg-ccoPNdKdFxRUbeUUrFTkxmw-dsx9lnOSVd0_4ZiA3CGUQDPYfKYfTWPU2AEA2-qEBMpvV7Jv1bWC9DscntvDg72ORwqTOrfnNTCGtXpX6OrEMj-PYIdU36CkAuUIAQFQIL-p8s6Q-asAL8QvS2PTu8jAilYVEQ1FQi53JD7kh_BNpe39tOequngWOuKpq7iGcoUKEV5vBa5aGChDRS2mYv-d0oNnT7ONbk2cAElaDJ1soD4AQBiAX3yei3MpIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAf2_e2hAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcFENGB_wHSCB0IgGEQARgdMgKKAjoCgEBIvf3BOljGscqxsfaCA5oJIGh0dHBzOi8vd3d3LnN0aWNrZXJraWQuY2gvY2hfZW4vgAoDyAsBogwQKg4KDOS0sQLutbECtbixAtoMEAoKEPCFsr6Vm8yRXhICAQPiDRMI-d7KsbH2ggMVA-O7CB3fbwPduBPkA9gTDYgUAdAVAYAXAbIXHgocCAASFHB1Yi0yMjExNTUyNTM3NzA0NDA3GMDcDA&sigh=PcoWXALGJY8&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSOwDICaaNloUAWarD-CkAeHZG8tToi4wJlya7tKmIU3vNdHC2SSmpRVPDUKKvtpzNIq_ArAfeCS4qLEAcGAE&template_id=484&cbvp=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 3DA4 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 04 Dec 2023 18:14:21 GMT
truncated
/ Frame 296D 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1d9e0d05669a3610c7263c551b8b406344c148713485f7e8124f61b05e2463cd

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
bounce
ib.adnxs.com/ Frame 8341
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEG38XHguGpJLl5N5yzSrayU&google_cver=1
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG38XHguGpJLl5N5yzSrayU%26google_cver%3D1
43 B
893 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG38XHguGpJLl5N5yzSrayU%26google_cver%3D1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYn6KkgAIwAQ&v=APEucNV74OYY2cwpqwE9u2qa9ygYualgexktEFncv0CcbfS2-q4eQkIi2Ppg0z2jx5_dkVC_ng2DBR9onzwN5kSVhKliKP9DCg
Protocol
H2
Server
185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
an-x-request-uuid
34a06091-8ecf-4358-8f0e-aff758d759eb
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
149.88.27.82; 149.88.27.82; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
an-x-request-uuid
32657c1f-c2c1-49db-be27-78aa033ba0fe
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEG38XHguGpJLl5N5yzSrayU%26google_cver%3D1
cache-control
no-store, no-cache, private
x-proxy-origin
149.88.27.82; 149.88.27.82; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 8341
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU3MTY3MTUzMDE3MzY1MzQwNg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU3MTY3MTUzMDE3MzY1MzQwNg%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYn6KkgAIwAQ&v=APEucNV74OYY2cwpqwE9u2qa9ygYualgexktEFncv0CcbfS2-q4eQkIi2Ppg0z2jx5_dkVC_ng2DBR9onzwN5kSVhKliKP9DCg
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
an-x-request-uuid
08b815a3-64a4-4189-b99f-d00bcd28d3bd
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU3MTY3MTUzMDE3MzY1MzQwNg%3D%3D
x-proxy-origin
149.88.27.82; 149.88.27.82; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 8341
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEDAK0BILzlXOD7FL_ezZlvQ&google_cver=1
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEDAK0BILzlXOD7FL_ezZlvQ&google_cver=1
43 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEDAK0BILzlXOD7FL_ezZlvQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYn6KkgAIwAQ&v=APEucNV74OYY2cwpqwE9u2qa9ygYualgexktEFncv0CcbfS2-q4eQkIi2Ppg0z2jx5_dkVC_ng2DBR9onzwN5kSVhKliKP9DCg
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEDAK0BILzlXOD7FL_ezZlvQ&google_cver=1
date
Mon, 04 Dec 2023 18:14:21 GMT
via
1.1 google
server
OXGW/0.0.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
pixel
cm.g.doubleclick.net/ Frame 8341
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDM4NzNhMzUtZjczNi0yMGY3LWU1MTQtODZkZDUxYmY3Y2Ix
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDM4NzNhMzUtZjczNi0yMGY3LWU1MTQtODZkZDUxYmY3Y2Ix
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYn6KkgAIwAQ&v=APEucNV74OYY2cwpqwE9u2qa9ygYualgexktEFncv0CcbfS2-q4eQkIi2Ppg0z2jx5_dkVC_ng2DBR9onzwN5kSVhKliKP9DCg
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDM4NzNhMzUtZjczNi0yMGY3LWU1MTQtODZkZDUxYmY3Y2Ix
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ingestion.js
tentacles.smartocto.com/ten/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tentacles.smartocto.com/ten/ingestion.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1081 /
Resource Hash
4d5ffa9b4660a2cb3cc7733dd785224252768155d96805b19b862ef55af6d045

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
br
cdn-edgestorageid
1080
cdn-storageserver
DE-677
cdn-cachedat
11/28/2023 09:17:30
cdn-pullzone
1448885
last-modified
Tue, 28 Nov 2023 09:17:20 GMT
server
BunnyCDN-DE1-1081
cdn-fileserver
709
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"6565b020-2774"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
92c47c19-149d-4a6b-809d-6a585867c24c
cache-control
public, max-age=60
cdn-requestid
b1d73de02b63fa838a4f29d6ded1aaa3
cdn-requestcountrycode
CH
cdn-status
200
cdn-requestpullsuccess
True
tentacles
api.smartocto.com/api/brands/ 		1 KB
888 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.smartocto.com/api/brands/tentacles?i=8ia94jzjaallopuwrqi7yg96qevd0z0w
Requested by
Host: tentacles.smartocto.com
URL: https://tentacles.smartocto.com/ten/tentacle.js?v=2023-12-04T18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.174.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-51-174-173.eu-west-1.compute.amazonaws.com
Software
/ smartocto
Resource Hash
a55cd6de4655dc7bb21259ded6fb10e73640436324b5eb7f01c6a450baefa7df

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
last-modified
Mon, 4 Dec 2023 18:14:13 +0000
max-age
10
x-powered-by
smartocto
vary
Accept-Encoding
x-cache
HIT from SmartOcto Cache
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.theepochtimes.com
access-control-allow-methods
GET,PUT,POST,DELETE
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
pixel
cm.g.doubleclick.net/ Frame 5AED
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&google_cve...
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&goog...
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ejZDTU1wYnYxUmFkc3g1&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&google_cver=1&google_push=AXcoOmS9hGVEB1VjD7HZMFwouiquGbGHkpBrn-KzlPaESqt...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ejZDTU1wYnYxUmFkc3g1&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&google_cver=1&google_push=AXcoOmS9hGVEB1VjD7HZMFwouiquGbGHkpBrn-KzlPaESqtl9fLGY4bd4AWG6TEEqzZJdaw8xRlHRVWPUc_0b43YQGK3Jyjhsg
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:21 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ejZDTU1wYnYxUmFkc3g1&google_gid=CAESEEI9n8R8rmaE2_TChGLC1mE&google_cver=1&google_push=AXcoOmS9hGVEB1VjD7HZMFwouiquGbGHkpBrn-KzlPaESqtl9fLGY4bd4AWG6TEEqzZJdaw8xRlHRVWPUc_0b43YQGK3Jyjhsg
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5AED
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEMzFssmdbBW6nTetwDYBKAg&google_cver=1&google_push=AXcoOmQ76sR5aUB5Xexr-4JVnZqPVf21kDUk23UInwU_U4aJ0AK34JQ4i2FdGSDSxF-YMIQMn3uWM7_krY0DPSvs1si1BA1ZBCA
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQ76sR5aUB5Xexr-4JVnZqPVf21kDUk23UInwU_U4aJ0AK34JQ4i2FdGSDSxF-YMIQMn3uWM7_krY0DPSv...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQ76sR5aUB5Xexr-4JVnZqPVf21kDUk23UInwU_U4aJ0AK34JQ4i2FdGSDSxF-YMIQMn3uWM7_krY0DPSvs1si1BA1ZBCA
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=00BF387A687D4BE18B6D8E2E0FFAAC37&google_push=AXcoOmQ76sR5aUB5Xexr-4JVnZqPVf21kDUk23UInwU_U4aJ0AK34JQ4i2FdGSDSxF-YMIQMn3uWM7_krY0DPSvs1si1BA1ZBCA
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Sun, 03 Dec 2023 18:14:21 GMT
google
match.adsrvr.org/track/cmf/ Frame 5AED 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEAsfUGcDlRoJaoNEno5BqS4&google_cver=1&google_push=AXcoOmQ6SNqvHK_cgYXehuzmQb0mAWCwQJyKTeTLhjgZN-WfSyberzHpnfub8m7MV41aArj3AqgbXI4hzrLv8L7DMnkHhpvEsQ
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
Kestrel
content-length
70
content-type
image/gif
pixel
cm.g.doubleclick.net/ Frame 5AED
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=4&uid=CAESEDgVW_vwgNfzoMdME0fZyYo&google_cver=1&google_push=AXcoOmSOYPeWG_RMlFrbBhnl4U1c16vHTw8rW_2W2L9Okv7GMLRHaT_G2iNf9PYlwhlUcsuHo3INm0-MckMt0w-EbIT_UXW0G9k
  • https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=860275122398&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=860275122398&us_privacy=1---
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

access-control-allow-origin
*
location
https://cm.g.doubleclick.net/pixel?google_nid=acuity&google_hm=860275122398&us_privacy=1---
content-length
0
pixel
cm.g.doubleclick.net/ Frame 5AED
Redirect Chain
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEIVeWUcy0G0nzJj-NA968-A&google_cver=1&google_push=AXcoOmRzADoYbVCyJ20gX8vpnTf9pmiRieT5XSAGHSeM5G-gk1652ur1UUuvcZmcPXDZ8URFO3KGjvIEzqbF_d02y2O2r7r...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRzADoYbVCyJ20gX8vpnTf9pmiRieT5XSAGHSeM5G-gk1652ur1UUuvcZmcPXDZ8URFO3KGjvIEzqbF_d02y2O2r7r1kfxY&google_hm=NzkwNjg1ODk...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRzADoYbVCyJ20gX8vpnTf9pmiRieT5XSAGHSeM5G-gk1652ur1UUuvcZmcPXDZ8URFO3KGjvIEzqbF_d02y2O2r7r1kfxY&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRzADoYbVCyJ20gX8vpnTf9pmiRieT5XSAGHSeM5G-gk1652ur1UUuvcZmcPXDZ8URFO3KGjvIEzqbF_d02y2O2r7r1kfxY&google_hm=NzkwNjg1ODkxOTQxMzY2ODI2Nw==
Date
Mon, 04 Dec 2023 18:14:21 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
0.gif
id5-sync.com/i/495/ Frame 5AED
Redirect Chain
  • https://sync.inmobi.com/gob?google_gid=CAESEMnarl7Mux7o_wrD_BdXFeI&google_cver=1&google_push=AXcoOmSI5yYxVEK8YE3Q1YuVLVUodrAlUHsW_iB5Jrg1APnuh0SzVvw0ov9lLI7XFA0y9GK59xjjwqK1pGjjOWA7mLod4davd7qj
  • https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSI5yYxVEK8YE3Q1YuVLVUodrAlUHsW_iB5Jrg1APnu...
43 B
921 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSI5yYxVEK8YE3Q1YuVLVUodrAlUHsW_iB5Jrg1APnuh0SzVvw0ov9lLI7XFA0y9GK59xjjwqK1pGjjOWA7mLod4davd7qj
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
referrer-policy
no-referrer
expect-ct
max-age=0
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
location
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAXcoOmSI5yYxVEK8YE3Q1YuVLVUodrAlUHsW_iB5Jrg1APnuh0SzVvw0ov9lLI7XFA0y9GK59xjjwqK1pGjjOWA7mLod4davd7qj
x-download-options
noopen
vary
Accept
content-length
271
x-xss-protection
0
google
sync-dmp.aura-dsp.com/match/ Frame 5AED 		0
0
attr
cm.g.doubleclick.net/pixel/ Frame 5AED 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ICeFLykIEZS6vYwWTOJC51nRfbFQJas6lke2YgbXSpYW_TC_oU3X1usxkBEj-Ii8UPmq88XHtw
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
index.html
s0.2mdn.net/sadbundle/556469983186518016/ Frame 57AC 		16 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5232d4cd0b9952a75ffe2c1ddec301ab50b63d64a45d74fa1bea93ba4dce98e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Dec 2023 18:14:21 GMT
expires
Tue, 03 Dec 2024 18:14:21 GMT
last-modified
Fri, 03 Nov 2023 09:17:52 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame DAB9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_qLiZlg7GPUtYIsthD7qBl61KtOc8ZN5gOhJRMCv2H7XaCUVzNriXpdiz-ImOaEzGlRLE-oWAckx3KTGgqKByI-O8dtnXPpVZY7WJot2EbXh2snyGnw-ESuDc3in3OSmZ_gmZH_xTbdT1B1krativra670zxTWf0Cg4vC3hsL4Eb5g1d0rvvfJFw-SKeeWgf3xy-UxHCQJHvvYV3gO903xsg--VteaIjSTuUh2FtHY7wIgyPwxuvo2PWXiEROJatZkTM5G0jhAi9jrUOnLjS7ey339N8xrBrt8ufUdUGnywHfo9Xvml4h89H9rSrJN_wxxmXyxIfXycVx4QH4ceNwOx-WU2PoDybKYZ5mjE-JpLplPk8U8m1NFAy95EOkp08xLYF8tyJeIWID_Co6XbRGaoG0Zt6PBPZShfaA7JN4zXMKA0CyWXf4FxvpsIZyKJ5oDaYNJYnpz4xI_mEHYOdkyPfoWHMX7HzxUNy_Zmp6CNFfnSCLL8Fcc-bPkpe2quAFwIxeoJxTFvMaN1xxNRydJ81z47I-1QppfLlFOEvnE8I7dzldbXiZrm8V-I-1vazViHW_nS8mx-sXVenM2F7Iz0giygoTyGbAgU4GBuQmoNvbVaX3UpTdjbTLXrKg9Of6seTD1EoRdxprGRGYO1U6tK0PgNtdFLa6Cb7Rl_6ctOtSoKSxJcY-WF4EsvM3QHukFKzy7k8G57uwGv3GuWvT_HkFY0_2prw_jMZTj6FVQZGdI8qaOAgfqMfFIe5iQiI2v6EQGXAO_1sAemAIX0O4gMEVR0Jx9MFACgKWcjPdViPWn7hNOVDNl31wTFQiEnbv2Opv0qzFeGlMzAmVf-zL1k4Ca_4XeAUsXDnXwBepASkqCLTGI6ydXY6P6qxssunkTMpiMH9CL9PUFSya2RmuXLL2kyrwYmMBHbUzMHI_w4mbmraCMcC-WFFJsQVfgqoUSk17yLd01RBvea5M2_FhbK7fyYNKJvowGcy4Bt-vmr3jlnBoVFIUaivU9auz8ATq-7_t2k26Z32zzFkJ4FJUZKeU0Npmno0hpFeBjDKaD1--Mw25MaiUsHgM04yn6-ZxroP8LnSyuxu2tmB4lZLGqKGKI4BxLupkqnhw7JVx0XU7bM_UYm9n1f-hC3nHIYhnF9I9c8SkhjbDUu606JlNsoUw_0J830JY4ev7zufX-zt8sCLf1RRQNmkxJXlfEqy2s2GjvsBvfebeoBRpUt2NmXGpLefqMGJxy3_W9dVP59FYyJYpvXpZKVe9iWIhwRXVgSML_-njO3G58HFLLNboXzC0KOsm-KjPi_1hbz7FMUsB2GgbJ3_HYHEj2hreapbe30wPNAiNcg_aWuZkMul6p0CU8epXSi8X4xZRDp2Y0Ba-wg72ypuV5_5tyxrgBmgBFTdHM3Mhj8i9IdwYb5kxaLD_aIS-JAbJU0sC5nolAKXjsza4RAIuLs1sufh-4ccGo80Z7oIeDEaHZYsEQpoREtsvPUJczpfW42b45mkm9XeH5XWBtjJg_1bYsiY3tTc&sai=AMfl-YQJ-PoBh_atmL81GyGg2SfzM21bI-fhP7b3JZoF4tw5-UN2SEPE6ZbxisSufbv9AIzfsjYgPSuyRIKpv0KbLIJWd9uWHUa75iow0swUuKhZRsjXJl8XKkGH9E3O7h-9j8Pz6NjN2_E5FLGYLH0lVos3yIKMJQgXE1mR7p3DSirqOIi4oQuFGzbER_I3dQaKoEB_lpa7pecBACPeaotjGxX-V73x9FQQQ-Uf7HrY5YDAOPN8eGv2p15sgirYr0IVIp0XZrdWgDfxl-Qm6mb07RTRNHch3DHf_pnvSeSNrzQUxg1JXb6uXi2GJgI6-cgEtEpFj0GX7vRIoFsQp99y7PEFfp5ULzmPi1NQ0F2frw0EIoAl2YXLLkTdtZZ1QWtkzWCOWd0O_O7ASL5m-o6aWyzWGOHCRxQm21lTtdeSvRb8E1ib&sig=Cg0ArKJSzL-c_m5x2KOXEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=105&cbvp=1&cstd=101&cisv=r20231129.05752&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
truncated
/ Frame DAB9 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46ca84e2f876ba05f9663cbc472870d77b6ac0b5898a1c3c1e3c9cbb3b89b8be

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame E435 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
73545
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 03 Dec 2023 21:48:36 GMT
expires
Mon, 02 Dec 2024 21:48:36 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gsap_3.9.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 57AC 		63 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25329
x-xss-protection
0
last-modified
Wed, 29 Dec 2021 19:08:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 18:14:21 GMT
Enabler_01_250.js
s0.2mdn.net/879366/ Frame 57AC 		120 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_250.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:23:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21052
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42247
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 21:28:42 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Dec 2023 12:23:29 GMT
style.css
s0.2mdn.net/sadbundle/556469983186518016/ Frame 57AC 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/556469983186518016/style.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e82333e53f32afea84b4f08640b5061c25aedc66e68ef1f1777f654b303cfd79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 02 Dec 2023 22:31:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
157365
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2085
x-xss-protection
0
last-modified
Fri, 03 Nov 2023 09:17:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 01 Dec 2024 22:31:36 GMT
logo.png
s0.2mdn.net/creatives/assets/4902406/ Frame 57AC 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/creatives/assets/4902406/logo.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
97d9dfd8ffc1cb034055da0f01287531af2c4578292d84195a926f9ef304250e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:07:58 GMT
x-content-type-options
nosniff
age
383
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2869
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 13:49:28 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 18:22:58 GMT
main.js
s0.2mdn.net/sadbundle/556469983186518016/ Frame 57AC 		21 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/556469983186518016/main.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
999a7e72ef35507647d38361b959bf1c8699dae691745431c8242bcb013c8c61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 17:51:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
260553
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4065
x-xss-protection
0
last-modified
Fri, 03 Nov 2023 09:17:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 30 Nov 2024 17:51:48 GMT
/
onetag-sys.com/usync/ Frame AD2C 		2 KB
863 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1701713659346
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
usersync.html
cdn.undertone.com/js/ Frame 3AF0 		12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.undertone.com/js/usersync.html
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:6400:1f:2473:9080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e4bc8f1a2c59e9e8e12e9f32a6812c46570925e9f72770d1475d8a1ee85476b

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
45544
content-encoding
gzip
content-type
text/html
date
Mon, 04 Dec 2023 05:35:18 GMT
etag
W/"9f69f355a69e650f4a86354e76e60d40"
last-modified
Tue, 18 Jul 2023 10:31:18 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 6dfd389c138f0c3d4626295090bb3362.cloudfront.net (CloudFront)
x-amz-cf-id
nWJ74RaA4qYgzRV0zZmTQbX3nSQtx7jxM89f7GI2dnWSDzzFKS5lbg==
x-amz-cf-pop
DUS51-P4
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
5cDzvCPt5iTw_HTWM8q.kHMVnUk7Smec
x-cache
Hit from cloudfront
/
onetag-sys.com/usync/ Frame 0D50 		2 KB
863 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1701713659814
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
/
onetag-sys.com/usync/ Frame D841 		2 KB
863 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1701713659326
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
usersync.html
cdn.undertone.com/js/ Frame 5C08 		12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.undertone.com/js/usersync.html
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:6400:1f:2473:9080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e4bc8f1a2c59e9e8e12e9f32a6812c46570925e9f72770d1475d8a1ee85476b

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
45544
content-encoding
gzip
content-type
text/html
date
Mon, 04 Dec 2023 05:35:18 GMT
etag
W/"9f69f355a69e650f4a86354e76e60d40"
last-modified
Tue, 18 Jul 2023 10:31:18 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 6dfd389c138f0c3d4626295090bb3362.cloudfront.net (CloudFront)
x-amz-cf-id
57fzSzAADZ_11Imz22SG6hTRc310tnI7QeTNeOtYb17qWDL0-D8pPw==
x-amz-cf-pop
DUS51-P4
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
5cDzvCPt5iTw_HTWM8q.kHMVnUk7Smec
x-cache
Hit from cloudfront
/
onetag-sys.com/usync/ Frame 3393 		2 KB
863 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1701713659341
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
usersync.html
cdn.undertone.com/js/ Frame 864F 		12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.undertone.com/js/usersync.html
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:6400:1f:2473:9080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e4bc8f1a2c59e9e8e12e9f32a6812c46570925e9f72770d1475d8a1ee85476b

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
45544
content-encoding
gzip
content-type
text/html
date
Mon, 04 Dec 2023 05:35:18 GMT
etag
W/"9f69f355a69e650f4a86354e76e60d40"
last-modified
Tue, 18 Jul 2023 10:31:18 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 6dfd389c138f0c3d4626295090bb3362.cloudfront.net (CloudFront)
x-amz-cf-id
FrspWm5HXOuQ5h4SCCqVdGXCPMdIO1iOB6Zwn_J4eB4V6XaSix2E5w==
x-amz-cf-pop
DUS51-P4
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
5cDzvCPt5iTw_HTWM8q.kHMVnUk7Smec
x-cache
Hit from cloudfront
usersync.html
cdn.undertone.com/js/ Frame FA7E 		12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.undertone.com/js/usersync.html
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:6400:1f:2473:9080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e4bc8f1a2c59e9e8e12e9f32a6812c46570925e9f72770d1475d8a1ee85476b

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
45544
content-encoding
gzip
content-type
text/html
date
Mon, 04 Dec 2023 05:35:18 GMT
etag
W/"9f69f355a69e650f4a86354e76e60d40"
last-modified
Tue, 18 Jul 2023 10:31:18 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 6dfd389c138f0c3d4626295090bb3362.cloudfront.net (CloudFront)
x-amz-cf-id
mmEcOyJhD0nI2q0P0k3N-LYAmlyqmcJEH2H_wlG8KCY6xtdoLtDGWQ==
x-amz-cf-pop
DUS51-P4
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
5cDzvCPt5iTw_HTWM8q.kHMVnUk7Smec
x-cache
Hit from cloudfront
usersync.html
cdn.undertone.com/js/ Frame 49BC 		12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.undertone.com/js/usersync.html
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:6400:1f:2473:9080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e4bc8f1a2c59e9e8e12e9f32a6812c46570925e9f72770d1475d8a1ee85476b

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
45544
content-encoding
gzip
content-type
text/html
date
Mon, 04 Dec 2023 05:35:18 GMT
etag
W/"9f69f355a69e650f4a86354e76e60d40"
last-modified
Tue, 18 Jul 2023 10:31:18 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 6dfd389c138f0c3d4626295090bb3362.cloudfront.net (CloudFront)
x-amz-cf-id
c7soJepcaN8NnJZeFNo3ocSe6E0QSMacV91IIAivEI29HxthhV-E1w==
x-amz-cf-pop
DUS51-P4
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
5cDzvCPt5iTw_HTWM8q.kHMVnUk7Smec
x-cache
Hit from cloudfront
/
onetag-sys.com/usync/ Frame ADA1 		2 KB
863 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1701713659354
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/assets/themes/eet/js/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.theepochtimes.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
init
gw.geoedge.be/api/ Frame DAB9 		0
215 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:d400:10:43f:4352:ad61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
date
Mon, 04 Dec 2023 18:14:21 GMT
via
1.1 0455d1ec539ef7b27f0e90c40cf5cc10.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-P1
content-length
0
x-amz-cf-id
gwGiC0q2UWyOAex2Znm9A69Q2oW0INlHgcSLYA1C3YZA_RVqQ7WjwQ==
x-cache
Miss from cloudfront
t
ingestion.smartocto.com/ 		0
188 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingestion.smartocto.com/t?p=0%3Alpr8dkx4%3AW4zJaKONQTi_krw9rBlWm7xDYbEAeH1Z&s=0%3Alpr8dkx4%3AdvgzgdHcHBZSd8nGGA3eGFt_806ccjiX&v=0%3ABX3adNYUMmRvtjJ05VXh~I6jxsNMBzNJ&e=0%3ABX3adNYUMmRvtjJ05VXh~I6jxsNMBzNJ0&c=1701713661738&n=t&f=t&l=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&i=1600&j=1200&k=1&w=1600&h=1200&t=pageView&ch=web&bid=epochtimesus
Requested by
Host: tentacles.smartocto.com
URL: https://tentacles.smartocto.com/ten/ingestion.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.84.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-84-100.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.theepochtimes.com
Date
Mon, 04 Dec 2023 18:14:21 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 832C 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:24:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
28189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 10:24:32 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3660 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BNxdY-xZuZdKdLYSR7_UPwZS-qA4AAAAAOAHgBAI&bg=!hYalhsnNAAY3kmNgF5I7ADQBe5WfOBuyNHGlT_XGBewivlNceeADaPuWirXZPefe8Nq3T4xrH60mAOIdES3zZkBsZX57AgAAAOpSAAAAAWgBB5kDGQ_PAXsU5wCeNY70qHKkG0Htyn0MCoiNNvl6phrVGqJW6tAcdNg64i5Q5uEIWAq04ELH_Y4g1JdXX5xLCKtc6o6_jqWWNukWXPtLgnEnLFfp9dfKnNaNnHKfDFGf6GV92amYrOYjgewB7GjqofPCoObscmzOot1rq4_TzXB3LXaHhiKQ2gIpvjFiLaZa8MoAd5WXZeJGGUoYe89UeOfqdvpuamJ_R76kz3vYE6g0A9EkErEIUESmN1kMtcJMqHsSZox6DLIQcnKG7y4vfEUT7mQ_WKPvGJ_AdfF3tJJraFWoEChAJcMmH8xT8rGc2ap4xKEywylZ3zdF-njX9Up7kWj_r26oFCqEdXW0FvGJsTy7KFTPfmWFRrNzAPJtwciZXRykpjk8gRx729vObWaYTuJn9MUv8xQQMrsi4nJBENpxgDkL3Ar0-pIsaPmsWa6KA7Bt9Z2uNZMxE3IHBqz7RhWroZ35icQ45JIBvEB2L0DhWwTDRpyqHajtm4O_vQFIUQ9PKajXA8OLYpzw2vlvuB31D4m_srktngl3APyJbKq6MZZ3QCWswQ9_4X8ptNbTl3FYNg1Qgf7DWwbG57iP5SrwzsYIobUqSBDT7jDBHAVTpqPRCirq9vDXpkIfGDwOUc_yMuD_CsdqKEOK5qNVWzf2oE1wbix42gJzG6X-VFwb-QgMy-eJ93mmfjGrhbFLAfQV9E_itHzmpf4i9vlK6gYL7M3QH5AZYnlBPC9iGfbeTPTTUa_t4RQVUM9LaOwvrgY5RwLX7rgzfKRM65OAi-D-WA-RkAWv5jBdIWSgyipxFI4Xpbse4NgkVqOrjJvkufSChdy-V1rOcrV9TlYBFBrrirVmBnfBnheigblhllCngZy9xLp6PvqIZ2SJGkyK3pAJeiOzvpnIUXYlNsOnTD3vCPK8T8hXAkFvfKA45Uw2WYPl2Wvkb0-s0CTg0r4vaSsTHHTZ2UHl8JnzpZaPFbF97DR7EszaZ0_66xzd6A7U8qwWcDNmQO-w1n293sER8_aWX3_62spIWjSX9hHsu-QZpRSzRoTTUqs
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame E435 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:24:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
28189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 10:24:32 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame DAB9 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_qLiZlg7GPUtYIsthD7qBl61KtOc8ZN5gOhJRMCv2H7XaCUVzNriXpdiz-ImOaEzGlRLE-oWAckx3KTGgqKByI-O8dtnXPpVZY7WJot2EbXh2snyGnw-ESuDc3in3OSmZ_gmZH_xTbdT1B1krativra670zxTWf0Cg4vC3hsL4Eb5g1d0rvvfJFw-SKeeWgf3xy-UxHCQJHvvYV3gO903xsg--VteaIjSTuUh2FtHY7wIgyPwxuvo2PWXiEROJatZkTM5G0jhAi9jrUOnLjS7ey339N8xrBrt8ufUdUGnywHfo9Xvml4h89H9rSrJN_wxxmXyxIfXycVx4QH4ceNwOx-WU2PoDybKYZ5mjE-JpLplPk8U8m1NFAy95EOkp08xLYF8tyJeIWID_Co6XbRGaoG0Zt6PBPZShfaA7JN4zXMKA0CyWXf4FxvpsIZyKJ5oDaYNJYnpz4xI_mEHYOdkyPfoWHMX7HzxUNy_Zmp6CNFfnSCLL8Fcc-bPkpe2quAFwIxeoJxTFvMaN1xxNRydJ81z47I-1QppfLlFOEvnE8I7dzldbXiZrm8V-I-1vazViHW_nS8mx-sXVenM2F7Iz0giygoTyGbAgU4GBuQmoNvbVaX3UpTdjbTLXrKg9Of6seTD1EoRdxprGRGYO1U6tK0PgNtdFLa6Cb7Rl_6ctOtSoKSxJcY-WF4EsvM3QHukFKzy7k8G57uwGv3GuWvT_HkFY0_2prw_jMZTj6FVQZGdI8qaOAgfqMfFIe5iQiI2v6EQGXAO_1sAemAIX0O4gMEVR0Jx9MFACgKWcjPdViPWn7hNOVDNl31wTFQiEnbv2Opv0qzFeGlMzAmVf-zL1k4Ca_4XeAUsXDnXwBepASkqCLTGI6ydXY6P6qxssunkTMpiMH9CL9PUFSya2RmuXLL2kyrwYmMBHbUzMHI_w4mbmraCMcC-WFFJsQVfgqoUSk17yLd01RBvea5M2_FhbK7fyYNKJvowGcy4Bt-vmr3jlnBoVFIUaivU9auz8ATq-7_t2k26Z32zzFkJ4FJUZKeU0Npmno0hpFeBjDKaD1--Mw25MaiUsHgM04yn6-ZxroP8LnSyuxu2tmB4lZLGqKGKI4BxLupkqnhw7JVx0XU7bM_UYm9n1f-hC3nHIYhnF9I9c8SkhjbDUu606JlNsoUw_0J830JY4ev7zufX-zt8sCLf1RRQNmkxJXlfEqy2s2GjvsBvfebeoBRpUt2NmXGpLefqMGJxy3_W9dVP59FYyJYpvXpZKVe9iWIhwRXVgSML_-njO3G58HFLLNboXzC0KOsm-KjPi_1hbz7FMUsB2GgbJ3_HYHEj2hreapbe30wPNAiNcg_aWuZkMul6p0CU8epXSi8X4xZRDp2Y0Ba-wg72ypuV5_5tyxrgBmgBFTdHM3Mhj8i9IdwYb5kxaLD_aIS-JAbJU0sC5nolAKXjsza4RAIuLs1sufh-4ccGo80Z7oIeDEaHZYsEQpoREtsvPUJczpfW42b45mkm9XeH5XWBtjJg_1bYsiY3tTc&sai=AMfl-YQJ-PoBh_atmL81GyGg2SfzM21bI-fhP7b3JZoF4tw5-UN2SEPE6ZbxisSufbv9AIzfsjYgPSuyRIKpv0KbLIJWd9uWHUa75iow0swUuKhZRsjXJl8XKkGH9E3O7h-9j8Pz6NjN2_E5FLGYLH0lVos3yIKMJQgXE1mR7p3DSirqOIi4oQuFGzbER_I3dQaKoEB_lpa7pecBACPeaotjGxX-V73x9FQQQ-Uf7HrY5YDAOPN8eGv2p15sgirYr0IVIp0XZrdWgDfxl-Qm6mb07RTRNHch3DHf_pnvSeSNrzQUxg1JXb6uXi2GJgI6-cgEtEpFj0GX7vRIoFsQp99y7PEFfp5ULzmPi1NQ0F2frw0EIoAl2YXLLkTdtZZ1QWtkzWCOWd0O_O7ASL5m-o6aWyzWGOHCRxQm21lTtdeSvRb8E1ib&sig=Cg0ArKJSzL-c_m5x2KOXEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=260&vt=11&dtpt=155&dett=3&cstd=101&cisv=r20231129.05752&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
usermatch
ssum-sec.casalemedia.com/ Frame F9B0 		2 KB
861 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8613e5c2d1ce6376faad48e6db8b6fa48110d474833eb80dea709ae0f33b0c31

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
830607529dd93a3e-FRA
content-encoding
br
content-type
text/html
date
Mon, 04 Dec 2023 18:14:21 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhYD5v1u2BRxpoHR131XrQdMCGwmPQOhO1vevlmuqdJ%2BBV4BGMmv1MwdtmcCnSz3lpUHEiojVh22MT8u9dV3Q1vZIJlXYPN7iRqF%2FL2aTo8kGRN1cEzzpYSmnAZg2%2F9fgr9PofTTP%2FI3Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776
  • https://eus.rubiconproject.com/usync.html?p=12776
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=12776
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Dec 2023 18:14:21 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 04 Dec 2023 18:14:21 GMT
location
https://eus.rubiconproject.com/usync.html?p=12776
server
AkamaiGHost
sync
usr.undertone.com/userPixel/ Frame FA7E
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid=
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
0
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
K5EKixbu9jzLVt_G1VXaf-xRtNq8EkHalujiTARtq6IKCudQnjYP_A==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame FA7E
Redirect Chain
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
8dEw8Fan_G49S_sxrSaB7lfe8FgtVkyd0YiUZSDF5OXt4idd8uUqmA==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
generic
match.adsrvr.org/track/cmf/ Frame FA7E 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sirnsvg&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
usr.undertone.com/userPixel/ Frame FA7E
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-7-ATCK
0
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-7-ATCK
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
zPZqjHpbDQcNEGOBvwUE0iNUkNKJAsGKfW9jBCfg6vE46BCeAid0Jg==
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-7-ATCK
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
sync
usr.undertone.com/userPixel/ Frame FA7E
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTkyNDM0Q0YtM0ExRi00QTVFLTk3NTUtQTUzMDZGM0ZEMzJC&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7B...
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
0
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
IpcjW-Q9nVVUxtmASXE1iLL1I553-SpzwVXkK1GjtSXUgs1k9RpPVA==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
date
Mon, 04 Dec 2023 18:14:23 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
usr.undertone.com/userPixel/ Frame FA7E
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerI...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3Fpa...
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
0
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
F80f5U_9INk85BemoaTiH52VbEwJMWHuDcBWKOD6PKkBdG5bp_HopA==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame FA7E
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58545/occ
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
0
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
sXLXamCvnriSxEbnPWkgweYEKnsVmHV2nVTzZi120G5cuQnv46-ffw==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
reading-time.js
tentacles.smartocto.com/ten/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tentacles.smartocto.com/ten/reading-time.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1081 /
Resource Hash
ce174010dbecc7aec9280ffd46eabfa8189b99d461403f060178a4075a872446

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
br
cdn-edgestorageid
1082
cdn-storageserver
DE-587
cdn-cachedat
11/28/2023 09:17:29
cdn-pullzone
1448885
last-modified
Tue, 28 Nov 2023 09:17:21 GMT
server
BunnyCDN-DE1-1081
cdn-fileserver
382
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"6565b021-19d9"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
92c47c19-149d-4a6b-809d-6a585867c24c
cache-control
public, max-age=60
cdn-requestid
11458dd6154b73e5aa763a6aaf4c5351
cdn-requestcountrycode
CH
cdn-status
200
cdn-requestpullsuccess
True
sync
usr.undertone.com/userPixel/ Frame 49BC
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid=
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
0
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
2Vo72qF_HI3tK4rTX7krODT6mQj26yc8zqwSUsRdl4pfyFipf068jw==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 49BC
Redirect Chain
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
0
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
ZcRyymsnVcuE6NGESacPX0VJ2NLeqHF5LhQY3JBgf9qj8UDycCwfOQ==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
generic
match.adsrvr.org/track/cmf/ Frame 49BC 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sirnsvg&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
usr.undertone.com/userPixel/ Frame 49BC
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-10-LRLV
0
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-10-LRLV
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
E9nJBkyN8TwvBZUfPw01z__5nI0UoFzBe6-rCRDBzi8_sWMQuEPF6g==
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-10-LRLV
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
sync
usr.undertone.com/userPixel/ Frame 49BC
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RUM5QUEwOTUtNDI4MC00MEI3LUJCOUUtODJCMzFENUE2RjZE&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7B...
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
wlSPWnp4fC1sdhC2iq_bRikJKB0w6X5kr8rtVrYdKllGi-PoBbcMIg==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
date
Mon, 04 Dec 2023 18:14:20 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
usr.undertone.com/userPixel/ Frame 49BC
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerI...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3Fpa...
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
0
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
gSDAG9sa6pEqhs3DAXBCpXG0Zx8lQQODF2bhASb1SLHvYADssqLyww==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 49BC
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58545/occ
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
0
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
PToVH7jNcLTK66r_cFGPJCPfYRisHZF2AfdoHb6Dr9k4fYA39B66aQ==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usermatch
ssum-sec.casalemedia.com/ Frame CDEC 		2 KB
820 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8d032fdfe7216b337e6cb9caf7f50610d435df02f746a61696beaf84c1e42c3

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
830607529dd63a3e-FRA
content-encoding
br
content-type
text/html
date
Mon, 04 Dec 2023 18:14:21 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SCvTkC9IqjOuo7I%2BpLUpAvFEQx6bXNrxisV24sIAuHRpQRtJM21uMaJnkTGILu%2FH%2B6QpmCxw1Y%2F1p8EZW2EndsazDCaemroCmZSKrJ%2BPwNou3YZoWCB0EF585pS8HfEfIxrTltJQPUl%2FpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776
  • https://eus.rubiconproject.com/usync.html?p=12776
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=12776
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Dec 2023 18:14:21 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 04 Dec 2023 18:14:21 GMT
location
https://eus.rubiconproject.com/usync.html?p=12776
server
AkamaiGHost
sync
usr.undertone.com/userPixel/ Frame 3AF0
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid=
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
0
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
-YrUFWFMdAMug_ehc6STDq3WalmegRMGw6hwSe4MOcs9Fv4JD-c5PQ==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 3AF0
Redirect Chain
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
0
192 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
xymhFAhzZLaOeIg5xeAhJ8QHXAejY1-m2PvJiq3pI-1YpnTvlQL1Zw==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
generic
match.adsrvr.org/track/cmf/ Frame 3AF0 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sirnsvg&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
usr.undertone.com/userPixel/ Frame 3AF0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-13-8CSE
0
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-13-8CSE
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
ZGBUEH7BOka1_RZhPj0qlTq3f-mEyn6GlpxfuP6gnKkCXigrvJfBsA==
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2K-13-8CSE
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
sync
usr.undertone.com/userPixel/ Frame 3AF0
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MkMyRTkyRjgtRjBFRS00NUU3LTk3QzYtMUEyMDczNDE5M0Yx&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7B...
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
eS45nF03udR3IN77S2VDuTNGPHKSL1gwJ1IWgna-1PcFmCgu3mQtAg==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
date
Mon, 04 Dec 2023 18:14:21 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
usr.undertone.com/userPixel/ Frame 3AF0
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerI...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3Fpa...
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
0
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
PWS9LH6u43J0yozXveCXVg16tjmjXhDxQCR2jnt_v49wAdohWGSR0w==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 3AF0
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58545/occ
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
0
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
HUdx0S4WJwf2bjaPvhZXr4LhdKBfZr_9_id053KbJVczGfyk-mguMQ==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usermatch
ssum-sec.casalemedia.com/ Frame F58A 		2 KB
860 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93be7d71bc050e522b042f1e2580faee29eaa4fa6cc0e2467e5bcdf048460728

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
830607529dd23a3e-FRA
content-encoding
br
content-type
text/html
date
Mon, 04 Dec 2023 18:14:21 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Z5fRbMro6LpfXrGktUaiLqnr%2Bdar3a1lMtpOHBNr0LqOoS0e5PYCW%2BuSPH5B%2B4tk6rUic2ftmMaxhMfV14X6SAF6QQKAqPEbLKfOx4sSpoOBY5V3JthVW47NMetVwue4iDs2n9955syPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 2D68
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776
  • https://eus.rubiconproject.com/usync.html?p=12776
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=12776
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Dec 2023 18:14:21 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 04 Dec 2023 18:14:21 GMT
location
https://eus.rubiconproject.com/usync.html?p=12776
server
AkamaiGHost
sync
usr.undertone.com/userPixel/ Frame 5C08
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid=
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
hZ4xTX0uOXoEXIXbjuvxVd-_wqTDxV_1xbhd5_tlJ10R7b7FyPs_7g==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 5C08
Redirect Chain
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
0
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
FExWlcPpO_zEL52iQCJFfOmQFOwhV754Id2M3SLFuh6SVCil2IXGfg==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
generic
match.adsrvr.org/track/cmf/ Frame 5C08 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sirnsvg&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
usr.undertone.com/userPixel/ Frame 5C08
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-1F-12TL
0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-1F-12TL
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
myjAB5st3IQYYcRJA_fMo8TDjqXMlVeoVFjPSCNzkD1VH05Gfogp3A==
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2I-1F-12TL
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
sync
usr.undertone.com/userPixel/ Frame 5C08
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODAyODhGMEUtRjFBRS00MDU0LUI1OTEtNDYzMjZGRTJDNjcx&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7B...
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
0
309 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
W9uM9r74gyfGCMRVWSekglvIpuCBymXmXfNHuUpRY7CzJo5vRi8VsQ==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
date
Mon, 04 Dec 2023 18:14:22 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
usr.undertone.com/userPixel/ Frame 5C08
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerI...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3Fpa...
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
0
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
ODu4BXY1y5zGVEpmzHCneg8il1q9T3cro8SMKOw0Z8L81VCePzeWTw==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 5C08
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58545/occ
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
0
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
DFkpSs6P1ziAOHf_KbUwZXyWE-wM25IIxqffxjjUPEBwfla8hLX9gQ==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usermatch
ssum-sec.casalemedia.com/ Frame FAA9 		2 KB
857 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e920ec2751d5162bf98b793142de66545bb5b1b41ef3309bd1292e7ce0c30ec3

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
83060752adda3a3e-FRA
content-encoding
br
content-type
text/html
date
Mon, 04 Dec 2023 18:14:21 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkJsAmXiV79c%2BIzZxBkIJ6cVhmrUXE6t%2BYPuiKDtWEQuRp5kJ9HAeSycH2tnFLoYDUlCh65YRTH2YVtMXWFwgRlgOZaPCr642BMs0vt3PE2TWcPEPhesetAQOfI2E9G7gswvRHjDffAM0g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame F89C
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776
  • https://eus.rubiconproject.com/usync.html?p=12776
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=12776
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Dec 2023 18:14:21 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 04 Dec 2023 18:14:21 GMT
location
https://eus.rubiconproject.com/usync.html?p=12776
server
AkamaiGHost
sync
usr.undertone.com/userPixel/ Frame 864F
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid=
  • https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
uzDsY--ju7fvTYz7QZPlmqjBCwXP75XUMhPCqsUpEO72tuKTFBRflw==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usr.undertone.com/userPixel/sync?partnerId=39&uid=24858ed8-3eee-4230-9a71-c3a36cf19283
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 864F
Redirect Chain
  • https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
  • https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
0
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
zB9kmRuggy5vVxFqQuuGpHBzFdOKrX9AuXkra_ZtAEeHsvhCA8Olbw==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-gTDx4QxE2uH2RCfJqR6Qgklhrn57N2I7~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
generic
match.adsrvr.org/track/cmf/ Frame 864F 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sirnsvg&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
usr.undertone.com/userPixel/ Frame 864F
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
0
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
VWUSTOH1qEiaQHebtyDtahVepC6A6Z903fgCTSG8t1AHHGveFZ6F9g==
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
sync
usr.undertone.com/userPixel/ Frame 864F
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzZERDlCODgtMjkzNS00NkZGLTlFMkEtNzlBREI5MEM2RjJG&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160318&pmc=1&pr=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D53%26uid%3DE92434CF-3A1F-4A5E-9755-A5306F3FD32B&us_privacy=%24%7B...
  • https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
0
308 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
XS3A0jF8Y8VSzBX_gQXFhnu26o7oDr4EMD9Qi_C6MXbJ57O_shTbAg==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=53&uid=E92434CF-3A1F-4A5E-9755-A5306F3FD32B
date
Mon, 04 Dec 2023 18:14:20 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
usr.undertone.com/userPixel/ Frame 864F
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D54%26uid%3D%7BuserId%7D
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerI...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c&partner_url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3Fpa...
  • https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
0
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
kl88fsFgC37TYI_vTVLwVQmfVObfa0tG02NYNI-7YTjqNprjC5S6ag==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://usr.undertone.com/userPixel/sync?partnerId=54&uid=cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
usr.undertone.com/userPixel/ Frame 864F
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58545/occ
  • https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
0
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.undertone.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
okcugK5idIKXUwgxPsFb7H5rLcT6kL3BFM794SwyvRF9awBeQHNWmQ==
x-cache
Miss from cloudfront

Redirect headers

location
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usermatch
ssum-sec.casalemedia.com/ Frame 3401 		2 KB
858 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72a5470035e46910d5be8c4adbb13cc754b84232c71fe7935811336dd46c76cc

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
83060752ade43a3e-FRA
content-encoding
br
content-type
text/html
date
Mon, 04 Dec 2023 18:14:21 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QKw90ood4Eja0A7XwhWrXQgLuzqLx3pcLnVa9Ki4EzphS09TFC2FeQRkKHcS%2BulSDokaHrbT8eXVKnvZp8jSga92d1YEdT%2BiDYS8pkqSiCJ%2FddrLvCOvvEXnjDAzHjqNvbVAArqk%2Fkdrdg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776
  • https://eus.rubiconproject.com/usync.html?p=12776
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=12776
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cdn.undertone.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Dec 2023 18:14:21 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 04 Dec 2023 18:14:21 GMT
location
https://eus.rubiconproject.com/usync.html?p=12776
server
AkamaiGHost
28292
i6.liadm.com/s/ Frame CDEC
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:93c3:cadd:da29:694c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
crum
dsum-sec.casalemedia.com/ Frame CDEC
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
43 B
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w80jl0HxarPG9KPCeAD3g8C22dg28bjSmPV8F4gwktmIpPtF09z9PAR4AnvYYHE4IMqv2%2Byjznyq0ZveGWe4JmSItzno%2FU2CMJF%2FhENlWqSolD%2FIQxFCuo%2BXX8BdGUH8jtntSidGg6%2FA7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607532f304d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
an-x-request-uuid
817edff4-3a56-46cb-92e6-e37970d1995b
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
x-proxy-origin
149.88.27.82; 149.88.27.82; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame CDEC 		43 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:357b:9971:3f66:201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
user-registering
ads.stickyadstv.com/ Frame CDEC 		43 B
655 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=1025&userId=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2607:ae80:192:1::172 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1701713662041027-340
crum
dsum-sec.casalemedia.com/ Frame CDEC
Redirect Chain
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=88103294-abc9-46a3-b8f5-2c09d3dc426f
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=88103294-abc9-46a3-b8f5-2c09d3dc426f
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dS8uIYZvoKoJDsnQ7Y9HbPykrDv7i4uGgY1FAvPmyzThBraxPp7ZuH9K0TILekLP9kZmai%2Bv6lq4cbnEOX8r53MIMnfTEwsFqyUNC4iJ8peQnH9HS2hWt7qsdleBsEcPcc%2F5GkMjqqLC6w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8306075458ae4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
access-control-allow-methods
GET,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*.casalemedia.com
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=88103294-abc9-46a3-b8f5-2c09d3dc426f
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
157
dcm
s.amazon-adsystem.com/ Frame CDEC
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
FR7RG50YR6Y13NRFP486
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
G5A9FTEYAE9V5BYQQ8MQ
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame CDEC
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
43 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Server
2a05:d018:d29:3601:357b:9971:3f66:201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43

Redirect headers

location
https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
ix
ad4m.at/ad/sim/ Frame CDEC 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad4m.at/ad/sim/ix
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
sync
usr.undertone.com/userPixel/ Frame CDEC 		0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=57&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
Tgi7pllYWlo16Z-0ABzPCHgU2dYDw7s9ymfhha1ABVWOjNrZplDCmA==
x-cache
Miss from cloudfront
28292
i6.liadm.com/s/ Frame FAA9
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:93c3:cadd:da29:694c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
1
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
2
rum
dsum-sec.casalemedia.com/ Frame FAA9
Redirect Chain
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=2E3wjt9OoI_DHvTZ2RnrjY1A9tzDHfbe2k5O4xz7
43 B
734 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=2E3wjt9OoI_DHvTZ2RnrjY1A9tzDHfbe2k5O4xz7
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXHpAYvieCjnBfgvIGzhExLwktQjReBUkKFfGMvxcQw7WSZ2OeCqOlj5hHGMmMXMbnW7IGJaOwRxqnGbljERNP0x3e2MExCH6TCiL9OdQmgbp%2FQ2auDmBBLuRtcPMWVfx%2Fxt9NQ9KhQJTA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753afc54d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=2E3wjt9OoI_DHvTZ2RnrjY1A9tzDHfbe2k5O4xz7
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
rum
dsum.casalemedia.com/ Frame FAA9
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=365c1b79d4b8193e&is_secure=true&networkId=19998&version=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHrs7wyet_tQMDUwRsAAAAAAA&expiration=1701800062&is_secure=true
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHrs7wyet_tQMDUwRsAAAAAAA&expiration=1701800062&is_secure=true
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZiSA8F2isi8Z1AqZr%2FyY3X%2B4vM2dA1VUZC7U%2FmXped%2BbQN3O1%2BGCB3lN7Sor9ki697sZRu8yNay6BnS5sBJOPPWwY%2FOZmAYWeKMrHRl626y9VsX%2B4yPLiMuZpSjZV%2BjQq5c6KeDI"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8306075478df4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHrs7wyet_tQMDUwRsAAAAAAA&expiration=1701800062&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame FAA9 		0
0
rum
dsum-sec.casalemedia.com/ Frame FAA9
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d8ca1d57-29b0-4822-d05dae45
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d8ca1d57-29b0-4822-d05dae45
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2pXwmS6Dh9xlzR1vcd7BlirBx%2BDVqXfYu1dcLOUJxMGHAGfc88VcZoHFdQJ2Cd4hnRHqwASYgOiykhD0SYs3xnrS9T%2F5uK7OTlEgD68Dni8sTFWvd6hPSzHqnrzi2ZMKeK04kOEbKA1zog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8306075438824d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
server
nginx/1.24.0
p3p
CP='This is not a P3P policy!'
access-control-allow-origin
*
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=d8ca1d57-29b0-4822-d05dae45
content-type
text/html; charset=utf-8
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146
crum
dsum-sec.casalemedia.com/ Frame FAA9
Redirect Chain
  • https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=05fad748-f2f0-49fb-a8fb-656bc94656ed
43 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=05fad748-f2f0-49fb-a8fb-656bc94656ed
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2qYgkil7dn0xhb0fs4iF%2By7OYa%2Bz8ElU9uEM6bggrtKJNDhS6qz9WOfVuAW9UF0gfhpn6JMlGHQcOrjASV%2Fx7yKxaCbebPw7h2OgXgbCWapf04vN%2FekQ%2BtK9%2Fo%2FJdee5RSEueC0ocggRfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8306075458ad4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
access-control-allow-methods
GET,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*.casalemedia.com
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1717524862&external_user_id=05fad748-f2f0-49fb-a8fb-656bc94656ed
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
157
crum
dsum-sec.casalemedia.com/ Frame FAA9
Redirect Chain
  • https://match.adsby.bidtheatre.com/indexmatch?gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166
  • https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=ff39c83c-28be-473d-a3d9-3a4d1b443f27
43 B
740 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=ff39c83c-28be-473d-a3d9-3a4d1b443f27
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5R%2B05%2FE2%2BwVK6T4k3r%2BVd%2BcnyeZLxP2keZiJXKB79aRSqZ0kgHZv5yx6gE8MKQvztB2QaUNsPAHA%2BUKQTCbrOTvsAmLHoTGc%2FAWyhDsoN5QP3iWTO5RAog2Ogc%2B7jLn19FqC0FWzNrYLhw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753afcc4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?gdpr=&gdpr_consent=&cm_dsp_id=226&external_user_id=ff39c83c-28be-473d-a3d9-3a4d1b443f27
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
crum
dsum-sec.casalemedia.com/ Frame FAA9
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=7906858919413668267
43 B
733 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=7906858919413668267
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sA5cTK18yLbIIdxDLrScZaQXC4IlKg7ctF%2FsfWmRlzWcWeOek1zp2qv24NniXlNBzHnJB6dVASNqxEPCQ%2FAwnNvYCyD6t1Xvwyug5fFt9eQv3gEjTni8l7hMJftz%2FJcQhQLBwsMaSvjKCg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753e8184d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=7906858919413668267
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
sync
usr.undertone.com/userPixel/ Frame FAA9 		0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=57&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
y4QLoFvwwrdvqzFo7ar2-UOJk6VOnSCqGJ-qeFej652mT50APcx_0w==
x-cache
Miss from cloudfront
28292
i6.liadm.com/s/ Frame F9B0
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:93c3:cadd:da29:694c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
2
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
rum
dsum-sec.casalemedia.com/ Frame F9B0
Redirect Chain
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=8_gGXfT7VlzoqwILofwdDPf8AwHo9VVb9PnwzzV9
43 B
733 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=8_gGXfT7VlzoqwILofwdDPf8AwHo9VVb9PnwzzV9
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfGkqN5b2BJ6y2dR2iyHyRTQflmTHXIgAgI0Zq179XKb4heagYBJL5G7S5cAx3FWqSr64xZbJZoA3HHTnTKHu%2FQnWWPlYDgTdNppuC%2BOECaM7xIusPZ3xRmrxtST%2BLiU5ey8sAEop99iEw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753afc64d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=8_gGXfT7VlzoqwILofwdDPf8AwHo9VVb9PnwzzV9
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
rum
dsum.casalemedia.com/ Frame F9B0
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=26ac166ddcce18fa&is_secure=true&networkId=19998&version=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAI98omZD1mngNRxDKUAAAAAAA&expiration=1701800062&is_secure=true
43 B
728 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAI98omZD1mngNRxDKUAAAAAAA&expiration=1701800062&is_secure=true
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZ%2BziwAAANQNdjkS71Vs%2FSPLM770X7%2FABXTUUEMjeUy1WMZR0vsFjAZWZMeHBC1Qn5D4bca1ryZAgIr2QYd1j%2BHu5EUxJ%2FMVYDQcYrzlondoyeSlmCgY%2F44LovYtXlqf6aOd0ZPL"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060754f98d4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAI98omZD1mngNRxDKUAAAAAAA&expiration=1701800062&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame F9B0
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4185152155912664142
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4185152155912664142
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1kW24TmNfBMyW30AtGQees2P6h%2B5AF1%2BhV0OIPRMGAxwEd58RvudepW2O06r6WzKymR1uEvAYjPPsPYDwhINAQ3lrYisHOyWzqAL81bxUbbNk9nJdhCl06TU6jnvqneCONfB5iqP2ETlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607535f5f4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4185152155912664142
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame F9B0
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
43 B
731 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQ2jt2NN7I0HbpRrC2QGCKrWc9Y9wioIVH7irUqWWQQKrSsfe6bD6ZKNdiJjOvuvjQkdbA4O%2FC8LiNZkTpoMhYedCSoUe3O95MEzTPioXBUAayEOwjAQnSEUcL27hJcqJ%2F1uZb1mz6aTkA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607535f5b4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
an-x-request-uuid
fe2e9fa9-7443-4269-80fd-c5f3fd9c54d0
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8571671530173653406
x-proxy-origin
149.88.27.82; 149.88.27.82; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
user-registering
ads.stickyadstv.com/ Frame F9B0 		43 B
654 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=1025&userId=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2607:ae80:192:1::172 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1701713662019067-348
ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame F9B0
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
43 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Server
2a05:d018:d29:3601:357b:9971:3f66:201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43

Redirect headers

location
https://pr-bh.ybp.yahoo.com/sync/casale/ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
rum
dsum-sec.casalemedia.com/ Frame F9B0
Redirect Chain
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
43 B
740 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPYERaCKlfFBXYjh%2Fbs%2B0Vcmlwqa2S9mHy3IP%2FxU%2Bg7IIn%2B2ggtlUBvyqSZfvUKAHYIgOr%2BTW3K52%2Fo9ivs4A5Xko8ApvSxWnYutNsUMqBBPrc618pnov749qKcxvUk%2BnUoI4ipAJFnYPw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753cfe04d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=8f79cda9-3faf-4e5c-b974-8b6b9c306f94&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
date
Mon, 04 Dec 2023 18:14:22 GMT
server
_
content-length
0
sync
usr.undertone.com/userPixel/ Frame F9B0 		0
307 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=57&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
hye0FSPrwE2bq9ULt4SdnldUy4AgrcJLM9jiGyxXy4fTI1Rmg-9sFw==
x-cache
Miss from cloudfront
28292
i6.liadm.com/s/ Frame 3401
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:93c3:cadd:da29:694c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
1
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
rum
dsum-sec.casalemedia.com/ Frame 3401
Redirect Chain
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=RaGTlkKiw5de8pSWRKyIx0Wgw5Be95TDQqVqAgyW
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=RaGTlkKiw5de8pSWRKyIx0Wgw5Be95TDQqVqAgyW
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e90HP3aV0goSCOzxI4FkH2YdjTzX8Uc3qiw9TB76qYxUwYQkHzWYqWidJtka%2FL2hwrwL571HkckbFD7HcoDzfF3pi4nmf6xGcHMLYAZf2rxpzocJ5I0ZxsxozwZScNpmCJCnKcyhK8uPlg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753afc34d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=RaGTlkKiw5de8pSWRKyIx0Wgw5Be95TDQqVqAgyW
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
rum
dsum.casalemedia.com/ Frame 3401
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=1e33eb73d921597&is_secure=true&networkId=19998&version=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHq5xlNF-UfAMD2j3HAAAAAAA&expiration=1701800062&is_secure=true
43 B
722 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHq5xlNF-UfAMD2j3HAAAAAAA&expiration=1701800062&is_secure=true
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GWI7xggZPeMoVA%2BYEWOUlWi0hJ9zalf81z5M9OHCfTgDU3yhfZvr50pDbAK5Q1e5YPNuTuyd5Bl2SjexiVNg7uS99y0gFYdMl9gAHakvhDbucj3ZnjXxrvnzA%2FWH2ACSmPnSFKpV"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060754f98e4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAAHq5xlNF-UfAMD2j3HAAAAAAA&expiration=1701800062&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame 3401
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=68
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=tAfc8mllVrldEoksSbg9lJVYG1I
43 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=tAfc8mllVrldEoksSbg9lJVYG1I
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PY1dlK22lC3yIQ4PlEpA8SiUJtIoduRylClV%2FH%2BwtdIW9uy48nt4jge1EhKY0VeYg4cGr72GoS2uxtjdmT0xEoG0eV4zosF6z3ojzt%2BlJ8LTbpzvnoMmqd938222IW4OR0p0IyD9t0xW5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060756dc3a4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=tAfc8mllVrldEoksSbg9lJVYG1I
Date
Mon, 04 Dec 2023 18:14:22 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
crum
dsum-sec.casalemedia.com/ Frame 3401
Redirect Chain
  • https://trace.mediago.io/ju/cs/indexexchange
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=f34e96994f4bd6662jydgh00lpr8dldk
43 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=f34e96994f4bd6662jydgh00lpr8dldk
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RxUQ%2Bb%2BXOvLd4pAYe8AFlfNWXIezaB%2FhS5Ase1xcEYXvuLhucu3TNqerTWHYCYArxw%2BQbAQDptMaesXDcDWFp5h5xtYegH%2F2WgbVVRZ5yVJWFNpxrg8usI90AKsIs0yCgrSECs7h9BUodw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607561b0d4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=215&external_user_id=f34e96994f4bd6662jydgh00lpr8dldk
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
usermatchredir
ssum-sec.casalemedia.com/ Frame 3401
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDWslWCftffc0b5vX2l%2BWswFqXV0BjGW4EmdxHg%2FlPoPBBcq3ON5elJYXJJrez1lGGEaTuVgnWd80bmH8MkOO8lXG1eS0icFPPMcDJrUotMoQadDwBW7YNgLf0gJcEJI5LcWz0L7a6BEJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607535f594d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 3401
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
TD08MK6S93S0G57DN677
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
QF80176E22NFPQ1BE5QS
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 3401
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166&tc=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=5jIdp_cMYjwFDJIBpPuUlLiyDiTSWltxfFoGP03D8RA&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166&tc=1
43 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=5jIdp_cMYjwFDJIBpPuUlLiyDiTSWltxfFoGP03D8RA&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166&tc=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RuQVFcUs862u3EZMnnm%2FB%2F638RPQS3QHnTYSHK3LXkyCRiwTel615m7OH3rLT5znxGba%2FJwEDmbgTVcuqVE65xUiBwo%2Bff2usIaawLR8McH1%2B8XBEyEYigKIuo0qUP7AIoS8N8XTvWH2hg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753f82f4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=5jIdp_cMYjwFDJIBpPuUlLiyDiTSWltxfFoGP03D8RA&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZW4W-YPmGn7jpVupOHW-OAAA%263166&tc=1
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT, Mon, 04 Dec 2023 18:14:22 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
usr.undertone.com/userPixel/ Frame 3401 		0
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=57&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
cga2kx6p78dQ5UodD-Uox93-ngZU8afTqEn2Trnhi9-JGzUz2maJGQ==
x-cache
Miss from cloudfront
usermatchredir
ssum-sec.casalemedia.com/ Frame F58A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
43 B
736 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2ByLGOtAIFvBvhjXrKzP1CdPWzuIpU%2FHXqtCyZwKlORMyaYMdA8Ftan%2FqUw7BoLNKjYGKj7qHdieUbxJ%2Fr3WRpq822sL%2FaSP4ruCftgusMhRaCg3mCzfHjbRpHoLZ16aOQOcwhf1VGTsEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607533f324d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEH7wuw1ElMVOxzy7pL2Mrw8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame F58A
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
029DVCM6G25AYM8T1RQ2
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
EHJBR00MZ7Q6PESHJR1T
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame F58A 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
server
Kestrel
content-length
70
content-type
image/gif
28292
i6.liadm.com/s/ Frame F58A
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZW4W-YPmGn7jpVupOHW-OAAA%263166&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:93c3:cadd:da29:694c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
0
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8JKhRUoGnvh3_CivZRO_xJm_LnQA3rrznLlaPQ
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
3
crum
dsum-sec.casalemedia.com/ Frame F58A
Redirect Chain
  • https://euexchangesync.digitaleast.mobi/usersync/index.gif?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=c0a76c42-facd-4ba4-9136-33a0fd0a40c7
43 B
733 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=c0a76c42-facd-4ba4-9136-33a0fd0a40c7
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQvwpLhZ42XmYO02%2FpFB%2BR0w3pC2gD7XOENAbjjalryHhhha%2FwC8NgUEVxlTM2Z88tBNvjrgFqM76MTdl8yQ5S88YRN6M9V0f5Kxo4YNFAewrkEjoVoVo0sCvj4waooGJO5QnF5d9wJRwg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060753afd74d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=c0a76c42-facd-4ba4-9136-33a0fd0a40c7
date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
131
content-type
text/html; charset=utf-8
crum
dsum-sec.casalemedia.com/ Frame F58A
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADXWU7K3C4AABRen1BinA&expiration=1702923262
43 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADXWU7K3C4AABRen1BinA&expiration=1702923262
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0bkZ9f3EFPDeLVeKbVE6EXkaxmGgcvfI0ohvaWn8AWHMlaxmqhinG1GNOjBfn3zwFokvKq5DZgBdF5vVGc7HsFnwM1Q2bavuDsdeGALXyqSP0nIGtw0dUOIlhzWXCxmRAmIxSy5JnowVlw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83060754a90c4d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADXWU7K3C4AABRen1BinA&expiration=1702923262
Date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
crum
dsum-sec.casalemedia.com/ Frame F58A
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=29
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=6864534660662176442&expiration=1702923306
43 B
734 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=6864534660662176442&expiration=1702923306
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VnUKZnZOaL4f31y2tmzAyqhtd1oUfX3N1wYk8iXNel4ZzkPsdX4Vk7M7FgBahed4zFJgu70%2BDMGqENjpLLV0un4Qccs48fbFw8zmkuXk9lWKRFMeqVtL8%2BD9iG%2FlNh48%2F7Rg4i5pEFBZHg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607535f624d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=6864534660662176442&expiration=1702923306
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
crum
dsum.casalemedia.com/ Frame F58A
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b9a07935-e20f-5bdb-845d3fbe
43 B
657 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b9a07935-e20f-5bdb-845d3fbe
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kARO7Vsqpe7vZMU16NN9uKyvMdIlIOTKalRBrmLW%2FaSGOihT6Q%2BP4X%2FJD4C6%2Fz4nV%2BJ4NvmjQjkLZ%2B9oCnArExesmuc%2B7XzKFPsLvuYNmwSdwwnyMW9qjBXtePOdUArb6OMoG%2FMv"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8306075438473a3e-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
server
nginx/1.24.0
p3p
CP='This is not a P3P policy!'
access-control-allow-origin
*
location
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=b9a07935-e20f-5bdb-845d3fbe
content-type
text/html; charset=utf-8
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119
sync
usr.undertone.com/userPixel/ Frame F58A 		0
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partnerId=57&uid=ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
s2KHUlNrX5zoHIVp1bcTvz2Y08Dn6EW099r9S19VgOm-AQFMYvaglg==
x-cache
Miss from cloudfront
60003574_20231123050256500_xmas_bg_300x250.jpg
s0.2mdn.net/ads/richmedia/studio/60003574/ Frame 57AC 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60003574/60003574_20231123050256500_xmas_bg_300x250.jpg
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e742ec4ee8d808cfdeac07d3d4f3b08ba3c3c7266fceb5da9ddd425a4837e4a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 23:00:33 GMT
x-content-type-options
nosniff
age
69228
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20780
x-xss-protection
0
last-modified
Thu, 23 Nov 2023 13:02:56 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 23:00:33 GMT
GeogrotesqueXComp.woff2
s0.2mdn.net/creatives/assets/4902406/ Frame 57AC 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/4902406/GeogrotesqueXComp.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/556469983186518016/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7f04f5b9ee8bfeaba95049646865e4163a92ba767cea569902e81a713c0301b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/556469983186518016/style.css
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:07:48 GMT
x-content-type-options
nosniff
age
393
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19808
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 13:29:48 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 18:22:48 GMT
Geogrotesque_normal_400.woff2
s0.2mdn.net/creatives/assets/4902406/ Frame 57AC 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/4902406/Geogrotesque_normal_400.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/556469983186518016/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef0adb856579b963b6049d94d5e020105cf548fd2356581f94a80b8c39da1074
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/556469983186518016/style.css
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:03:00 GMT
x-content-type-options
nosniff
age
681
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22172
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 13:29:45 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 18:18:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 57AC 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
383f008785d02472af73ec5e68bc243d794b04a04b6dae87ce8313269c6037d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:21 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5973
x-xss-protection
0
60003574_20231025071814518_blank.png
s0.2mdn.net/ads/richmedia/studio/60003574/ Frame 57AC 		119 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60003574/60003574_20231025071814518_blank.png
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46a42303f8d329f8f0902007fbf69799d461993ca88476b766bca97d47efa9b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 04:52:18 GMT
x-content-type-options
nosniff
age
48123
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119
x-xss-protection
0
last-modified
Wed, 25 Oct 2023 14:18:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 05 Dec 2023 04:52:18 GMT
60003574_20231128090221137_sublogo_xmas_de.png
s0.2mdn.net/ads/richmedia/studio/60003574/ Frame 57AC 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60003574/60003574_20231128090221137_sublogo_xmas_de.png
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d7bcac6f72dbf8f579bd20d9e14867667124b93503584be07cd4827f60db6e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/556469983186518016/index.html?e=69&leftOffset=0&topOffset=0&c=tTCa6FEEUY&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 03 Dec 2023 23:00:08 GMT
x-content-type-options
nosniff
age
69253
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17622
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 17:02:21 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 04 Dec 2023 23:00:08 GMT
truncated
/ Frame DAB9 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1d9e0d05669a3610c7263c551b8b406344c148713485f7e8124f61b05e2463cd

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 57AC 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 04 Dec 2023 18:14:22 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E435 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BCBgE_BZuZeP-NM2A7_UP1Ou_6AUAAAAAOAHgBAI&bg=!iIuli8TNAAY3kmNgF5I7ADQBe5WfOMMLHUnsrFhxoeFuV7wjsFA_Vu9wRc6ipa39jfYf7KcNmW-lVr2-mvV8JmWcrr3kAgAAAHdSAAAAAmgBB5kDGvH-OEByLQHP7Tr8j4jGDO7hsoYc1FzN26r36wIeA62MAvsC2KV56LH-68MWul-Jsp_y4nR1hpZG_Aujh0icc92FTG32Qnn219_GXOpysPSlvDsnuUx06jBCy0qTjfeejNpV_2hApDTzq8ma5aJ7SBWYCEl_-iZrSyGu5_ilSCoO601KsEFCO_7yY-jO2yFugaDPD0AmySE15N9S33XjYWr1G0OGTZb0ZlW14i2KVGr9iVUz1tFdErRetfF8V9s84ewkiljOeX_-db-U4AXedP3JZq0jnIdKWWndT936yVr4Yvc5RE3RHCO6uodvTSfDNavbwnHeLgI7Tjvhm0bEg3XNVgfbyrXLLEDw_pcpGRVUnDWS1ALnahsaZ3ClSsEKO3XZKGrG2JjdwxXX8JO0k2BSBvY9uZX5oO2n2ZdBbMGUM9AN9Tvlh8Xftq6op-hGIZeKgEPqynqiZW7aVCSu5boylXbsxFSe1U4voJiyusMzu8eeq5zySIkSu2UvoMHyzi2EgN7m3dSoFv0bqvMMbPUVA_mZ2ZSV80WTr99mdo_cGcCeoqyLk-wvrAbfX4KeL5-SwmE2qyC32pScLSiJwyphJj5NzJC1ANh0tNmD_2atXzYMrS4zPTbjU1Ym6CZRIZwY5wOEIWp_smJiG5ASvFL4h_yqyx7Dfj2trcFjNQkBeRz4qa1bWkC0c-w8BoMxjIlhC1RfJbAr6g0UEi6bB1tzqEB74bE_bFWiUGdEo9JuurqZz7PceO48p6hXrKGliA9rm0oWvobCPvkX5Q0by3TRl6X5gdlWzjQwOPlfJfqyLZWqAnzpaz4V6g9I5zo498xts0BVZ5vaIlCFh1bvqR7fu0aBqK45LjA_gIVtJl1WovnpEIHGMJBxZysqI7S_Nm021z89Q1OTtO1FWDEIKFdLLiX88OzXRbccKH6mpvJiQV4AfQ2bxuyNDShF4nIxkH8KvpB4vSrrSxDfNd1CzwjBGMTvdSD-y3czpTLbOWwTp6anFtAOIdU3gSDpROpUv0Dgt2BU3F_-QweNutXTcNcFQViVX5_1HT2x
Requested by
Host: 6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
URL: https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame 2D68 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
dada31613ec07643549dd0ba2fccbbbb2063c5af7ddd3e2377c6cdb5ade0cc04

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=12776
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Dec 2023 14:03:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=71275
Connection
keep-alive
Content-Length
13236
Expires
Tue, 05 Dec 2023 14:02:17 GMT
usync.js
eus.rubiconproject.com/ Frame F89C 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
dada31613ec07643549dd0ba2fccbbbb2063c5af7ddd3e2377c6cdb5ade0cc04

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=12776
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Dec 2023 14:03:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=71275
Connection
keep-alive
Content-Length
13236
Expires
Tue, 05 Dec 2023 14:02:17 GMT
usync.js
eus.rubiconproject.com/ Frame CAA0 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
dada31613ec07643549dd0ba2fccbbbb2063c5af7ddd3e2377c6cdb5ade0cc04

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=12776
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Dec 2023 14:03:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=71275
Connection
keep-alive
Content-Length
13236
Expires
Tue, 05 Dec 2023 14:02:17 GMT
usync.js
eus.rubiconproject.com/ Frame B3AD 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
dada31613ec07643549dd0ba2fccbbbb2063c5af7ddd3e2377c6cdb5ade0cc04

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=12776
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Dec 2023 14:03:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=71275
Connection
keep-alive
Content-Length
13236
Expires
Tue, 05 Dec 2023 14:02:17 GMT
usync.js
eus.rubiconproject.com/ Frame FD26 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.226.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-226-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
dada31613ec07643549dd0ba2fccbbbb2063c5af7ddd3e2377c6cdb5ade0cc04

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=12776
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:22 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Dec 2023 14:03:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=71275
Connection
keep-alive
Content-Length
13236
Expires
Tue, 05 Dec 2023 14:02:17 GMT
khaos.json
token.rubiconproject.com/ Frame 2D68 		7 B
807 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
khaos.json
token.rubiconproject.com/ Frame B3AD 		7 B
807 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Expires
0
khaos.json
token.rubiconproject.com/ Frame CAA0 		7 B
807 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
khaos.json
token.rubiconproject.com/ Frame F89C 		7 B
807 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
khaos.json
token.rubiconproject.com/ Frame FD26 		7 B
807 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Expires
0
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 0883 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 10:24:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
28190
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 03 Dec 2024 10:24:32 GMT
sync
usr.undertone.com/userPixel/ Frame 2D68
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776&khaos=LPR8DL2L-T-DLWH
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
0
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
HPIgaq-pW9zP_PL2cRYGJlCILrdwxImf4EhXtwr2z9hU-Orqkzd8qA==
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
cms-2c-rubicon.html
cti.w55c.net/ct/ Frame 405C 		52 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cti.w55c.net/ct/cms-2c-rubicon.html
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:c800:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ecb740996ce05e9b7823c9690564a0d7b3840becad640d37e929cd4f4ee1cdf4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://eus.rubiconproject.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
158510
cache-control
must-revalidate
content-encoding
br
content-type
text/html
date
Sat, 02 Dec 2023 22:12:33 GMT
etag
W/"7549d51888f0142460ac70be66758bc9"
last-modified
Fri, 17 Sep 2021 21:17:39 GMT
server
AmazonS3
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
via
1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
x-amz-cf-id
M7gqnKkJ-nApzF6Q2S61XKNY7XcSE-53V7izU6xqBbDnkGxSAHLFoA==
x-amz-cf-pop
FRA60-P3
x-amz-replication-status
COMPLETED
x-amz-version-id
eM8rKv5bLrMqGrCvH619GCOhuiLqCbex
x-cache
Hit from cloudfront
activeview
pagead2.googlesyndication.com/pcs/ Frame 296D 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJHWO8nEyVCHsRwAC0WtXpNUnD2tJaQz82cuMBD4z6NPzVtg9UwOR-d10Me5nnLiEi-2rZ0wZgcpAUl5W5vh1q6-bnrCRelSJVc-gXaROyoip94JoXFnMLiiXsJvRsIr48cBNdyNU0Bw&sai=AMfl-YSFE_GJAVD4LH_-dblKbBQSTyrKnP5SY0kLlSv6RQT0EoQEZiOrllFha1kHXhR3PiAToSuALkuAwvMDXFNFkor0flshrZKoh2kX4dVKdcnh5_TMwoACVSRz36uehXJY0k4MXQN6z70&sig=Cg0ArKJSzId6SoPGzVdfEAE&cid=CAQSPADICaaNxcUE4CloqAogBOL01bMNN-XfgX_OkJIIX7ANQhLAytz3WopOzeG85yPBBLYJQI4JGthpqfjeWRgB&id=lidar2&mcvt=1000&p=370,1152,970,1452&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3838852029&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701713660566&rpt=625&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
quant.js
secure.quantserve.com/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
gzip
etag
"e23JaXq4HVtlOmThpFhluQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 11 Dec 2023 18:14:22 GMT
/
a.clickcertain.com/px/
Redirect Chain
  • https://a.remarketstats.com/px/smart/?c=244b81b94c69796&seg=epochfun/words-of-wonders-ad-supported-5491287
  • https://a.clickcertain.com/px/smart/a/?c=244b81b94c69796&seg=epochfun/words-of-wonders-ad-supported-5491287
  • https://a.clickcertain.com/px/?c=244b81b94c69796&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.clickcertain.com/px/?c=244b81b94c69796&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
H2
Server
2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79ae2b3d93629b442a7f364ff29db3b2fdf1ade3beb44eb2f2869c1fc6154bf1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:23 GMT
content-encoding
br
x-frontend
cc-nginx-5776dff989-rwljl:cc-nginx-5776dff989-rwljl
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
68342173-b766-4517-9678-55ff2b80f7d6
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duD5cNVpyOINdfvVgJ9Em8QylqtlVpFEzyKSfyVHN3a1dJ%2B45gAVJv3sTXpBKJIG22nea5%2FWmoPfOESThZgb1mawssVECet4dQp3Nv3rYEll1hdMk%2BULdTbPUQj0gDnY7IlqVwbkkvSzRjKr8DRUnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cf-ray
830607593d5a2c49-FRA

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
x-frontend
cc-nginx-5776dff989-zhk5q:cc-nginx-5776dff989-zhk5q
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E12vEALunQqrhuqPO56nfaRv1wd7tURamXvgJiihXB8T9lzLqSKgadvEQwjHoVeVWITO2hB0hplaaRd5kYbrsyXEdZx1WnBXN2oi93w5Hyds8BsJrl3%2FYkoUCiUEuK2EjRzMxFXwN3L%2F4cS5mSodYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
location
https://a.clickcertain.com/px/?c=244b81b94c69796&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
cf-ray
83060756a91e2c49-FRA
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 04 Dec 2023 18:14:22 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B46A2EB7D0AE40D58C1DDE6106845EAC Ref B: FRA31EDGE0514 Ref C: 2023-12-04T18:14:22Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13175
js
www.googletagmanager.com/gtag/ 		194 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-696467118
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z8H4H
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ea2d542d9bac031dca320ea6ed9c958255e986050cbfaf4eae6713905e31ddf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
72462
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 04 Dec 2023 18:14:22 GMT
container.js
tags.wdsvc.net/
Redirect Chain
  • https://tags.wdsvc.net/controller.js?id=100415
  • https://tags.wdsvc.net/container.js?id=100415&v=4.10&t=1701713662627
28 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.wdsvc.net/container.js?id=100415&v=4.10&t=1701713662627
Protocol
HTTP/1.1
Server
52.202.83.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-83-199.compute-1.amazonaws.com
Software
/
Resource Hash
0c47e0b44c66556a96f36be2ca9a268963a84df53815cb4d5e9b637d28c4ddfb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Content-Type
text/javascript
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-length
28662
Expires
Mon, 3 Jan 2005 13:00:00 GMT

Redirect headers

location
https://tags.wdsvc.net/container.js?id=100415&v=4.10&t=1701713662627
Date
Mon, 04 Dec 2023 18:14:22 GMT
Cache-Control
private, no-cache
Connection
keep-alive
Keep-Alive
timeout=5
Transfer-Encoding
chunked
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.theepochtimes.com
URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 18:55:37 GMT
x-amz-server-side-encryption
AES256
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100147-IAD, cache-fra-eddf8230115-FRA
6irth52s.js
js.alocdn.com/c/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.alocdn.com/c/6irth52s.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z8H4H
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.140.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-140-22.lhr50.r.cloudfront.net
Software
nginx/1.20.1 /
Resource Hash
b1a48777454353c2b6ff6e617c2caf64c290e2ba4f55fd74a30d97f734198c21

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 12:28:30 GMT
via
1.1 e33d8864a771b755e3623e8d7ade73ec.cloudfront.net (CloudFront)
server
nginx/1.20.1
x-amz-cf-pop
LHR50-P7
age
20752
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=28800
x-amz-cf-id
hvnvm1M6PG3uigKQ2swAHOn5p5TBiiK8ZgNwmuKcX58xS4jDI1Zgsw==
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=24003086&ns__t=1701713662236&ns_c=UTF-8&c8=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&c7=https%3A%2F...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=24003086&ns__t=1701713662236&ns_c=UTF-8&c8=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&c7=https%3A%2...
0
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=24003086&ns__t=1701713662236&ns_c=UTF-8&c8=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&c7=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&c9=
Protocol
H2
Server
13.32.110.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-18.vie50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
VIE50-C2
x-amz-cf-id
iYMKOUwCWLNV2-xnKeY-Imfrmr6z8zhzczXIFVqZADCEmQTbcNRZ7A==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
location
/b2?c1=2&c2=24003086&ns__t=1701713662236&ns_c=UTF-8&c8=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&c7=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&c9=
content-length
0
x-amz-cf-id
NH_O6XfH36tnWpYYxvHUF6WlOJMqjaRE4RzvJMhSQKmBuvCIigd2LA==
cs.js
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain
  • https://sb.scorecardresearch.com/c2/24003086/cs.js
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
0
384 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol
H2
Server
13.32.110.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-18.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 07:44:56 GMT
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
last-modified
Mon, 03 Jul 2023 14:48:48 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
age
37767
x-amz-server-side-encryption
AES256
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
0
x-amz-cf-id
vkQu8wdr_DZSyuM5QSIQ388VKlbMZAtOvBgdf2Yip1NVF9Q5gq6TKA==

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
location
/internal-c2/default/cs.js
content-length
0
x-amz-cf-id
2cYE0lMqD_ZPGI6uaSw52ifUDvRXerPvVnBdtC2F82C_yI396evGAQ==
pixel
cm.g.doubleclick.net/ Frame 2D68
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TFBSOERMMkwtVC1ETFdI
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEtDrrFT7wZLWycob2sFnAI&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBSOERMMkwtVC1ETFdI&google_push=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBSOERMMkwtVC1ETFdI&google_push=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFBSOERMMkwtVC1ETFdI&google_push=
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
ecm3
s.amazon-adsystem.com/ Frame 2D68
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=50MTBBPQRYSaao6WmChpZA&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=50MTBBPQRYSaao6WmChpZA
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=50MTBBPQRYSaao6WmChpZA
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
ZYNANMDACTF4HB0NR4YX
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=50MTBBPQRYSaao6WmChpZA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 2D68 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
server
Kestrel
content-length
70
content-type
image/gif
pixel
cm.g.doubleclick.net/ Frame 2D68
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzIwMGYzMzBiOGFjMTU1MDJjOGJmMGRhMzJlYjdjZDc1MmFiNWZiNA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzIwMGYzMzBiOGFjMTU1MDJjOGJmMGRhMzJlYjdjZDc1MmFiNWZiNA
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzIwMGYzMzBiOGFjMTU1MDJjOGJmMGRhMzJlYjdjZDc1MmFiNWZiNA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 2D68
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=4NMXHOxsSFyAY6ZaZAJZSA&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=4NMXHOxsSFyAY6ZaZAJZSA
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=4NMXHOxsSFyAY6ZaZAJZSA
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
54.239.38.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
8TP5912A729Q6GWEWQ9T
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=4NMXHOxsSFyAY6ZaZAJZSA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 2D68
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LPR8DL2L-T-DLWH
0
648 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: B0C66A74169545D49077659998F76BE8 Ref B: DUS30EDGE0418 Ref C: 2023-12-04T18:14:22Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYLsxZb0Ef6eKLYMNTqnQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LPR8DL2L-T-DLWH
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 2D68
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/a03wBpSJ7QabjEnft7i6NA?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-uTUu9ldE2oLA4b6.S5E1u95E.BIKLizYdnTAqg--~A
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-uTUu9ldE2oLA4b6.S5E1u95E.BIKLizYdnTAqg--~A
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-uTUu9ldE2oLA4b6.S5E1u95E.BIKLizYdnTAqg--~A
content-length
0
tap.php
pixel.rubiconproject.com/ Frame 2D68
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIXa6WpMbdcgUO1CQ3bcxZg&google_cver=1
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIXa6WpMbdcgUO1CQ3bcxZg&google_cver=1
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIXa6WpMbdcgUO1CQ3bcxZg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 2D68
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=a9us
  • https://s.amazon-adsystem.com/ecm3?id=LPR8DL2L-T-DLWH&ex=d-rubiconproject.com&status=ok
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=LPR8DL2L-T-DLWH&ex=d-rubiconproject.com&status=ok
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
SBNWKGZYHGEKMYN9CKKF
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://s.amazon-adsystem.com/ecm3?id=LPR8DL2L-T-DLWH&ex=d-rubiconproject.com&status=ok
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
tap.php
pixel.rubiconproject.com/ Frame 2D68
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp
  • https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AADXWU7K3C4AABRen1BinA&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AADXWU7K3C4AABRen1BinA&expires=30
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AADXWU7K3C4AABRen1BinA&expires=30
Date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
pixel
capi.connatix.com/us/ Frame 2D68
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=19564
  • https://capi.connatix.com/us/pixel?puid=LPR8DL2L-T-DLWH&pId=11&gdpr=&gdpr_consent=&us_privacy=
  • https://capi.connatix.com/us/pixel?puid=LPR8DL2L-T-DLWH&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true
82 B
82 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capi.connatix.com/us/pixel?puid=LPR8DL2L-T-DLWH&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
104.18.41.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
server
cloudflare
surrogate-control
no-cache, no-store, must-revalidate, max-age=0
vary
Accept-Encoding
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-ray
8306075609ed9c07-FRA
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
server
cloudflare
location
https://capi.connatix.com/us/pixel?puid=LPR8DL2L-T-DLWH&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-ray
83060755a96d9c07-FRA
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length
0
alt-svc
h3=":443"; ma=86400
merge
ce.lijit.com/ Frame 2D68
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=sovrn
  • https://ce.lijit.com/merge?pid=80&3pid=LPR8DL2L-T-DLWH
0
311 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=80&3pid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
216.52.2.86 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Expires
Fri, 20 Mar 2009 00:00:00 GMT
Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
X-MERGE
GDPR Optout true
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ams1
P3P
CP="CUR ADM OUR NOR STA NID"

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ce.lijit.com/merge?pid=80&3pid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
setuid
ib.adnxs.com/prebid/ Frame 2D68
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn
  • https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
an-x-request-uuid
70f90e45-f321-4ffa-a8f1-9c73a3036177
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
149.88.27.82; 149.88.27.82; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
receive
pixel.tapad.com/idsync/ex/ Frame 2D68
Redirect Chain
  • https://token.rubiconproject.com/token?pid=37556&a=1
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LPR8DL2L-T-DLWH
95 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

Location
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LPR8DL2L-T-DLWH
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
magnite
prebid.a-mo.net/setuid/ Frame 2D68
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx
  • https://prebid.a-mo.net/setuid/magnite?uid=LPR8DL2L-T-DLWH
0
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid/magnite?uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy
vary
Accept-Encoding

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://prebid.a-mo.net/setuid/magnite?uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
tap.php
pixel.rubiconproject.com/ Frame 2D68
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=a89b231c-e1c3-48fc-bc56-cfd6618611f7&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=a89b231c-e1c3-48fc-bc56-cfd6618611f7&expires=30
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=a89b231c-e1c3-48fc-bc56-cfd6618611f7&expires=30
Date
Mon, 04 Dec 2023 18:14:22 GMT
Connection
keep-alive
X-CI-RTID
7f01514d-ec72-4a8f-b3cd-8c5fa5ede2b1
Content-Length
144
Content-Type
text/html; charset=utf-8
liveCS.php
live.primis.tech/live/ Frame B3AD
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis
  • https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LPR8DL2L-T-DLWH
0
525 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
2600:9000:215b:b800:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
gzip
via
1.1 25de4127038159040c9b8bcb29fd32bc.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
LHR62-C2
age
0
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/html; charset=utf-8
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
K9qkgrP-7D6O4dCsj3Iilp0OjltqUM1ORnU8NcYQJdkJQ_CE9p5w4w==

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
v1
match.sharethrough.com/sync/ Frame B3AD
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LPR8DL2L-T-DLWH
0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
3.68.140.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-68-140-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
cksync
hb.yahoo.net/ Frame B3AD
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LPR8DL2L-T-DLWH&redir=true
  • https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LPR8DL2L-T-DLWH&redir=true
  • https://hb.yahoo.net/cksync?cs=63&axid_e=eS0zYzE3Y1NGRTJ1SDE2S010ZGZQbE80OTFUQ2g2UXUud35B&ovsid=LPR8DL2L-T-DLWH&dpid=58160
52 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hb.yahoo.net/cksync?cs=63&axid_e=eS0zYzE3Y1NGRTJ1SDE2S010ZGZQbE80OTFUQ2g2UXUud35B&ovsid=LPR8DL2L-T-DLWH&dpid=58160
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
23.50.131.75 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-50-131-75.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=86400 ; includeSubDomains, max-age=604800
date
Mon, 04 Dec 2023 18:14:22 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
52
x-mnet-hl2
E
expires
Mon, 04 Dec 2023 18:14:22 GMT

Redirect headers

location
https://hb.yahoo.net/cksync?cs=63&axid_e=eS0zYzE3Y1NGRTJ1SDE2S010ZGZQbE80OTFUQ2g2UXUud35B&ovsid=LPR8DL2L-T-DLWH&dpid=58160
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.87
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
tap.php
pixel.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=14
  • https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=tAfc8mllVrldEoksSbg9lJVYG1I
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=tAfc8mllVrldEoksSbg9lJVYG1I
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=tAfc8mllVrldEoksSbg9lJVYG1I
Date
Mon, 04 Dec 2023 18:14:22 GMT
Connection
keep-alive
Content-Length
121
Content-Type
text/html; charset=utf-8
tap.php
pixel.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1164
  • https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=6864534660662176442
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=6864534660662176442
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=6864534660662176442
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
tap.php
pixel.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=6&p=70&cp=Rubicon&cu=1&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D6434%26nid%3D2149%26put%3D%40%40CRITEO_USERID%40%40
  • https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=bd4c5837-9d7e-4064-a5a5-1793315702a5
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=bd4c5837-9d7e-4064-a5a5-1793315702a5
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=bd4c5837-9d7e-4064-a5a5-1793315702a5
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1161922
content-length
0
expires
Mon, 04 Dec 2023 00:00:00 GMT
Rubicon
s.seedtag.com/cs/cookiesync/ Frame B3AD
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=seedtag
  • https://s.seedtag.com/cs/cookiesync/Rubicon?channeluid=LPR8DL2L-T-DLWH
0
284 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.seedtag.com/cs/cookiesync/Rubicon?channeluid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
access-control-allow-credentials
true
server
openresty
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://s.seedtag.com/cs/cookiesync/Rubicon?channeluid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
cookiesync
bttrack.com/pixel/ Frame B3AD 		35 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=c91bfcce-bb43-46f7-b14e-567c0a4332b3
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.132.33.69 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS
69.bidtellect.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-servername
Track004-iad
pragma
no-cache
date
Mon, 04 Dec 2023 18:13:12 GMT
strict-transport-security
max-age=31536000;
content-type
image/gif
cache-control
private,no-cache
content-length
35
expires
-1
tap.php
pixel.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://ad.turn.com/r/cs?pid=6
  • https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=4185152155912664142&expires=60&gdpr=&gdpr_consent=
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=4185152155912664142&expires=60&gdpr=&gdpr_consent=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=4185152155912664142&expires=60&gdpr=&gdpr_consent=
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
tap.php
pixel.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://secure.adnxs.com/getuidnb?https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4894%26nid%3D1986%26put%3D$UID%26expires%3D30
  • https://pixel.rubiconproject.com/tap.php?v=4894&nid=1986&put=8571671530173653406&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4894&nid=1986&put=8571671530173653406&expires=30
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
an-x-request-uuid
a64dda92-3054-4257-a2d7-0cdcea46d87a
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://pixel.rubiconproject.com/tap.php?v=4894&nid=1986&put=8571671530173653406&expires=30
x-proxy-origin
149.88.27.82; 149.88.27.82; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://sync.1rx.io/usersync2/rubicon
  • https://sync.1rx.io/usersync2/rubicon?zcc=1&cb=1701713662336
  • https://ad.turn.com/r/cs?pid=45&rndcb=5029256281
  • https://sync.1rx.io/usersync/turn/4185152155912664142?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D186028%26nid%3D4112%26put%3DRX-86fe4d78-b56e-4b...
  • https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
date
Mon, 04 Dec 2023 18:14:22 GMT
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX86fe4d78b56e4bf8852d22dc7a9e4599003
content-type
text/html
709414.gif
id.rlcdn.com/ Frame B3AD 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
sync
visitor.omnitagjs.com/visitor/ Frame B3AD
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=adyoulike
  • https://visitor.omnitagjs.com/visitor/sync?uid=3496f2c9155784213a7b528f78bb441a&visitor=LPR8DL2L-T-DLWH&name=RUBICON
49 B
384 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visitor.omnitagjs.com/visitor/sync?uid=3496f2c9155784213a7b528f78bb441a&visitor=LPR8DL2L-T-DLWH&name=RUBICON
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
52.50.121.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-121-249.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
via
kong/2.8.4
x-content-type-options
nosniff
x-kong-proxy-latency
0
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
content-type
image/gif
x-kong-upstream-latency
6
cache-control
no-cache, no-store, must-revalidate
content-length
49
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://visitor.omnitagjs.com/visitor/sync?uid=3496f2c9155784213a7b528f78bb441a&visitor=LPR8DL2L-T-DLWH&name=RUBICON
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
cookie-sync
sync.outbrain.com/ Frame B3AD
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=outbrain
  • https://sync.outbrain.com/cookie-sync?p=rubicon&uid=LPR8DL2L-T-DLWH&obUid=&initiator=
0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=rubicon&uid=LPR8DL2L-T-DLWH&obUid=&initiator=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
64.202.112.127 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
Cache-Control
no-cache
X-TraceId
e06c746071f59378400878158c1eefe4
Content-Length
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://sync.outbrain.com/cookie-sync?p=rubicon&uid=LPR8DL2L-T-DLWH&obUid=&initiator=
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
setuid
s2s.t13.io/ Frame B3AD
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-triple13
  • https://s2s.t13.io/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
86 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2s.t13.io/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
gzip
via
1.1 google
content-type
image/png
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://s2s.t13.io/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
tap.php
pixel.rubiconproject.com/ Frame B3AD
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=unruly
  • https://sync.1rx.io/usersync/rubicon/LPR8DL2L-T-DLWH
  • https://sync.targeting.unrulymedia.com/csync/RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D186028%26nid%3D4112%26put%3DRX-86fe4d78-b56e-4b...
  • https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=186028&nid=4112&put=RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003&expires=30
date
Mon, 04 Dec 2023 18:14:22 GMT
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX86fe4d78b56e4bf8852d22dc7a9e4599003
content-type
text/html
redirect
exchange.mediavine.com/usersync/ Frame F89C
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=17404
  • https://exchange.mediavine.com/usersync/redirect?partner=rubicon&partnerId=LPR8DL2L-T-DLWH
0
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exchange.mediavine.com/usersync/redirect?partner=rubicon&partnerId=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
3.125.15.233 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-15-233.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
cache-control
private, no-cache
access-control-allow-credentials
true
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
text/html; charset=utf-8

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://exchange.mediavine.com/usersync/redirect?partner=rubicon&partnerId=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
cs
cs.minutemedia-prebid.com/ Frame F89C
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=minute_media
  • https://cs.minutemedia-prebid.com/cs?aid=21479&id=LPR8DL2L-T-DLWH
0
327 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.minutemedia-prebid.com/cs?aid=21479&id=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
54.194.233.137 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-233-137.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
server
istio-envoy
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
access-control-allow-origin
https://eus.rubiconproject.com/
access-control-allow-credentials
true
x-envoy-upstream-service-time
17
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cs.minutemedia-prebid.com/cs?aid=21479&id=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
143
match.deepintent.com/usersync/ Frame F89C 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/143
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 Ashburn, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-length
0
server
c
60909
i6.liadm.com/s/ Frame F89C
Redirect Chain
  • https://token.rubiconproject.com/token?pid=49096
  • https://i.liadm.com/s/60909?bidder_id=227664&bidder_uuid=LPR8DL2L-T-DLWH
  • https://i6.liadm.com/s/60909?bidder_id=227664&bidder_uuid=LPR8DL2L-T-DLWH
43 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/60909?bidder_id=227664&bidder_uuid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
2600:1f18:ed:550a:93c3:cadd:da29:694c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
43
Request-Time
1
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/60909?bidder_id=227664&bidder_uuid=LPR8DL2L-T-DLWH
Date
Mon, 04 Dec 2023 18:14:22 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
0
cs
cs.yellowblue.io/ Frame F89C
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=rise_engage
  • https://cs.yellowblue.io/cs?aid=11590&id=LPR8DL2L-T-DLWH
0
327 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.yellowblue.io/cs?aid=11590&id=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
54.246.157.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-246-157-113.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
server
istio-envoy
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
access-control-allow-origin
https://eus.rubiconproject.com/
access-control-allow-credentials
true
x-envoy-upstream-service-time
16
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cs.yellowblue.io/cs?aid=11590&id=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
/
ssc-cms.33across.com/ps/ Frame F89C
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=33across
  • https://ssc-cms.33across.com/ps/?xi=1&xu=LPR8DL2L-T-DLWH
0
73 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssc-cms.33across.com/ps/?xi=1&xu=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP017 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-33x-status
2020008
date
Mon, 04 Dec 2023 18:14:22 GMT
server
33XP017

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ssc-cms.33across.com/ps/?xi=1&xu=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
tap.php
pixel.rubiconproject.com/ Frame F89C
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=ZW4W-gAEfAQaVQBU
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=ZW4W-gAEfAQaVQBU&_test=ZW4W-gAEfAQaVQBU
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=ZW4W-gAEfAQaVQBU&_test=ZW4W-gAEfAQaVQBU
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by
cache-mxp6926-MXP
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1701713662.382008,VS0,VE0
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=ZW4W-gAEfAQaVQBU&_test=ZW4W-gAEfAQaVQBU
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
tap.php
pixel.rubiconproject.com/ Frame F89C
Redirect Chain
  • https://um.simpli.fi/rb_match
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=00BF387A687D4BE18B6D8E2E0FFAAC37&expires=365
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=00BF387A687D4BE18B6D8E2E0FFAAC37&expires=365
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=00BF387A687D4BE18B6D8E2E0FFAAC37&expires=365
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Sun, 03 Dec 2023 18:14:22 GMT
bridge
cm.adgrx.com/ Frame F89C 		43 B
283 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_SETCOOKIE&AG_PID=rubicon
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.206 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
Cowboy
content-type
image/gif
p3p
CP="NOI OTC OTP OUR NOR"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, proxy-revalidate
x-realserver-nx
ams-delivery-4
content-length
43
expires
Thu, 23 Sep 2004 17:42:04 GMT
tap.php
pixel.rubiconproject.com/ Frame F89C
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2046&pt=n&a=1
  • https://rubicon-match.dotomi.com/match/bounce/current?networkId=12783&version=1&nuid=VsIPxpHSyEOE4UMVfD0ibw
  • https://rubicon-match.dotomi.com/match/bounce/current?DotomiTest=27cfdb2ea1f017d9&is_secure=true&networkId=12783&version=1&nuid=VsIPxpHSyEOE4UMVfD0ibw
  • https://pixel.rubiconproject.com/tap.php?v=5364|1|90&nid=2046&put=AAAHq5xlNF-UjAMLFF4OAAAAAAA&expiration=1701800062&nuid=VsIPxpHSyEOE4UMVfD0ibw&is_secure=true
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=5364|1|90&nid=2046&put=AAAHq5xlNF-UjAMLFF4OAAAAAAA&expiration=1701800062&nuid=VsIPxpHSyEOE4UMVfD0ibw&is_secure=true
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://pixel.rubiconproject.com/tap.php?v=5364|1|90&nid=2046&put=AAAHq5xlNF-UjAMLFF4OAAAAAAA&expiration=1701800062&nuid=VsIPxpHSyEOE4UMVfD0ibw&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
rubicon
tr.blismedia.com/v1/api/sync/ Frame F89C 		0
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.blismedia.com/v1/api/sync/rubicon
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.105.96.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
setuid
prebid-s2s.media.net/ Frame F89C
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-medianet
  • https://prebid-s2s.media.net/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
86 B
507 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid-s2s.media.net/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
server
envoy
content-type
image/png
access-control-allow-origin
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
alt-svc
clear
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://prebid-s2s.media.net/setuid?bidder=rubicon&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
tap.php
pixel.rubiconproject.com/ Frame F89C
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=560687&ev=1&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D390200%26nid%3D5120%26put%3D%25%25VGUID%25%25
  • https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=BvTyb2jPiouM&ev=1&pid=560687
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=BvTyb2jPiouM&ev=1&pid=560687
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-CH
location
https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=BvTyb2jPiouM&ev=1&pid=560687
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-74c7cffc45-f7k44
expires
-1
i.match
a.tribalfusion.com/ Frame F89C 		43 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.tribalfusion.com/i.match?p=b10&u={rubicon_user_token}&redirect=https%3A//pixel.rubiconproject.com/tap.php%3Fv%3D111756%26nid%3D3856%26put%3D%24TF_USER_ID_ENC%24%26expires%3D180
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
x-function
302
server
cloudflare
content-type
image/gif; charset=utf-8
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
830607552d3018b9-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT
cookiesyncendpoint
sync.aniview.com/ Frame F89C
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=17184
  • https://sync.aniview.com/cookiesyncendpoint?biddername=5&auid=&key=LPR8DL2L-T-DLWH
0
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.aniview.com/cookiesyncendpoint?biddername=5&auid=&key=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
96.46.186.182 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-length
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://sync.aniview.com/cookiesyncendpoint?biddername=5&auid=&key=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
sync
usr.undertone.com/userPixel/ Frame F89C
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=12776
  • https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
0
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
18.66.248.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-25.dus51.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
content-length
0
x-amz-cf-id
TH4ee7JeNMF7k2wevI1-J2OwZyw-ILeMFdPxUlCxGMWgmeO-ymKRxA==
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usr.undertone.com/userPixel/sync?partner=rubicon&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
Rubicon
crb.kargo.com/api/v1/dsync/ Frame CAA0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=11864
  • https://crb.kargo.com/api/v1/dsync/Rubicon?exid=LPR8DL2L-T-DLWH
43 B
375 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crb.kargo.com/api/v1/dsync/Rubicon?exid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
3.124.56.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-56-216.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
x-accel-expires
0
vary
Origin
x-rejected
consent
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://crb.kargo.com/api/v1/dsync/Rubicon?exid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
sync
ads.yieldmo.com/ Frame CAA0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=yieldmo
  • https://ads.yieldmo.com/sync?pn_id=rc&id=LPR8DL2L-T-DLWH
43 B
598 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/sync?pn_id=rc&id=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
79.125.82.191 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-82-191.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ads.yieldmo.com/sync?pn_id=rc&id=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=7
  • https://pixel.rubiconproject.com/tap.php?v=101732&nid=3822&put=7308804525456816287&expires=730
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=101732&nid=3822&put=7308804525456816287&expires=730
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=101732&nid=3822&put=7308804525456816287&expires=730
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
/
rtb-csync.smartadserver.com/redir/ Frame CAA0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=smartadserver
  • https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LPR8DL2L-T-DLWH
43 B
664 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
185.86.138.150 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:21 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://b1sync.zemanta.com/usersync/rubicon/
  • https://pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=144598&nid=3992&expires=30&put=
Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:22 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
109
Content-Type
text/html; charset=utf-8
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=2
  • https://pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=860275122398&expires=30&us_privacy=1---
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=860275122398&expires=30&us_privacy=1---
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

access-control-allow-origin
*
location
https://pixel.rubiconproject.com/tap.php?v=5672&nid=2082&put=860275122398&expires=30&us_privacy=1---
content-length
0
usersync
e.serverbid.com/ Frame CAA0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=24856
  • https://e.serverbid.com/usersync?cn=5529&ttt=1&dpui=LPR8DL2L-T-DLWH
35 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.serverbid.com/usersync?cn=5529&ttt=1&dpui=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
https://eus.rubiconproject.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://e.serverbid.com/usersync?cn=5529&ttt=1&dpui=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
user.sync
match.sync.ad.cpe.dotomi.com/w/ Frame CAA0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=epsilon
  • https://match.sync.ad.cpe.dotomi.com/w/user.sync?ptrid=14&userid=LPR8DL2L-T-DLWH
43 B
334 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sync.ad.cpe.dotomi.com/w/user.sync?ptrid=14&userid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
2a02:fa8:8806:16::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
server
nginx
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
content-type
image/gif
cache-control
no-cache
content-length
43
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://match.sync.ad.cpe.dotomi.com/w/user.sync?ptrid=14&userid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
/
csync.loopme.me/ Frame CAA0
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=loopme
  • https://csync.loopme.me/?partner_id=1441&vt=&uid=LPR8DL2L-T-DLWH
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://csync.loopme.me/?partner_id=1441&vt=&uid=LPR8DL2L-T-DLWH
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Server
35.214.141.124 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
124.141.214.35.bc.googleusercontent.com
Software
_ /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
server
_

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://csync.loopme.me/?partner_id=1441&vt=&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Expires
0
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://rbp.mxptint.net/sn.ashx
  • https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R33647_10D2D2B49_643B074D&expires=60
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R33647_10D2D2B49_643B074D&expires=60
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R33647_10D2D2B49_643B074D&expires=60
Date
Mon, 04 Dec 2023 18:14:21 GMT
Cache-Control
private
Strict-Transport-Security
max-age=-384718462; includeSubDomains
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
227
Content-Type
text/html; charset=utf-8
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://cms.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?idmatch=0
  • https://pixel.rubiconproject.com/tap.php?v=4939&nid=1902&gdpr=0&put=-XtN1f54HdTiKEmDq39WhP1_SInidh7T_nrvUm_k
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4939&nid=1902&gdpr=0&put=-XtN1f54HdTiKEmDq39WhP1_SInidh7T_nrvUm_k
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://pixel.rubiconproject.com/tap.php?v=4939&nid=1902&gdpr=0&put=-XtN1f54HdTiKEmDq39WhP1_SInidh7T_nrvUm_k
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://match.adsby.bidtheatre.com/rubiconmatch
  • https://pixel.rubiconproject.com/tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=ff39c83c-28be-473d-a3d9-3a4d1b443f27
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=ff39c83c-28be-473d-a3d9-3a4d1b443f27
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=17039&nid=2650&days=30&gdpr=&gdpr_consent=&put=ff39c83c-28be-473d-a3d9-3a4d1b443f27
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=2999
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=87
  • https://pixel.rubiconproject.com/tap.php?v=333994&nid=4804&put=3981457661995574850&gdpr=0&gdpr_consent=
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=333994&nid=4804&put=3981457661995574850&gdpr=0&gdpr_consent=
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=333994&nid=4804&put=3981457661995574850&gdpr=0&gdpr_consent=
date
Mon, 04 Dec 2023 18:14:22 GMT
content-length
0
9.gif
id5-sync.com/i/175/ Frame CAA0 		43 B
920 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/i/175/9.gif
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://sync.adotmob.com/cookie/rubicon?r=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D123034%26nid%3D3956%26put%3D%7Buser_token%7D
  • https://pixel.rubiconproject.com/tap.php?v=123034&nid=3956&put=09e0220400f59e0732446d56&expires=1
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=123034&nid=3956&put=09e0220400f59e0732446d56&expires=1
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=123034&nid=3956&put=09e0220400f59e0732446d56&expires=1
date
Mon, 04 Dec 2023 18:14:24 GMT
access-control-allow-credentials
true
x-powered-by
Express
keep-alive
timeout=5
vary
Origin
content-length
0
tap.php
pixel.rubiconproject.com/ Frame CAA0
Redirect Chain
  • https://i.w55c.net/ping_match.gif?ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30
  • https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=z6CMMpbv1Radsx5&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=z6CMMpbv1Radsx5&expires=30
Requested by
Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:21 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-029f22d856dc4e10e@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location
https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=z6CMMpbv1Radsx5&expires=30
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
sync.ex.co/v1/ Frame FD26
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=17136_2
  • https://sync.ex.co/v1/setuid?bidder=rubicon&gdpr=&gdpr_consent=&uid=LPR8DL2L-T-DLWH
86 B
375 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.ex.co/v1/setuid?bidder=rubicon&gdpr=&gdpr_consent=&uid=LPR8DL2L-T-DLWH
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
H2
Server
34.198.166.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-198-166-49.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
date
Mon, 04 Dec 2023 18:14:22 GMT
access-control-allow-credentials
true
content-length
86
vary
Origin
content-type
image/png

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://sync.ex.co/v1/setuid?bidder=rubicon&gdpr=&gdpr_consent=&uid=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://onetag-sys.com/match/?int_id=4
  • https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://rcp.c.appier.net/rbcm
  • https://pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=EMvSzQz9D-mSJ5-s_RZuZQ&expires=365
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=EMvSzQz9D-mSJ5-s_RZuZQ&expires=365
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
server
nginx
accept-ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=70596&nid=3632&put=EMvSzQz9D-mSJ5-s_RZuZQ&expires=365
content-type
text/html; charset=utf-8
cache-control
no-store
content-length
131
CookieSyncRubicon
rtb.adentifi.com/ Frame FD26 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncRubicon
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.131.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-131-103.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=64
  • https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=7906858919413668267&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=7906858919413668267&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=7906858919413668267&expires=30
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
token
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/rb.gif
  • https://pixel.rubiconproject.com/tap.php?v=711370&nid=5504&put=d7e1bc70-f5f0-418d-bc56-4aaa60fb768d&expires=365&next=https%3A%2F%2Fbeacon.lynx.cognitivlabs.com%2Fpixel%3Ftype%3Dsync%26source%3Drubi...
  • https://beacon.lynx.cognitivlabs.com/pixel?type=sync&source=rubicon&inventory_source=0
  • https://pixel.rubiconproject.com/token?pid=49038&puid=d7e1bc70-f5f0-418d-bc56-4aaa60fb768d
0
491 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/token?pid=49038&puid=d7e1bc70-f5f0-418d-bc56-4aaa60fb768d
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Expires
0
Pragma
no-cache
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/token?pid=49038&puid=d7e1bc70-f5f0-418d-bc56-4aaa60fb768d
Date
Mon, 04 Dec 2023 18:14:22 GMT
Server
Kestrel
Connection
keep-alive
Content-Length
0
o
usync.vrtcal.com/ Frame FD26
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16466
  • https://usync.vrtcal.com/o?xs=1624&did=LPR8DL2L-T-DLWH
35 B
256 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usync.vrtcal.com/o?xs=1624&did=LPR8DL2L-T-DLWH
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
H2
Server
54.241.193.125 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-193-125.us-west-1.compute.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.26
Resource Hash
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
server
Apache/2.4.7 (Ubuntu)
x-powered-by
PHP/5.5.9-1ubuntu4.26
content-length
35
content-type
image/gif

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://usync.vrtcal.com/o?xs=1624&did=LPR8DL2L-T-DLWH
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Expires
0
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://dmp.brand-display.com/cm/api/rubicon
  • https://pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=d8ca1d57-29b0-4822-d05dae45
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=d8ca1d57-29b0-4822-d05dae45
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
server
nginx/1.24.0
p3p
CP='This is not a P3P policy!'
access-control-allow-origin
*
location
https://pixel.rubiconproject.com/tap.php?v=538100&nid=5446&put=d8ca1d57-29b0-4822-d05dae45
content-type
text/html; charset=utf-8
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
121
getuid
sync.smartadserver.com/ Frame FD26
Redirect Chain
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D32128%26nid%3D2915%26put%3D[sas_uid]
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1
0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.smartadserver.com/getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
185.86.138.150 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-length
0

Redirect headers

location
https://sync.smartadserver.com:443/getuid?gdpr=0&url=https://pixel.rubiconproject.com/tap.php?v=32128&nid=2915&put=[sas_uid]&cklb=1
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://tg.socdm.com/rtb/sync?proto=rubicon
  • https://pixel.rubiconproject.com/tap.php?v=71722&nid=3668&expires=30&put=ZW4W-sCo8YUAAAvxvIIAAAAA
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=71722&nid=3668&expires=30&put=ZW4W-sCo8YUAAAvxvIIAAAAA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

X-SO-Cluster-ID
0
Date
Mon, 04 Dec 2023 18:14:22 GMT
X-SO-LB-Data
{"ban":false,"clean_query":"\/rtb\/sync?proto=rubicon","cluster_id":0,"gdpr":false,"ipv4":"149.88.27.82","key":"ZW4W-sCo8YUAAAvxvIIAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad1011"}
X-SO-Key
ZW4W-sCo8YUAAAvxvIIAAAAA
Server
nginx
X-SO-Upstream-ID
m-ad1011
P3P
CP="See also http://www.scaleout.jp/privacy/"
Location
https://pixel.rubiconproject.com/tap.php?v=71722&nid=3668&expires=30&put=ZW4W-sCo8YUAAAvxvIIAAAAA
Cache-Control
private
X-SO-HostName
m-ad1011.dc4p.scaleout.jp
Connection
keep-alive
X-SO-Ads-Time
1
Content-Length
0
X-SO-LB-Hostname
m-tgng33.dc4p.scaleout.jp
X-SO-IP
149.88.27.82
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=rubicon
  • https://x.bidswitch.net/ul_cb/sync?ssp=rubicon
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Drubicon%26expires%3D30%26us...
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Drubicon%26expires%3D30%26us...
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=85a25f30-e856-5252-b3db-2d7fd6b53b81&ssp=rubicon&expires=30&user_group=1&gdpr=&gdpr_consent=
  • https://pixel.rubiconproject.com/tap.php?v=15796&nid=2760&put=c6a8b66f-d263-492f-accc-1edd69afe757&expires=30&gdpr=&gdpr_consent=&us_privacy=
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=15796&nid=2760&put=c6a8b66f-d263-492f-accc-1edd69afe757&expires=30&gdpr=&gdpr_consent=&us_privacy=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
//pixel.rubiconproject.com/tap.php?v=15796&nid=2760&put=c6a8b66f-d263-492f-accc-1edd69afe757&expires=30&gdpr=&gdpr_consent=&us_privacy=
date
Mon, 04 Dec 2023 18:14:22 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://s.company-target.com/s/rp
  • https://pixel.rubiconproject.com/tap.php?v=1181926&nid=5578&put=88103294-abc9-46a3-b8f5-2c09d3dc426f
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=1181926&nid=5578&put=88103294-abc9-46a3-b8f5-2c09d3dc426f
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 google
access-control-allow-methods
GET,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*.rubiconproject.com
location
https://pixel.rubiconproject.com/tap.php?v=1181926&nid=5578&put=88103294-abc9-46a3-b8f5-2c09d3dc426f
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
131
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://um4.eqads.com/um/rc
  • https://pixel.rubiconproject.com/tap.php?v=11598&nid=2494&put=ade846ba-9bf0-4b1f-988b-59fb34709c80&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=11598&nid=2494&put=ade846ba-9bf0-4b1f-988b-59fb34709c80&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=11598&nid=2494&put=ade846ba-9bf0-4b1f-988b-59fb34709c80&expires=30
date
Mon, 04 Dec 2023 18:14:22 GMT
cache-control
no-cache
content-length
0
expires
0
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://cm.smadex.com/sync?sm_p=rbc&sm_r=rbc
  • https://pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=daca6e25-4d7e-405d-a5ef-dcc927b4a4be&expires=30
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=daca6e25-4d7e-405d-a5ef-dcc927b4a4be&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=71194&nid=3636&put=daca6e25-4d7e-405d-a5ef-dcc927b4a4be&expires=30
date
Mon, 04 Dec 2023 18:14:22 GMT
via
1.1 de0dad50586f94423362513b4f1660b2.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR61-P2
x-amz-cf-id
XpubvF0VYDf1vAKa81eDTcieve4d7bAM62LHRU-JKlhd6L8YoaUefA==
x-cache
Miss from cloudfront
tap.php
pixel.rubiconproject.com/ Frame FD26
Redirect Chain
  • https://sid.storygize.net/ccm/729e4e94-63c3-438d-8ce4-184eb34e703f
  • https://sid.storygize.net/csr?r=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D1172318%26nid%3D5570%26put%3Dd3494986-1339-4ecd-b8f4-62bde4566eaa
  • https://pixel.rubiconproject.com/tap.php?v=1172318&nid=5570&put=d3494986-1339-4ecd-b8f4-62bde4566eaa
42 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=1172318&nid=5570&put=d3494986-1339-4ecd-b8f4-62bde4566eaa
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=1172318&nid=5570&put=d3494986-1339-4ecd-b8f4-62bde4566eaa
date
Mon, 04 Dec 2023 18:14:22 GMT
content-length
0
cms-2-rubicon.min.js
cti.w55c.net/ct/ Frame 405C 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cti.w55c.net/ct/cms-2-rubicon.min.js
Requested by
Host: cti.w55c.net
URL: https://cti.w55c.net/ct/cms-2c-rubicon.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:c800:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5c7987d2f26ca9bf8254df658877b74005f2e90d3f477eacc606e011341d8082
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cti.w55c.net/ct/cms-2c-rubicon.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
4wUy6FG8mI1tQq9b3POfj8uoA5V85xC6
content-encoding
br
via
1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
date
Sat, 02 Dec 2023 16:08:52 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-amz-cf-pop
FRA60-P3
age
180331
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 17 Sep 2021 21:17:39 GMT
server
AmazonS3
etag
W/"d7ff0f4ef590b94bd79fc9b61a13ef4e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
must-revalidate
x-amz-cf-id
BlS0Ab0ZfM0lg8gXz7nsFMydJD4hW1c_Yoq4Ih1geio0baMm_CUhLA==
2964
tags.bluekai.com/site/ Frame 405C 		62 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/2964?id=z6CMMpbv1Radsx5
Requested by
Host: cti.w55c.net
URL: https://cti.w55c.net/ct/cms-2c-rubicon.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.197.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-23-197-190.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cti.w55c.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date
Mon, 04 Dec 2023 18:14:22 GMT
content-length
62
content-type
image/gif
rum
dsum-sec.casalemedia.com/ Frame 405C 		43 B
739 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=47&external_user_id=z6CMMpbv1Radsx5&gdpr=0&gdpr_consent=&expiration=1704305662
Requested by
Host: cti.w55c.net
URL: https://cti.w55c.net/ct/cms-2c-rubicon.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cti.w55c.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QxXfJX9YuyNwHgDRHXn6RgGf7POllWG5Qc1d7xl4wgsGeESTbow5BZ8NBm0%2FscF%2FoFOZNgdJE%2BZqEPLbQgIHH%2F9HF84nONm13eDa%2BggBeI%2FHqMoyOz3hT9ux%2FiqO2MZXst82cO1ZaJtyRg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
830607556a104d4f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0
rules-p-a128V7tctPVtT.js
rules.quantcount.com/ 		3 B
457 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-a128V7tctPVtT.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:8600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 08:26:13 GMT
via
1.1 6b2d62d60926d8d51fdcbcc94fce643a.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
age
35352
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 20:44:26 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
qh8IzYqMhA5D5tNlGrjPa3EApKE-kN3Dv_CGSxdMN8jch4injm0oRw==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/696467118/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/696467118/?random=1701713662302&cv=11&fst=1701713662302&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&hn=www.googleadservices.com&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&auid=908822389.1701713659&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a57daa4d2037281a9e2e69c9dfa7a94de521e5dd596574873f91f08ddd719c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1339
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
138003605.js
bat.bing.com/p/action/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/138003605.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1152f79a12543479de3ec4e56eaa913401cd934968ddfcbf833218f585a0e494
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Mon, 04 Dec 2023 18:14:22 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B84482A8D49C4AE88581990460A22BA7 Ref B: FRA31EDGE0514 Ref C: 2023-12-04T18:14:22Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
0
bat.bing.com/action/ 		0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=138003605&Ver=2&mid=17877a1b-100b-40de-9217-60ebdf9e5f35&sid=f307fb2092d011ee9de8874b2f482edf&vid=f3081f0092d011ee862c99c8b864ab67&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&p=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&r=&lt=1753&evt=pageLoad&sv=1&rn=811094
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 04 Dec 2023 18:14:22 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B33F0C027DC843C59FD8B2C5AD8CE9AB Ref B: FRA31EDGE0514 Ref C: 2023-12-04T18:14:22Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
t.co/1/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=acea2268-72ff-4867-b3ee-ab78e41d4155&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=nzye8&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
104
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
979850dfbd582179
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
1c53b6503d7a712ddf29aebddd8c618abf4b107d1d5a72ec62fbe2039380c381
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
565 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=acea2268-72ff-4867-b3ee-ab78e41d4155&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=nzye8&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
105
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
91f2b7e3dc5c9269
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
06c1654a620b775be309439dd2fe7ecccf20cd98d240e96b3d432339c0aa3717
content-length
43
adsct
t.co/1/i/ 		43 B
202 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=ebb13beb-23e1-448f-9f59-5ce837e9c057&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=ofnz2&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
110
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
e209efda0a50919d
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
1c53b6503d7a712ddf29aebddd8c618abf4b107d1d5a72ec62fbe2039380c381
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
539 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=ebb13beb-23e1-448f-9f59-5ce837e9c057&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=ofnz2&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
105
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
944d85e255cd60c2
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
06c1654a620b775be309439dd2fe7ecccf20cd98d240e96b3d432339c0aa3717
content-length
43
adsct
t.co/1/i/ 		43 B
221 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=222d1d53-3f33-48d2-8b79-54224bbe5999&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=odl9r&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
104
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
bebebeea1ca7dc85
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
1c53b6503d7a712ddf29aebddd8c618abf4b107d1d5a72ec62fbe2039380c381
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
544 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=222d1d53-3f33-48d2-8b79-54224bbe5999&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=odl9r&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
107
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
5ab2232cdbb624c4
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
06c1654a620b775be309439dd2fe7ecccf20cd98d240e96b3d432339c0aa3717
content-length
43
adsct
t.co/1/i/ 		43 B
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=79c48bb6-38fc-4ffe-95f3-ee876f737486&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=ofy5s&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
103
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
a1e069aafdf2de68
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
1c53b6503d7a712ddf29aebddd8c618abf4b107d1d5a72ec62fbe2039380c381
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
723 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=79c48bb6-38fc-4ffe-95f3-ee876f737486&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=ofy5s&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
104
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
d52ac447b39e3c32
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
06c1654a620b775be309439dd2fe7ecccf20cd98d240e96b3d432339c0aa3717
content-length
43
adsct
t.co/1/i/ 		43 B
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=f6301b99-986c-4683-8a17-f20ae6271149&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=od4qh&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
104
date
Mon, 04 Dec 2023 18:14:22 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
6cb633a5577167af
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
1c53b6503d7a712ddf29aebddd8c618abf4b107d1d5a72ec62fbe2039380c381
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
544 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=f6301b99-986c-4683-8a17-f20ae6271149&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5f24070c-ae0d-49b3-b715-db2d3e1515dd&tw_document_href=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&tw_iframe_status=0&txn_id=od4qh&type=javascript&version=2.3.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-response-time
110
date
Mon, 04 Dec 2023 18:14:21 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
a79a6cfdde5a89ba
cache-control
no-cache, no-store, max-age=0
perf
7626143928
x-connection-hash
06c1654a620b775be309439dd2fe7ecccf20cd98d240e96b3d432339c0aa3717
content-length
43
/
www.google.com/pagead/1p-user-list/696467118/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/696467118/?random=1701713662302&cv=11&fst=1701712800000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQDICaaNx-lWERt5DqTPadJbfFNNAljlu6L42O9OmURYCu3HBpnnmbM-&random=141177633&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ch/pagead/1p-user-list/696467118/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ch/pagead/1p-user-list/696467118/?random=1701713662302&cv=11&fst=1701712800000&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&frm=0&tiba=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQDICaaNx-lWERt5DqTPadJbfFNNAljlu6L42O9OmURYCu3HBpnnmbM-&random=141177633&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
138003605
www.clarity.ms/tag/uet/ 		828 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/138003605
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/138003605.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1b8e39d15e46c338d464f65b44dcc5641f08de4c1e0bec6563f70f8694f28bca

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
-1
date
Mon, 04 Dec 2023 18:14:22 GMT
x-azure-ref
20231204T181422Z-dmw8vv8nr9305ctgbx6wy6qek000000006n0000000005qf7
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
828
request-context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
pixel;r=206831580;rf=0;a=p-a128V7tctPVtT;url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287;uht=2;fpan=1;fpa=P0-2007519461-1701713662295;pbc=;ns=0;ce=1;qjs=1...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=206831580;rf=0;a=p-a128V7tctPVtT;url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287;uht=2;fpan=1;fpa=P0-2007519461-1701713662295;pbc=;ns=0;ce=1;qjs=1;qv=6076e8c2-20231114150359;cm=;gdpr=0;ref=;d=theepochtimes.com;dst=1;et=1701713662379;tzo=-60;ogl=title.Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%2Cdescription.Play%20online%20Words%20of%20Wonders%20game%20%252EPlay%20now%20for%20free%252C%20no%20download%20or%20registratio%2Curl.https%3A%2F%2Fwww%252Etheepochtimes%252Ecom%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287%2Csite_name.The%20Epoch%20Times%2Clocale.en-US%2Cimage.https%3A%2F%2Fimg%252Etheepochtimes%252Ecom%2Fassets%2Fuploads%2F2023%2F07%2F21%2Fid5414540-EET-logo%252Epng%2Ctype.website;ses=de4f6eff-cdd0-47df-ae42-55fdcc248bdd;mdl=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
strict-transport-security
max-age=86400
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 3783 		42 B
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvYSFnOu7Ar4IJ91lPS4WLjsRR1cvh7WrsREgOZAH4219pXcihsJBjqeF-YrqbGzlQlTDw_4sfsZcClztTlxnHMYKf8iczW4buBzfHRnF3DIP8kINxmNLHTSBqIqhL7j7pAjYLeJ-RdTAuBSr_9i5zQW47thjjTrTxYstWkmg&sai=AMfl-YSBxzf7MrqNFKOSYqnRMcN4bW-IeyEMJq6wS9lxQ4wk18Z8OuuRv5mFVzKKlufIz1oOE8eVU-MEtm917wErj279J5i4_3QPF4vxBrQ2VdnKY88ZnDZrJg6q8IFP1YuR1mIbGByHyQ&sig=Cg0ArKJSzP7LJc_q7H5_EAE&cid=CAQSOwDICaaNloUAWarD-CkAeHZG8tToi4wJlya7tKmIU3vNdHC2SSmpRVPDUKKvtpzNIq_ArAfeCS4qLEAcGAE&id=ampim&o=140,100&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=520&tls=1520&g=99.80000257492065&h=99.80000257492065&tt=1521&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame DAB9 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstbYECcYDDR9ett2cSSHN_E1AKVjIHGPmRICeZePfbAvZHF_Tm1dsqdk115rSXNWuZ9oHDoOBAZavb8fL3_J0oUx1zodCXtKzcOOQqxBhScJTJk6LjSNjFE4mgmWsM6wxYiFUEmkahKng&sai=AMfl-YR7sZBRbJR2-8XyEc8v34MU2KKs4UQSlQocNdIUI8OllMGgynQ3DmfKgiFbWkL5oE6ZsudfKBvEx9b6_EYsjMcBJjL1hxSVIACOClsTfj_6NNnR-1FT_m40facMu_9NGHDLlPkyKw&sig=Cg0ArKJSzI04Al1Z4FGREAE&cid=CAQSOwDICaaNXm5NdhGm46HjlArzlISSUFAnGiuvMKzFIIrQKgf0owzVnSPFmDeQt1Zr1fdL-couIVVL9-xaGAE&id=lidar2&mcvt=1000&p=96,1152,346,1452&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231129&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2135588503&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701713661293&rpt=373&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
clarity.js
www.clarity.ms/s/0.7.20/ 		60 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.20/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/138003605
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:22 GMT
content-encoding
br
last-modified
Mon, 04 Dec 2023 12:08:18 GMT
etag
W/"0x8DBF4C1B3818466"
vary
Accept-Encoding
x-azure-ref
20231204T181422Z-dmw8vv8nr9305ctgbx6wy6qek000000006n0000000005qh3
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
a83e7593-d01e-0008-28ad-2634d4000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=34D7C5A02BAF4806B977FE64D6864E50&RedC=c.clarity.ms&MXFR=1A2AB685B61B631B032CA558B21B6DF4
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=34D7C5A02BAF4806B977FE64D6864E50&MUID=1FB505823A2B6E8703A4165F3BA06FD8
42 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=34D7C5A02BAF4806B977FE64D6864E50&MUID=1FB505823A2B6E8703A4165F3BA06FD8
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
last-modified
Wed, 30 Aug 2023 19:01:41 GMT
server
Microsoft-IIS/10.0
etag
"8d59566974dbd91:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:22 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9EFEFC4D4BCB40FB93ABBA587203C0A2 Ref B: FRA31EDGE0514 Ref C: 2023-12-04T18:14:23Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=34D7C5A02BAF4806B977FE64D6864E50&MUID=1FB505823A2B6E8703A4165F3BA06FD8
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
/
tags.wdsvc.net/tpc-eval/ 		21 B
284 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.wdsvc.net/tpc-eval/?lid=18c3609d331-tags8-9a434384c67b5
Requested by
Host: tags.wdsvc.net
URL: https://tags.wdsvc.net/controller.js?id=100415
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.202.83.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-83-199.compute-1.amazonaws.com
Software
/
Resource Hash
b0e70b299ab9c122ad93531fa8e5309833baecd53dd55c992c538f8b33bfa22d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Dec 2023 18:14:23 GMT
Content-Type
text/javascript
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-length
21
Expires
Mon, 3 Jan 2005 13:00:00 GMT
p.gif
p.alocdn.com/c/6irth52s/a/etarget/ 		42 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.alocdn.com/c/6irth52s/a/etarget/p.gif?title=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&url=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&auid=a4c3a649-0b82-47a1-a6af-49192c6f3b40
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.71.111.90 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-71-111-90.us-west-2.compute.amazonaws.com
Software
nginx/1.20.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date
Mon, 04 Dec 2023 18:14:23 GMT
server
nginx/1.20.1
content-type
image/GIF
collect
n.clarity.ms/ 		0
301 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://n.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.theepochtimes.com
Date
Mon, 04 Dec 2023 18:14:23 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
/
a.clickcertain.com/px/cont/ Frame 2A07 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.clickcertain.com/px/cont/?c=244b81b94c69796&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&cn=CH&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Requested by
Host: a.remarketstats.com
URL: https://a.remarketstats.com/px/smart/?c=244b81b94c69796&seg=epochfun/words-of-wonders-ad-supported-5491287
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b0bb840a34f810618a44f7979fc9f8e0295088880806928d2fd0cfb2fed2031

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
8306075a2ece2c49-FRA
content-encoding
br
content-type
text/html
date
Mon, 04 Dec 2023 18:14:23 GMT
etag
W/"MzkwZjcyNGJnOGM1OWc0YmNkZ2JjODBnZGQzYTljMDMwZTdiLXow"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6E%2BNrW6962T3goSUGA1UoZoNwhrnB1SWlGMVU%2FNRf3F9pqahU2raYOPuHcTztbF4m6dRnKBvXTHSQWpOrNXsBUc40%2F1g0VxO4ohzOD2Wm0dBDcg028jZXE%2B%2F9m9jex%2BA1ZLZ1GQvezqV%2BA%2FVapd2A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-frontend
cc-nginx-5776dff989-trjln:cc-nginx-5776dff989-trjln
x-requestid
54bf1206-c12c-42f5-87f2-f1aebe53b51b
/
a.clickcertain.com/px/ta/ Frame 2A07
Redirect Chain
  • https://a.clickcertain.com/px/ta/?ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%...
  • https://a.clickcertain.com/px/ta/?done=true&ta_id=36d82815-46be-4df1-ba62-33690484b7eb
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.clickcertain.com/px/ta/?done=true&ta_id=36d82815-46be-4df1-ba62-33690484b7eb
Requested by
Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=244b81b94c69796&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&cn=CH&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
H2
Server
2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://a.clickcertain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:23 GMT
x-frontend
cc-nginx-5776dff989-rwljl:cc-nginx-5776dff989-rwljl
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
46a726ee-7e87-4bbb-8993-c6ecdbc6b1d1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPZCwrEu9iaHni84RlqAF6Q9nVgKTf4JehI5Ce2y7thyphRc6AlXlYTvZIQVe5RdPw9izKAdileD4ih0uwLiaKMzyoJItjhxX6D8ouZOd02OZvUSSmz8%2F5MuioX69TtcYto6vByQCaUGKtLaPqbykQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8306075c19ed2c49-FRA

Redirect headers

date
Mon, 04 Dec 2023 18:14:23 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
Jetty(11.0.13)
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://a.clickcertain.com/px/ta/?done=true&ta_id=36d82815-46be-4df1-ba62-33690484b7eb
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
/
a.clickcertain.com/px/t/ Frame 2A07
Redirect Chain
  • https://a.usbrowserspeed.com/cs?puid=9f1f26af-8e3d-5568-82fe-90322a6f4c6d&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2ft%2f%3fdone%3dtrue%26rid%3d795948ce%2d4728%2d4ce7%2daa2e%2de7d7ff95f2f...
  • https://a.clickcertain.com/px/t/?done=true&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&uid=ad58545a-5607-4824-beac-19820e72458e&hem=
0
419 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.clickcertain.com/px/t/?done=true&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&uid=ad58545a-5607-4824-beac-19820e72458e&hem=
Requested by
Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=244b81b94c69796&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&cn=CH&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
H2
Server
2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://a.clickcertain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:24 GMT
x-frontend
cc-nginx-5776dff989-2sp8v:cc-nginx-5776dff989-2sp8v
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
f3ebdade-be4f-46fc-98f4-6795454878a0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7QGPGEwItunI0YpYQbdlMDNBzph%2FE8DVDeMoajSi%2Fd%2FvEOjnFMzCS9Y%2BrXxXIni8LWMrTj32XO9rIyhTrnbYNH3MwswEQEV23DF4ZJDSyNX8nB9Esunkr7JJ9IY8hNMaBQuinqxdt1TJbGJV4PMZaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8306075f2fa02c49-FRA

Redirect headers

location
https://a.clickcertain.com/px/t/?done=true&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&uid=ad58545a-5607-4824-beac-19820e72458e&hem=
date
Mon, 04 Dec 2023 18:14:23 GMT
server
awselb/2.0
content-length
164
content-type
text/html; charset=utf-8
ldc.js
tag.trovo-tag.com/ Frame 2A07 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.trovo-tag.com/ldc.js?pid=193f0456&aid=193f0456
Requested by
Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=244b81b94c69796&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&cn=CH&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:d000:e:291c:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
42b4421435906a79bd519a7bb10fc226b362b9c24ae23084f4c3578002401e0d

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://a.clickcertain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:23 GMT
via
1.1 2a5303ed411734ba7adcd9ff65d96392.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
no-cache
content-length
1164
x-amz-cf-id
NH1rl7Lkq4i8wV-kS_PBBYkFUWHPL99eoHXhfuWE3E-CM-aH_LpPVA==
fivebyfive
match.prod.bidr.io/cookie-sync/ Frame 2A07 		27 B
27 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/fivebyfive
Requested by
Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=244b81b94c69796&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&cn=CH&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.208.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-208-25.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
b3b8631cb468badc4012a399bf6d49bc2f4fc4f2ccef578a830234eb6b168da1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://a.clickcertain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:23 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
27
content-type
text/plain
pixel
cm.g.doubleclick.net/ Frame 2A07
Redirect Chain
  • https://a.clickcertain.com/px/r/?ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b
  • https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%25...
  • https://a.clickcertain.com/px/li/?ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%...
  • https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3d390f724b%2d8c59%2d4bcd%2dbc80%2ddd3a9c030e7b%26anx_uId%3d%24UID
Requested by
Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=244b81b94c69796&ccid=390f724b-8c59-4bcd-bc80-dd3a9c030e7b&cn=CH&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://a.clickcertain.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:23 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 04 Dec 2023 18:14:23 GMT
x-frontend
cc-nginx-5776dff989-9z5hd:cc-nginx-5776dff989-9z5hd
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
d46553a0-9876-4234-8a6a-618d73a4ea22
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oIQ7es5huTeDgll7GfqkKilC9mtQceaHHhnJSr4dyvPb6IVmZz%2Fz%2FdVpTS6A%2BMm7%2F4Kb8Qun%2FQS%2BXDHw5CUkDDzi%2Bf9UeZ1Nf6FVhbErAxCblcdxBbVUOSfypueea0PQwV2%2FUBSsrWiEApJloQA6yw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3d390f724b%2d8c59%2d4bcd%2dbc80%2ddd3a9c030e7b%26anx_uId%3d%24UID
cf-ray
8306075e6e002c49-FRA
/
mixproxy.epoch.cloud/mixpanel/track/ 		1 B
595 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mixproxy.epoch.cloud/mixpanel/track/?ip=1&_=1701713663943
Requested by
Host: mixproxy.epoch.cloud
URL: https://mixproxy.epoch.cloud/mixpanel/lib.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:cb07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 04 Dec 2023 18:14:24 GMT
strict-transport-security
max-age=604800; includeSubDomains
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time
22
alt-svc
h3=":443"; ma=86400
content-length
1
server
cloudflare
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.theepochtimes.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a1Pp4X6c3wyy%2BJHj8ACiFsbltu2j1qr%2FjCGv%2Bq%2FRVzlgLgswjJmmLUsH2UCiq%2BJvQYc1%2FONe%2BNHOGHDWVxMAfYejQCVfmvUI8hLLc%2Bbg9B4AoQejl5UcUMzAe1cwoQEekeL0OPkx%2BZXwTMi%2B223IQo8DBA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
cf-ray
8306075fad121970-FRA
access-control-allow-headers
X-Requested-With
193f0456
tag.trovo-tag.com/ Frame 6E82 		738 B
994 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tag.trovo-tag.com/193f0456?rurl=https%3A%2F%2Fa.clickcertain.com%2Fpx%2Fcont%2F%3Fc%3D244b81b94c69796%26ccid%3D390f724b-8c59-4bcd-bc80-dd3a9c030e7b%26cn%3DCH%26rid%3D795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&ref=&v=js-0.1.0&aid=193f0456&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Requested by
Host: tag.trovo-tag.com
URL: https://tag.trovo-tag.com/ldc.js?pid=193f0456&aid=193f0456
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:d000:e:291c:8fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
11f5ef57ba2f7ddca1826a703bf4f188470c68214aa1349710848e8de37aa88b

Request headers

Referer
https://a.clickcertain.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

cache-control
no-cache
content-length
738
content-type
text/html
date
Mon, 04 Dec 2023 18:14:24 GMT
server
CloudFront
via
1.1 2a5303ed411734ba7adcd9ff65d96392.cloudfront.net (CloudFront)
x-amz-cf-id
OpXVpnCnh3Qo8xpinF6P45T0ZeLADSJiVkFXnlJ95j90f2q8XpSDOA==
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
collect
n.clarity.ms/ 		0
301 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://n.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://www.theepochtimes.com
Date
Mon, 04 Dec 2023 18:14:24 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
/
a.remarketstats.com/px/smart/ Frame 6E82 		840 B
840 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.remarketstats.com/px/smart/?c=24d1add2443e239&type=img&partner_id=193f0456&partner_rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Requested by
Host: tag.trovo-tag.com
URL: https://tag.trovo-tag.com/193f0456?rurl=https%3A%2F%2Fa.clickcertain.com%2Fpx%2Fcont%2F%3Fc%3D244b81b94c69796%26ccid%3D390f724b-8c59-4bcd-bc80-dd3a9c030e7b%26cn%3DCH%26rid%3D795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&ref=&v=js-0.1.0&aid=193f0456&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4549 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tag.trovo-tag.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:24 GMT
content-encoding
br
x-frontend
cc-nginx-5776dff989-trjln:cc-nginx-5776dff989-trjln
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
c2752204-8e1b-4a7e-b2c1-e7ab5d600290
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fmu8ATJiPrdhiIfszXES81cMrb5pzg6fXo%2F2UuiHB4vn6VUFaM%2BT2mbcKlsOu8P66tK9%2BT7jJhn8cmS%2F%2B4OQhwHoUSpqg5olsKQgwTMHc3MEC3S11IckyWBoCBbRpj8ZHbiUrrCMEG3zuu8sjZV27vY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cf-ray
83060760aedb5c14-FRA
lds
a.usbrowserspeed.com/ Frame 6E82 		0
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.usbrowserspeed.com/lds?aid=193f0456&pid=193f0456&external_id=&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&v=js-0.1.0&rurl=https%3A%2F%2Fa.clickcertain.com%2Fpx%2Fcont%2F%3Fc%3D244b81b94c69796%26ccid%3D390f724b-8c59-4bcd-bc80-dd3a9c030e7b%26cn%3DCH%26rid%3D795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&ref=
Requested by
Host: tag.trovo-tag.com
URL: https://tag.trovo-tag.com/193f0456?rurl=https%3A%2F%2Fa.clickcertain.com%2Fpx%2Fcont%2F%3Fc%3D244b81b94c69796%26ccid%3D390f724b-8c59-4bcd-bc80-dd3a9c030e7b%26cn%3DCH%26rid%3D795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&ref=&v=js-0.1.0&aid=193f0456&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.155.128.1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-155-128-1.us-west-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tag.trovo-tag.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:24 GMT
server
awselb/2.0
fivebyfive
match.prod.bidr.io/cookie-sync/ Frame 6E82 		27 B
27 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/fivebyfive
Requested by
Host: tag.trovo-tag.com
URL: https://tag.trovo-tag.com/193f0456?rurl=https%3A%2F%2Fa.clickcertain.com%2Fpx%2Fcont%2F%3Fc%3D244b81b94c69796%26ccid%3D390f724b-8c59-4bcd-bc80-dd3a9c030e7b%26cn%3DCH%26rid%3D795948ce-4728-4ce7-aa2e-e7d7ff95f2f3&ref=&v=js-0.1.0&aid=193f0456&rid=795948ce-4728-4ce7-aa2e-e7d7ff95f2f3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.208.25 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-208-25.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
b3b8631cb468badc4012a399bf6d49bc2f4fc4f2ccef578a830234eb6b168da1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tag.trovo-tag.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 18:14:24 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
27
content-type
text/plain
c
ea.epochbase.com/api/pw/ 		0
232 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ea.epochbase.com/api/pw/c?tid=P-KDJOIELE2&en=readactivity
Requested by
Host: subs.theepochtimes.com
URL: https://subs.theepochtimes.com/lib/api.bundle.js?execute=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
4.7.168.74 White Haven, United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
https://www.theepochtimes.com
date
Mon, 04 Dec 2023 18:14:24 GMT
server
nginx/1.20.1
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
allow
GET, POST, OPTIONS, PUT, DELETE
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE
c
ea.epochbase.com/api/pw/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ea.epochbase.com/api/pw/c?tid=P-KDJOIELE2&en=readactivity
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
4.7.168.74 White Haven, United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.theepochtimes.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Origin,Content-Type
access-control-allow-methods
GET, POST, PATCH, OPTIONS, PUT, DELETE
access-control-allow-origin
*
allow
GET, POST, OPTIONS, PUT, DELETE
content-length
0
date
Mon, 04 Dec 2023 18:14:24 GMT
server
nginx/1.20.1
post-log
tags.wdsvc.net/ 		0
440 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.wdsvc.net/post-log?v=4.10&amp;t=1701713662769
Requested by
Host: tags.wdsvc.net
URL: https://tags.wdsvc.net/controller.js?id=100415
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.202.83.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-202-83-199.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.theepochtimes.com
Date
Mon, 04 Dec 2023 18:14:25 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Keep-Alive
timeout=5
Content-length
0
Content-Type
text/html
/
insight.adsrvr.org/track/evnt/ 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/evnt/?adv=4tgsadn&ct=0:i6g4ub6&fmt=3&td1=18c3609d331-tags8-9a434384c67b5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:25 GMT
server
Kestrel
content-length
70
content-type
image/gif
/
insight.adsrvr.org/track/conv/ 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/conv/?adv=4tgsadn&ct=0:cbmj8de&fmt=3&orderid=&vf=&v=&td1=18c3609d331-tags8-9a434384c67b5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:25 GMT
server
Kestrel
content-length
70
content-type
image/gif
/
insight.adsrvr.org/track/conv/ 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/conv/?adv=4tgsadn&ct=0:idisnfs&fmt=3&orderid=&vf=&v=&td1=18c3609d331-tags8-9a434384c67b5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:25 GMT
server
Kestrel
content-length
70
content-type
image/gif
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-RD0QM5H02Q&gtm=45je3bt0v884763001&_p=1701713659112&gcd=11l1l1l1l1&dma=0&cid=1448343132.1701713659&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EEI&sid=1701713659&sct=1&seg=0&dl=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&dt=Words%20of%20Wonders%20-%20Play%20Now%20online%20%26%20100%25%20Free%20%7C%20The%20Epoch%20Times&uid=&_s=2&tfd=8287
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RD0QM5H02Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.theepochtimes.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 18:14:25 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.theepochtimes.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a
ingestion.contentinsights.com/ 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ingestion.contentinsights.com/a?d=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&f=2748&pid=5491287&b=&u=1701713661312.498041172.29534197&ul=1701713661313.498582977.0347414&at=5&ar=5&ts=1701713666&seq=1&x=0.7677101811062093&err=1&ver=21
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.12.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-12-87.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Connection
keep-alive
Date
Mon, 04 Dec 2023 18:14:26 GMT
client
accounts.google.com/gsi/ 		205 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client?_=1701713658753
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::54 -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
1da78f9ed9515ff6089572e6a16cba60a7a2e8c33671b9e7d9680c38e5661384
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-yCr8DxWcwc8_j0ckik2PCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:27 GMT
content-security-policy
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-yCr8DxWcwc8_j0ckik2PCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Mon, 04 Dec 2023 18:14:27 GMT
r
ingestion.smartocto.com/ 		0
188 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingestion.smartocto.com/r?p=0%3Alpr8dkx4%3AW4zJaKONQTi_krw9rBlWm7xDYbEAeH1Z&s=0%3Alpr8dkx4%3AdvgzgdHcHBZSd8nGGA3eGFt_806ccjiX&v=0%3ABX3adNYUMmRvtjJ05VXh~I6jxsNMBzNJ&e=0%3ABX3adNYUMmRvtjJ05VXh~I6jxsNMBzNJ1&c=1701713667407&n=f&f=f&l=https%3A%2F%2Fwww.theepochtimes.com%2Fepochfun%2Fwords-of-wonders-ad-supported-5491287&i=1600&j=1200&k=1&w=1600&h=1200&t=readingTime&ar=5&at=5&bid=epochtimesus&rid=5491287
Requested by
Host: tentacles.smartocto.com
URL: https://tentacles.smartocto.com/ten/ingestion.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.249.84.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-84-100.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.theepochtimes.com
Date
Mon, 04 Dec 2023 18:14:27 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
style
accounts.google.com/gsi/ 		533 B
585 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/style
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::54 -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-8PIpwp6xzWSa8cBAP_Sz1w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:27 GMT
content-security-policy
script-src 'report-sample' 'nonce-8PIpwp6xzWSa8cBAP_Sz1w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
text/css; charset=utf-8
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Mon, 04 Dec 2023 18:14:27 GMT
status
accounts.google.com/gsi/ 		40 B
531 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/status?client_id=490013421558-fsr5v4sfmmhdjuqbnpoghql9do3gmjk9.apps.googleusercontent.com&as=qgYfTVbuZQsaT7m3BItumw
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/gsi/client?_=1701713658753
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::54 -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
dd9b482195c3f081b17360c55468e5d9c4680581dce66b751a0f85ad1290c23e
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-wYKjhmhlaQbsLSWJ8EZEww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.theepochtimes.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 18:14:27 GMT
content-security-policy
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-wYKjhmhlaQbsLSWJ8EZEww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
x-content-type-options
nosniff
content-encoding
gzip
content-disposition
attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
server
ESF
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.theepochtimes.com
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync-dmp.aura-dsp.com
URL
https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESELeJfeAnlPImjZcBKVGoT3M&google_cver=1&google_push=AXcoOmSpxoyMI_w_6Vx9WB5K_a8BQH0nzznAZtLWwJFMCsmXieRFFMkBiozrv2_EDc4P9pCJxs1WMeapBO_wLPu_WCG_yINpoQID
Domain
sync-tm.everesttech.net
URL
https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D

Verdicts & Comments Add Verdict or Comment

198 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| documentPictureInPicture object| __next_s object| __next_f object| webpackChunk_N_E object| next object| _N_E object| WebStreamsPolyfill function| __next_require__ function| __next_chunk_load__ object| regeneratorRuntime object| mParticle object| googletag object| pbjs object| ep function| $ string| eet_cat_ids string| eet_cat_names string| eet_term_ids string| eet_all_term_ids string| eet_tags string| eet_tags_slugs string| eet_author_name string| eet_page_type string| eet_post_id string| eet_publish_date number| eet_publish_timestamp string| eet_last_updated_date string| eet_primary_category string| eet_primary_category_name string| eet_primary_category_top_parent boolean| eet_no_ads number| eet_word_count string| eet_ads_term_ids undefined| featured_img_thumbnail boolean| eet_is_premium_article undefined| eet_post_countries object| grumi object| dataLayer function| gtag object| mPartUtil object| ggeac object| google_tag_data object| google_js_reporting_queue object| pbjsChunk object| _pbjsGlobals object| google_tag_manager function| loadMParticle function| initMPartSDK object| braze function| onYouTubeIframeAPIReady object| gaGlobal object| MicroModal string| GoogleAnalyticsObject function| ga function| expired object| epSubs undefined| google_measure_js_timing object| GooglebQhCsO function| referral function| setCookie function| getCookie object| geq function| empty object| gaplugins object| extractedURLParams number| google_unique_id string| slotElement object| mp object| popupPaywall object| renderPayLaterWall object| freeTrialExperience object| accountVerificationCheck object| dynamicBoost object| paidTrialExperience object| shareParams object| optimizerUI object| GoogleGcLKhOms function| loadMixpanel string| debugEvent object| mixpanel number| readScroll number| debugMPpageImpression object| optimizerDataLayer function| BASE_URL object| arcanumUI function| trackOriginalSource function| loadPreparedProfile function| loadPreparedProfileData function| processSoftlogin function| destroySoftlogin function| paymentUpdatePopup function| copyTextToClipboard function| articleShareWidgetBottomMobile number| softLoginDeployment function| initShareWidget function| renderShareWidget object| script function| RegisterDesktopArticlePageObservers function| mpCommonTrackVisible function| registDesktopCommonObserver function| mpTrackTestSegments function| mpTrackElementsArticleMobile function| mpTrackElementsHomePageDesktop function| registerOnClickTrack function| trackHomePageNavSideBar function| mpTrackElementsArticleDesktop function| mpTrackElementsBottomArticleRecommendation function| mpTrackSidebarVisible function| testMparticle function| waitForSmartoctoScript string| epochShareWidgetVersion string| shareWidgetMode function| etso_init_ain_object function| etso_initSmartoctoInsights function| etso_initSmartoctoTentacles function| etso_init_keys function| etso_init_smartocto function| etso_init_smartocto_conversion function| etso_track_conversion function| GeAnalytics function| geLoadLi function| _0x3f5321 boolean| geqpreprun function| run_ge function| _0x112b function| _0x543d object| gekx object| liQ object| _geq function| googleOneTapCallback object| __li__evt_bus object| liQ_instances object| etso_keys object| google_image_requests string| etso_post_id string| etso_maincontent string| etso_title string| etso_pubdate string| etso_authors string| etso_sections string| etso_tags string| etso_access_level object| _ain object| tentacles object| visibly string| bb object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager function| rbuPopUp object| t boolean| tentaclesProcessedABTitles number| tentacle_timer_apply boolean| tentaclesExecuted object| ingestion object| _smoc function| trackReadingTime number| tentacles_at_timer_sample number| tentacles_at_timer_send_beat object| _visibly object| _qevents undefined| dynamicPixel object| uetq function| twq function| quantserve function| __qc object| ezt object| _qoptions function| UET function| UET_init function| UET_push object| ueto_fbc5e4278c object| twttr function| clarity object| clarityuetq object| WDSMemberConfig object| WDSConfig number| timeout boolean| tpc_present object| mpTrackedElements

192 Cookies

Domain/Path Name / Value
.liadm.com/j Name: lidid
Value: f44514de-4592-4199-b338-9c391467096f
i.liadm.com/s Name: _li_ss
Value: ChMKBgjdARDTFgoJCP____8HEN0W
i6.liadm.com/s Name: _li_ss
Value: CgA
.theepochtimes.com/ Name: _ga
Value: GA1.1.1448343132.1701713659
.theepochtimes.com/ Name: _gcl_au
Value: 1.1.908822389.1701713659
.theepochtimes.com/ Name: pageviewCount_fb
Value: 1,none,https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
.theepochtimes.com/ Name: _ga_2601429205
Value: GS1.1.1701713659.1.0.1701713659.0.0.0
.doubleclick.net/ Name: IDE
Value: AHWqTUlBHOKL5Dc1mLB6enOfV4RVCbKA9vAtFXZ0ZbLhGaoAZC2TXKmqJ3PY1Y_x
www.theepochtimes.com/ Name: epoch_geo_country
Value: us
.omnitagjs.com/ Name: ayl_visitor
Value: fd9538a561540be840f7cf85e008f325
.theepochtimes.com/ Name: mp_s
Value: %7B%22utm_source%22%3Anull%2C%22utm_medium%22%3Anull%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3Anull%2C%22utm_term%22%3Anull%2C%22entry_referrer%22%3A%22%22%2C%22entry_referrer_url%22%3A%22%22%2C%22entry_clean_url%22%3A%22%22%2C%22search_engine%22%3Anull%2C%22id%22%3A%22lpr8djfe81cuwe2kr22%22%2C%22total_pages%22%3A1%2C%22start%22%3A1701713659802%7D
.theepochtimes.com/ Name: mp_lib
Value: %7B%22distinct_id%22%3A%20%22%24device%3A18c3609c7cf9c3-08427af63288cd-5771e33-1d4c00-18c3609c7cf9c3%22%2C%22%24device_id%22%3A%20%2218c3609c7cf9c3-08427af63288cd-5771e33-1d4c00-18c3609c7cf9c3%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
www.theepochtimes.com/ Name: firstVisit
Value: 1domain=theepochtimes.com
.theepochtimes.com/ Name: e_ab_es
Value: 0.32636142360008447
www.theepochtimes.com/ Name: _geuid
Value: 326d3e35-56a8-4b12-8271-4ba1e2bb4962
www.theepochtimes.com/ Name: _geps
Value: true
.theepochtimes.com/ Name: _li_dcdm_c
Value: .theepochtimes.com
.theepochtimes.com/ Name: _lc2_fpi
Value: 57b4458eb59c--01hgv0kj9den9g0vmx1z1qrbzt
.theepochtimes.com/ Name: _lc2_fpi_meta
Value: {%22w%22:1701713660205}
.liadm.com/ Name: lidid
Value: f44514de-4592-4199-b338-9c391467096f
.theepochtimes.com/ Name: epoch_persistent_user_id
Value: anon59f0-e5bd-4a74-adc3-8ed40d57d867
.simpli.fi/ Name: suid
Value: 00BF387A687D4BE18B6D8E2E0FFAAC37
.casalemedia.com/ Name: CMID
Value: ZW4W-YPmGn7jpVupOHW-OAAA
.casalemedia.com/ Name: CMPS
Value: 3166
.casalemedia.com/ Name: CMPRO
Value: 3166
.csync.loopme.me/ Name: viewer_token
Value: 8f79cda9-3faf-4e5c-b974-8b6b9c306f94
.theepochtimes.com/ Name: __gads
Value: ID=5c36214b8372d74a:T=1701713659:RT=1701713659:S=ALNI_Mamjb9kUN7eW2QbAC1BaYdKjE7iMQ
.theepochtimes.com/ Name: __gpi
Value: UID=00000d0351ae82f8:T=1701713659:RT=1701713659:S=ALNI_MYrDBJlD1U0_G7f6mOXFAO8WFpdsA
www.theepochtimes.com/ Name: _ain_cid
Value: 1701713661312.498041172.29534197
www.theepochtimes.com/ Name: _ain_uid
Value: 1701713661313.498582977.0347414
.travelaudience.com/ Name: _tracker
Value: %7B%22UUID%22%3A%2294A19360-3DD0-46B4-3A47-AD3EB7605136%22%7D
.theepochtimes.com/ Name: _ga_RD0QM5H02Q
Value: GS1.1.1701713659.1.0.1701713661.58.0.0
.rfihub.com/ Name: euds
Value: H4sIAAAAAAAA_-OSMXR2dA129QxLDQ9NrjRwN8ir8srS9XO0NLPQdQQAv_pAhh4AAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNrc0MLMwtbA0tDQxNDYzszAyMxfiM9R1DI0yL3csKgxLy88HAM6nWhYlAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNrc0MLMwtbA0tDQxNDYzszAyMxfiM9R1DI0yL3csKgxLy88HAM6nWhYlAAAA
.yandex.ru/ Name: yuidss
Value: 8541648761701713661
.yandex.ru/ Name: yandexuid
Value: 8541648761701713661
.adkernel.com/ Name: ADK_EX_11
Value: 1
.adkernel.com/ Name: ADKUID
Value: A6886027298669648053
.adform.net/ Name: C
Value: 1
.yahoo.com/ Name: A3
Value: d=AQABBP0WbmUCEHJl02p3supEVbmQP7kiPN0FEgEBAQFob2V3ZQAAAAAA_eMAAA&S=AQAAAoY_TBVLjYvN0-gZPgUDnOc
.adform.net/ Name: uid
Value: 6864534660662176442
.turn.com/ Name: uid
Value: 4185152155912664142
.tremorhub.com/ Name: tvid
Value: 6ecb998e014d4dec81bebc638aea2c18
.tremorhub.com/ Name: tv_UIDF
Value: CAESEMHCKeSK8oQuG9jO0zTp-SU
.tremorhub.com/ Name: tvssa
Value: 1701713661475
.inmobi.com/ Name: idsp_c
Value: 1080fd51-f2a8-45fb-9b6e-9def851dfb2f
.adnxs.com/ Name: uuid2
Value: 8571671530173653406
www.theepochtimes.com/ Name: _sotmsid
Value: 0:lpr8dkx4:dvgzgdHcHBZSd8nGGA3eGFt_806ccjiX
www.theepochtimes.com/ Name: _sotmpid
Value: 0:lpr8dkx4:W4zJaKONQTi_krw9rBlWm7xDYbEAeH1Z
.w55c.net/ Name: wfivefivec
Value: z6CMMpbv1Radsx5
.acuityplatform.com/ Name: auid
Value: 860275122398
.zemanta.com/ Name: zuid
Value: D8GyCba9GToGGocrX3II
.w55c.net/ Name: matchgoogle
Value: 5
.openx.net/ Name: i
Value: bc44d6a6-97c6-41a4-aa22-148cff7a812c|1701713661
.advertising.com/ Name: A3
Value: d=AQABBP0WbmUCEMrdBoyBtFWUZ0KA_1psyC4FEgEBAQFob2V3ZdxV0iMA_eMAAA&S=AQAAAj0OP6K84-LjLO1RVYPIh2k
pixel.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.sitescout.com/ Name: ssi
Value: cb4f34fd-c618-404e-98a2-4da072996053#1701713661927
.rubiconproject.com/ Name: khaos
Value: LPR8DL2L-T-DLWH
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.c.appier.net/ Name: _auid
Value: EMvSzQz9D-mSJ5-s_RZuZQ
.c.appier.net/ Name: _gu
Value: CAESEABYIyhjev9ohuiz3pPaqBc
.sitescout.com/ Name: _ssuma
Value: eyIzOSI6MTcwMTcxMzY2MTk2MCwiNyI6MTcwMTcxMzY2MTk2MCwiODAiOjE3MDE3MTM2NjE5NjB9
.pubmatic.com/ Name: SyncRTB3
Value: 1702857600%3A220
.pubmatic.com/ Name: KADUSERCOOKIE
Value: E92434CF-3A1F-4A5E-9755-A5306F3FD32B
.quantserve.com/ Name: mc
Value: 656e16fd-f23d1-42139-8ec14
.adsby.bidtheatre.com/ Name: __kuid
Value: ff39c83c-28be-473d-a3d9-3a4d1b443f27.470927662
.creativecdn.com/ Name: u
Value: VjS32ASX05UVmdDlxHmh
.creativecdn.com/ Name: g
Value: VjS32ASX05UVmdDlxHmh_1701713662025
.creativecdn.com/ Name: ts
Value: 1701713662
.undertone.com/ Name: UID_EXT_39
Value: 24858ed8-3eee-4230-9a71-c3a36cf19283
.ads.stickyadstv.com/ Name: uid-bp-34673
Value: ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
.ads.stickyadstv.com/ Name: UID
Value: a59f13dd2fe4e5f65a0c6b556c34464
.company-target.com/ Name: tuuid
Value: 88103294-abc9-46a3-b8f5-2c09d3dc426f
.bidr.io/ Name: bito
Value: AADXWU7K3C4AABRen1BinA
.bidr.io/ Name: bitoIsSecure
Value: ok
.pubmatic.com/ Name: pi
Value: 160318:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 2
.alocdn.com/ Name: uuid
Value: 90ba67a3-30fb-427c-b0ad-47e424bf530c
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: d32943929c68eb7580f74db47d76ed0a
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQSDE2sjQxtjSyTDazSE0yN7UwSDM3SUkyMU8xN0tNMUhkAILUPLF%2FIBoKAEwsCq4%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBIzRP7B6SgAAAXIAHo"
.undertone.com/ Name: UID_EXT_56
Value: y-iR8kUX1E2uG3XUy5zI7Bn4Lb.K_WBMgCv21wiCM-~A
.undertone.com/ Name: UID_EXT_57
Value: ZW4W_YPmGn7jpVupOHW_OAAADF4AAAAB
.quantserve.com/ Name: d
Value: EJQBEgHKKsujDsvLEA
.acuityplatform.com/ Name: aum
Value: OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANPqNdXNlck1hdGNoaW5nSWTIkWxhc3REcm9wVGltZU1pbGxpcyUBRg1BHHi4mGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUYNQRx4uI90aGlyZFBhcnR5VXNlcklkWkNBRVNFRGdWV192d2dOZnpvTWRNRTBmWnlZb/uAMvpCxEMlAUYNQR0JtEQlAUYNQR0JtEUh+/uGdmVyc2lvbsL7
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_-OSMXR2dA129QxLDQ9NrjRwN8ir8srS9XO0NLPQdQziNTQ3MDQ3NDYzMzQzNVvFiOAbGZkbv2JEkTf_hSxvYGIAAFlncEldAAAA
.theepochtimes.com/ Name: _uetsid
Value: f307fb2092d011ee9de8874b2f482edf
.theepochtimes.com/ Name: _uetvid
Value: f3081f0092d011ee862c99c8b864ab67
.bidswitch.net/ Name: tuuid
Value: c6a8b66f-d263-492f-accc-1edd69afe757
.bidswitch.net/ Name: c
Value: 1701713662
.bidswitch.net/ Name: tuuid_lu
Value: 1701713662
.analytics.yahoo.com/ Name: IDSYNC
Value: "1969~2ff6:18z9~2ff6:18vk~2ff6:19e0~2ff6"
.criteo.com/ Name: uid
Value: bd4c5837-9d7e-4064-a5a5-1793315702a5
.blismedia.com/ Name: b
Value: 656E16FE8145B5735D74303DBLIS
.w55c.net/ Name: matchcasale
Value: 3
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.tapad.com/ Name: TapAd_TS
Value: 1701713662300
.tapad.com/ Name: TapAd_DID
Value: 36d82815-46be-4df1-ba62-33690484b7eb
.adfarm1.adition.com/ Name: UserID1
Value: 7308804525456816287
.dotomi.com/ Name: DotomiTest
Value: 27cfdb2ea1f017d9
.scorecardresearch.com/ Name: UID
Value: 121719861f1361b0d22531e1701713662
.company-target.com/ Name: tuuid_lu
Value: 1701713662|ix:0|rp:0
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZW4W-gAEfAQaVQBU
.brand-display.com/ Name: _knxq_
Value: d8ca1d57-29b0-4822-d05dae45.1701713662.1.1701713662.1701713662
.bing.com/ Name: MUID
Value: 1FB505823A2B6E8703A4165F3BA06FD8
.connatix.com/ Name: cnx_userId
Value: c971f22f6191478ca35573538b25f98c
.undertone.com/ Name: UID_EXT_53
Value: E92434CF-3A1F-4A5E-9755-A5306F3FD32B
.mediago.io/ Name: __mguid_
Value: f34e96994f4bd6662jydgh00lpr8dldk
.primis.tech/ Name: csuuid
Value: 656e16fe5e3e7
.kargo.com/ Name: ktcid
Value: 9de2f7a6-f26b-054e-53c9-bdcacee6773b
prebid-s2s.media.net/ Name: uids
Value: eyJ1aWRzIjp7fSwidGVtcFVJRHMiOnsicnViaWNvbiI6eyJ1aWQiOiJMUFI4REwyTC1ULURMV0giLCJleHBpcmVzIjoiMjAyMy0xMi0xOFQxODoxNDoyMi40MTMyOTc5MVoifX0sImJkYXkiOiIyMDIzLTEyLTA0VDE4OjE0OjIyLjQxMjUxMjcxWiIsImhvc3RfdWlkcyI6e319
.tribalfusion.com/ Name: ANON_ID
Value: adnvnuuyTYEBErv6XnomkZbQKWIklvksFFiN8yZbR2bBxDQZcBV8TWcJIU17UwrPDAPQXLhf0tp6VwZbIpWTZcBZaBZaKaph6GHQjZcSY8ka61BZa2v2Q
.undertone.com/ Name: UID_EXT_47
Value: LPR8DL2L-T-DLWH
.betweendigital.com/ Name: dc
Value: lux1
.betweendigital.com/ Name: tuuid
Value: 85a25f30-e856-5252-b3db-2d7fd6b53b81
.betweendigital.com/ Name: ss
Value: 1
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003%22%2C%22nxtrdr%22%3Afalse%7D
.undertone.com/ Name: UID_EXT_54
Value: cb4f34fd-c618-404e-98a2-4da072996053-656e16fd-494c
.dotomi.com/ Name: DotomiUser
Value: 708807337868154102$3$763960425$$1
.contextweb.com/ Name: V
Value: BvTyb2jPiouM
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: a6f5b00cc96817da
.theepochtimes.com/ Name: __qca
Value: P0-2007519461-1701713662295
.betweendigital.com/ Name: ut
Value: ZW4W_gAHN6hbs5YtEJznJfsRQpEGmNx9xdF5rQ==
.adnxs.com/ Name: anj
Value: dTM7k!M40]Erk#WF']wIg2In=u7rIK!]tbp8i_iqf!oN/@E'zz<*Z0QKDUS>S:_CI!ac2h?f<fV[t3Zng$!_*GRqoqTD._*Pl[h>oaUgZoTtsC$iWJB4'Rc%i@7xhuGV-+?/^B2d$SO2>ew:1
.adnxs.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJydWJpY29uIjp7InVpZCI6IkxQUjhETDJMLVQtRExXSCIsImV4cGlyZXMiOiIyMDI0LTAzLTAzVDE4OjE0OjIyWiJ9fSwiYmlydGhkYXkiOiIyMDIzLTEyLTA0VDE4OjE0OjIyWiJ9
.w55c.net/ Name: matchrubicon
Value: 5
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-b407dcf2-6965-56b9-5d12-892c49b83d94.CGEvcroUnjXpHidCChYhoUqO0V%2BC3t8NKs%2FD1iIhmXk
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-b407dcf2-6965-56b9-5d12-892c49b83d94.CGEvcroUnjXpHidCChYhoUqO0V%2BC3t8NKs%2FD1iIhmXk
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AtAfc8mllVrldEoksSbg9lJVYG1I.yOpsUEehHPVFrbbSTaDA9owX2pJgkpe7vRj9jLZMWtY
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AtAfc8mllVrldEoksSbg9lJVYG1I.yOpsUEehHPVFrbbSTaDA9owX2pJgkpe7vRj9jLZMWtY
.t.co/ Name: muc_ads
Value: b6d8a523-bf47-4cc2-8b54-16bc84a59532
.twitter.com/ Name: guest_id_marketing
Value: v1%3A170171366246488090
.twitter.com/ Name: guest_id_ads
Value: v1%3A170171366246488090
.twitter.com/ Name: personalization_id
Value: "v1_sXtPByOQZ/zlckogEXyIZg=="
.twitter.com/ Name: guest_id
Value: v1%3A170171366246488090
s2s.t13.io/ Name: uids
Value: eyJ1aWRzIjp7fSwidGVtcFVJRHMiOnsicnViaWNvbiI6eyJ1aWQiOiJMUFI4REwyTC1ULURMV0giLCJleHBpcmVzIjoiMjAyMy0xMi0xOFQxODoxNDoyMi41MjYyMDkxNjZaIn19fQ==
.linkedin.com/ Name: bcookie
Value: "v=2&29e20d66-bdae-4732-8466-8ff8a04c4f36"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MDE3MTM2NjI7MjswMjEov/Q9QpG5wSn7L4t9yT2aG57Gd9H4dKS/iVmD4yMHug==
.linkedin.com/ Name: lidc
Value: "b=OGST00:s=O:r=O:a=O:p=O:g=3151:u=1:x=1:i=1701713662:t=1701800062:v=2:sig=AQFsPYpBFrpmpmR3Pa3ETdkibH0v5EQi"
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: csync
Value: 104:LPR8DL2L-T-DLWH
.yieldmo.com/ Name: yieldmo_id
Value: 3zccshhNNrhw0qpdV1RM%7C1701648000000%7C0
.ads.yieldmo.com/ Name: ptrrc
Value: LPR8DL2L-T-DLWH
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-86fe4d78-b56e-4bf8-852d-22dc7a9e4599-003%22%7D
.mxptint.net/ Name: mxpim
Value: R33647_10D2D2B49_643B074D.1.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000656E16FE
prebid.a-mo.net/ Name: _Amc_b
Value: 0
.smadex.com/ Name: smxtrack
Value: daca6e25-4d7e-405d-a5ef-dcc927b4a4be
.smadex.com/ Name: smxrbc
Value: 1
.smartadserver.com/ Name: pid
Value: 3981457661995574850
.bluekai.com/ Name: bku
Value: k9L99wTVqZPH5rTn
.bluekai.com/ Name: bkpa
Value: KJy9cxeid02pSUHknp/8BMxdSVx2KMjeEDNyR7RhDZaAzlQN9yY/gxkF
.w55c.net/ Name: matchbluekai
Value: 3
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIGNJaeU-K4j1P5qrWxeT1lA5h1PLOeDl7Bgj_kOpGDTNEHwYBCD-rbirBjABOgTwi70wQgTfxcOJ.ifneE6Zb2wosXsgtkJNUZQ%2BdlpNmVOG6Xt4Ab0wz3aw
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIGNJaeU-K4j1P5qrWxeT1lA5h1PLOeDl7Bgj_kOpGDTNEHwYBCD-rbirBjABOgTwi70wQgTfxcOJ.ifneE6Zb2wosXsgtkJNUZQ%2BdlpNmVOG6Xt4Ab0wz3aw
.amazon-adsystem.com/ Name: ad-id
Value: AwfZIUeHWkXMsnXxVgwiKWc
.serverbid.com/ Name: CONSUMABLEID
Value: 3ea94091b81d444aa94091b81dd44a3d
.eqads.com/ Name: EQUser
Value: UID=ade846ba-9bf0-4b1f-988b-59fb34709c80
.wdsvc.net/ Name: _wdTest
Value: accept
.wdsvc.net/ Name: wds_random
Value: 2023-12-04T18:14:22.627Z~2023-12-04T18:14:22.627Z|2713818980181941|07|
.ex.co/ Name: exco-uids
Value: {"rubicon":{"UID":"LPR8DL2L-T-DLWH","Expire":"2023-12-11T18:14:22.729199775Z"}}
.aniview.com/ Name: 1_C_5
Value: LPR8DL2L-T-DLWH
sync.aniview.com/ Name: 1_C_5
Value: LPR8DL2L-T-DLWH
.smartadserver.com/ Name: pbw
Value: %24b%3d16890%3b%24o%3d11100
beacon.lynx.cognitivlabs.com/ Name: UID
Value: d7e1bc70-f5f0-418d-bc56-4aaa60fb768d
www.clarity.ms/ Name: CLID
Value: 0dd7edbd838a4347a2e0356d4bbd1596.20231204.20241203
a.clickcertain.com/ Name: _ccpx_u
Value: 390f724b%2d8c59%2d4bcd%2dbc80%2ddd3a9c030e7b
.theepochtimes.com/ Name: _clck
Value: 19mdmy2%7C2%7Cfh9%7C0%7C1433
.theepochtimes.com/ Name: alo_uid
Value: a4c3a649-0b82-47a1-a6af-49192c6f3b40
beacon.lynx.cognitivlabs.com/ Name: ss
Value: JkBKlu1w%2FWV2AWTf5q9YN0tzzRg8PYbq9DAbOvfo73ZgdrPXyV1UD7sF36zXJ%2BAMQZFrHPRXctkRxCTu9YcDSw%3D%3D
.ipredictive.com/ Name: cu
Value: a89b231c-e1c3-48fc-bc56-cfd6618611f7|1701713662966
a.clickcertain.com/ Name: _ccpx
Value: 244b81b94c69796
a.clickcertain.com/ Name: _ccpx_244b81b94c69796
Value: 1
.socdm.com/ Name: SOSYNC
Value: anNvbjp7InJ1Ymljb24iOjE3MDE3MTM2NjJ9
.storygize.net/ Name: U
Value: d3494986-1339-4ecd-b8f4-62bde4566eaa
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 1FB505823A2B6E8703A4165F3BA06FD8
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 1FB505823A2B6E8703A4165F3BA06FD8
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
p.alocdn.com/ Name: _ep
Value: 1701713663
.theepochtimes.com/ Name: _clsk
Value: 2isyxn%7C1701713663425%7C1%7C0%7Cn.clarity.ms%2Fcollect
.a.usbrowserspeed.com/ Name: tuid
Value: ad58545a-5607-4824-beac-19820e72458e
.adotmob.com/ Name: uid
Value: 09e0220400f59e0732446d56
.adotmob.com/ Name: uuid
Value: 09e0220400f59e0732446d56
.adotmob.com/ Name: partners
Value: RUB%3A1701713664898
.rubiconproject.com/ Name: audit
Value: 1|YmKqwz9FRXVtMA7X4R9Bur2W91BIhJSpqXaAWSrXvbp/oORnfIaQnBU+hEFZtRqrKi53sBW9gSpCqQ3+tQhlLHMDvubSxZCG2MOweBw0EYqx+lJQzvbc5TLPgIxnOLeOpmvllXEtYN4=
.theepochtimes.com/ Name: wds_random
Value: 2023-12-04T18:14:22.627Z~2023-12-04T18:14:22.627Z|2713818980181941|07|
.theepochtimes.com/ Name: __WDS1
Value: %7B%22da_100415%22%3A%7B%22hu%22%3A%222023-12-04T18%3A14%3A25.000Z%22%7D%7D

17 Console Messages

Source Level URL
Text
network error URL: https://clientcdn.pushengage.com/core/b413bf4fa936cc351ac6476e0df69b50.js
Message:
Failed to load resource: the server responded with a status of 403 ()
deprecation warning URL: https://html5.api.gamedistribution.com/main.min.js(Line 7)
Message:
Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.
network error URL: https://comment.youmaker.com/api/v1/user?site=remark
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://img.theepochtimes.com/fonts/Acta-Book.otf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
rendering warning URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js(Line 1)
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
other warning URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js(Line 4)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
rendering warning URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js(Line 1)
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
network error URL: https://img.theepochtimes.com/fonts/Acta-Medium.otf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other warning URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js(Line 4)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other warning URL: https://html5.gamedistribution.com/rvvASMiM/c8ba1cb2f23d40b5a19fd606fcc3e50b/game.js(Line 4)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
security error URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js(Line 2)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com') does not match the recipient window's origin ('https://www.theepochtimes.com').
network error URL: https://sync-dmp.aura-dsp.com/match/google?google_gid=CAESELeJfeAnlPImjZcBKVGoT3M&google_cver=1&google_push=AXcoOmSpxoyMI_w_6Vx9WB5K_a8BQH0nzznAZtLWwJFMCsmXieRFFMkBiozrv2_EDc4P9pCJxs1WMeapBO_wLPu_WCG_yINpoQID
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
security error URL: https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js(Line 2)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com') does not match the recipient window's origin ('https://www.theepochtimes.com').
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://match.prod.bidr.io/cookie-sync/fivebyfive
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)
javascript warning URL: https://www.theepochtimes.com/epochfun/words-of-wonders-ad-supported-5491287
Message:
The resource https://rumcdn.geoedge.be/19d3d93c-6e7a-4ab1-95d3-37f2020fd783/grumi.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network error URL: https://match.prod.bidr.io/cookie-sync/fivebyfive
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6540eb7337b286b8a5397eb0016bad52.safeframe.googlesyndication.com
a.c.appier.net
a.clickcertain.com
a.remarketstats.com
a.rfihub.com
a.tribalfusion.com
a.usbrowserspeed.com
aax-eu.amazon-adsystem.com
accounts.google.com
ad.turn.com
ad4m.at
ads.betweendigital.com
ads.stickyadstv.com
ads.travelaudience.com
ads.yieldmo.com
an.yandex.ru
ana.headerlift.com
analytics.pangle-ads.com
analytics.twitter.com
api.gameanalytics.com
api.smartocto.com
b-code.liadm.com
b1sync.zemanta.com
bat.bing.com
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bttrack.com
c.bing.com
c.clarity.ms
c1.adform.net
capi.connatix.com
casale-match.dotomi.com
cdn.ampproject.org
cdn.epoch.cloud
cdn.gamemonkey.org
cdn.jsdelivr.net
cdn.undertone.com
ce.lijit.com
clientcdn.pushengage.com
cm.adgrx.com
cm.g.doubleclick.net
cm.smadex.com
cms.quantserve.com
colossusssp.com
comment.youmaker.com
crb.kargo.com
creativecdn.com
cs.minutemedia-prebid.com
cs.yellowblue.io
csync.loopme.me
cti.w55c.net
d7d3cf2e81d293050033-3dfc0615b0fd7b49143049256703bfce.ssl.cf1.rackcdn.com
dis.criteo.com
dmp.brand-display.com
download.gameanalytics.com
dsp.adfarm1.adition.com
dsp.adkernel.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.serverbid.com
ea.epochbase.com
euexchangesync.digitaleast.mobi
eus.rubiconproject.com
exchange.mediavine.com
exchange.postrelease.com
fonts.googleapis.com
fonts.gstatic.com
game.api.gamedistribution.com
google.partners.tremorhub.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gw.geoedge.be
hb-api.omnitagjs.com
hb.improvedigital.com
hb.minutemedia-prebid.com
hb.undertone.com
hb.yahoo.net
html5.api.gamedistribution.com
html5.gamedistribution.com
i.liadm.com
i.w55c.net
i6.liadm.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idx.liadm.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
img.theepochtimes.com
ingestion.contentinsights.com
ingestion.smartocto.com
insight.adsrvr.org
js.alocdn.com
live.primis.tech
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
match.sync.ad.cpe.dotomi.com
mixproxy.epoch.cloud
mp.theepochtimes.com
msgrt.gamedistribution.com
mweb.ck.inmobi.com
n.clarity.ms
notifier-configs.airbrake.io
onetag-sys.com
p.alocdn.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pm.azerioncircle.com
pm.w55c.net
polyfill.io
pr-bh.ybp.yahoo.com
prebid-s2s.media.net
prebid.a-mo.net
pub.headerlift.com
pwe.epochbase.com
px.ads.linkedin.com
r.turn.com
rbp.mxptint.net
rcp.c.appier.net
region1.analytics.google.com
region1.google-analytics.com
rp.liadm.com
rp4.liadm.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rubicon-match.dotomi.com
rules.quantcount.com
rumcdn.geoedge.be
s.amazon-adsystem.com
s.company-target.com
s.seedtag.com
s.tribalfusion.com
s0.2mdn.net
s2s.t13.io
s3-us-west-2.amazonaws.com
sb.scorecardresearch.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
services.epoch.cloud
sid.storygize.net
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
static.ads-twitter.com
stats.g.doubleclick.net
subs.theepochtimes.com
subsapi.epoch.cloud
sync-dmp.aura-dsp.com
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.aniview.com
sync.crwdcntrl.net
sync.ex.co
sync.inmobi.com
sync.ipredictive.com
sync.outbrain.com
sync.smartadserver.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
t.co
tag.atom.gamedistribution.com
tag.trovo-tag.com
tags.bluekai.com
tags.wdsvc.net
tentacles.smartocto.com
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
trace.mediago.io
tracker-v4.gamedock.io
tracker.gamemonkey.org
um.simpli.fi
um4.eqads.com
ums.acuityplatform.com
unpkg.com
ups.analytics.yahoo.com
us-u.openx.net
use.fontawesome.com
usr.undertone.com
usync.vrtcal.com
visitor.omnitagjs.com
www.clarity.ms
www.google-analytics.com
www.google.ch
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.theepochtimes.com
x.bidswitch.net
sync-dmp.aura-dsp.com
sync-tm.everesttech.net
103.3.63.48
104.18.36.155
104.18.41.104
104.244.42.3
104.244.42.5
108.128.196.67
108.157.4.13
108.157.4.37
124.146.153.167
13.32.110.18
142.250.184.226
142.250.185.98
143.244.208.184
145.40.97.66
146.75.116.157
151.101.130.49
154.59.122.79
159.89.246.130
162.19.138.82
172.104.70.67
172.217.16.194
173.237.69.132
174.137.133.49
178.250.1.9
18.154.63.42
18.194.67.136
18.244.140.22
18.66.248.25
18.66.248.49
185.184.8.90
185.64.190.79
185.64.190.81
185.86.138.150
185.86.138.155
185.89.210.180
188.42.34.65
192.132.33.69
193.0.160.131
198.47.127.205
2.19.126.72
2.19.198.122
2.19.226.3
2.23.197.190
20.127.253.7
20.253.86.149
2001:4860:4802:32::36
208.93.169.131
216.137.44.125
216.52.2.86
23.212.202.217
23.212.211.47
23.50.131.75
2400:52e0:1e00::1081:1
2600:1f18:612b:4232:a914:a3b8:84d6:ea13
2600:1f18:730:b150:8a29:493b:1f46:72ba
2600:1f18:ed:550a:93c3:cadd:da29:694c
2600:9000:211a:d000:e:291c:8fc0:93a1
2600:9000:215b:b800:1a:5235:f980:93a1
2600:9000:224a:8600:6:44e3:f8c0:93a1
2600:9000:224a:c400:5:4275:8dc0:93a1
2600:9000:2251:c800:3:4706:a6c0:93a1
2600:9000:2304:d400:10:43f:4352:ad61
2600:9000:2315:b000:4:b37b:9440:93a1
2600:9000:243d:6400:1f:2473:9080:93a1
2600:9000:243d:8200:17:cf8d:4bc0:93a1
2600:9000:243d:b600:8:8845:1500:93a1
2600:9000:2440:f000:4:cd76:8580:93a1
2606:4700:20::681a:ad1
2606:4700:20::ac43:4549
2606:4700:20::ac43:4acf
2606:4700::6810:5814
2606:4700::6810:7eaf
2606:4700::6811:9e16
2606:4700::6812:18ad
2606:4700:e2::ac40:8c0d
2606:4700:e6::ac40:c419
2606:4700:e6::ac40:ca07
2606:4700:e6::ac40:cb07
2607:ae80:192:1::172
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:21::14
2620:1ec:46::63
2620:1ec:c11::200
2a00:1450:4001:808::2006
2a00:1450:4001:808::200a
2a00:1450:4001:809::2001
2a00:1450:4001:809::2002
2a00:1450:4001:811::2003
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:81c::2001
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9a
2a00:1450:400c:c0a::54
2a02:6b8::90
2a02:fa8:8806:13::1400
2a02:fa8:8806:16::1460
2a04:4e42:200::282
2a04:4e42:200::645
2a05:d018:d29:3601:357b:9971:3f66:201
3.121.34.204
3.124.56.216
3.125.15.233
3.208.82.122
3.213.22.88
3.68.140.79
3.75.62.37
3.93.203.79
34.102.198.207
34.107.140.113
34.107.148.139
34.110.129.224
34.111.113.62
34.120.33.89
34.149.50.64
34.160.19.107
34.198.166.49
34.225.131.103
34.249.240.92
34.249.84.100
34.95.81.168
34.96.105.8
34.96.71.22
34.98.64.218
35.155.128.1
35.190.0.66
35.204.158.49
35.208.249.213
35.214.141.124
35.244.174.68
35.71.131.137
37.157.4.29
38.91.45.7
38.98.69.175
4.7.168.74
45.137.176.88
46.228.164.11
46.228.174.117
51.89.9.254
52.184.204.244
52.202.83.199
52.22.119.160
52.30.208.25
52.46.143.56
52.50.121.249
52.51.174.173
52.54.55.244
52.57.12.239
52.73.85.239
52.92.164.88
54.144.205.34
54.154.18.114
54.194.233.137
54.239.38.253
54.241.193.125
54.246.157.113
54.71.111.90
54.76.101.15
54.76.12.87
54.76.157.99
54.82.17.205
54.90.11.164
64.202.112.127
64.227.64.62
67.202.105.24
67.202.45.233
68.219.88.97
69.173.144.138
69.173.144.165
70.42.32.191
72.251.241.206
79.125.82.191
85.114.159.93
96.46.186.182
98.98.134.242
02e05d8407482aee2dae0ae4343ecb2e6c2b1f27c2175c4b03170d3f2af51b55
03268fb285ed8486b6a21e5106f8faa3d517434bbf60c0e9a09e7e2737ce1345
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0523c13750f634735ff97f98cc6b2d0100bc0aab4d8f703ad3b6952731d7a545
0581deff543cd06ef72e5a6057135cdbaa97bfe2bd689344b80a02008ce26ef0
064d7b833644dd282e4ab3ea2f965d8ec8d4cd6db6ab74c19d0e93df5bb6e823
070b47ee4fd242bb1dd8447e150ae83b6454adf89c8fdd08088e2bff6d8cec61
0838a90416fc3e1fc9b03d679cbae4458d627119d95d6d10e26b155e16b7b17a
085d80a6c1fd0431e8e6612e15f88b28a4b79ebfcda1d9f59247403455bf3c74
089f447ccba07035778319720d86864a4eafc31a9ea9dedc0fbab02203d79c45
094a4d627fb5d8acbf50d4f42a0eeb6228957900c66410d62b3df21971646e80
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
0a87f96548ae2936dc87f72332fd88ca3cf7989e6b327d749ea5c378c2f1c6e0
0ab00d638ea969f39da82f58bc8724b92bcf747b275cdd90548b818211527616
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b0bb840a34f810618a44f7979fc9f8e0295088880806928d2fd0cfb2fed2031
0b3998f24c0f15e842b0ac3e0d1cc366d733eb47b37454e72c511e3ba321f2d6
0b5852a5b24864ae3a0ff575c083bdaba8af42d3c26622c00780828cce25172a
0b68fe05468bd3287b0c141fd38bae4d34176b570a99c29197c13a37ea3e1989
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c47e0b44c66556a96f36be2ca9a268963a84df53815cb4d5e9b637d28c4ddfb
0ceee487a90eea3b0e52f01360b44e8b6ac0898062c143dbe724663efd3d6f63
0e3530366f481c19813abb79fd15cdc5b45dbbc276401cbde7c4bf283b75a114
0e4bc8f1a2c59e9e8e12e9f32a6812c46570925e9f72770d1475d8a1ee85476b
0e5fbbe10f708bf6bbcc9d5d91e7209391cf9798e3ac144d3dd3db2c2e698309
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0f01fb484d6fc0260ebc8a71774233f4b05c22171ebfc8c8ab6e4ca5658db345
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44
0f8554246ab668cf18c6ee4d4f4a13f1821c43c021a259c5ee00c2681429d9d0
0f9e9f54941fbfd8d6a65eac64b8f95e2aeacb16e5fda7a1403a9f24c2f4d0cb
111db277d17dc8e2d641115a3eccc3e6f8bb56afb3f22bd7a3f12e0c8326940a
1152f79a12543479de3ec4e56eaa913401cd934968ddfcbf833218f585a0e494
11f5ef57ba2f7ddca1826a703bf4f188470c68214aa1349710848e8de37aa88b
137122c1437dc31fcd5d2989300192849efcabee41bc94fd035f7704b8a2d1f5
13b81e5fbcfd1eceeed6736de88e9fce3edf25dead86bb944c0cfe179695128b
1464575fcd2d4b3eec0b1494075103167449725d2824597e8b10634bcd47bf6b
16ca3aa97c894d331e7f3dadaee8f7ac8a66a30fc1f85c877bdca4cd911ef520
1719a79d87460283cef710ab72a612801cc9a503b3ed7dae6dfec06d0c9f82d4
17627b7fdca38f0ec1e676bf78c197207fc74ea3fe4797bfe1fff2a42071ec52
17d42888aadff6e5a91199b3103cc8cf654bcb971c47e60bb965f07b7a1cbcf0
17f2247187f061874be16de00e3233441b11007600c97d85426f0f2758dd1064
18736d6de6f0567cd51a5b08165616d08a7b79e5b4ddf97ec2e04dd1851ddc3a
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
1b8e39d15e46c338d464f65b44dcc5641f08de4c1e0bec6563f70f8694f28bca
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
1d7bcac6f72dbf8f579bd20d9e14867667124b93503584be07cd4827f60db6e6
1d9e0d05669a3610c7263c551b8b406344c148713485f7e8124f61b05e2463cd
1da78f9ed9515ff6089572e6a16cba60a7a2e8c33671b9e7d9680c38e5661384
1f5552d370d49939e79f3387614ddd3a9ae58b649800f82daeac6d4ba00fccc9
1f66777c58f2d28ec361c98f81552ace8fe0a65c5ebc86835c5563b843c3a242
20c53611aaf88eaaafac78f24d195d23911905026def6113ce500f49aa9f64bb
219c1804e9ddf847c5e9c170d73ac6caaed08dc96243c9c2fdbe560061afee87
21db7f5ba93de0708af7012ea53d7e0b262d9c5afcc7f47c3dd513f8ec92db43
2217ed3c72b72b9496411a601e38bb2dc1520f0cbd840576541e1ef89a3eb730
2229a6ae6f4fa449b21504e9df1345870a614d9fd065cc7c64e28f0f90f77f58
247a772543317efd45f3dac630beea8c77df1371b81d1495b1caad847c9760fe
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2613a62b709a54323bf7b71585ba6a526c80fd905b3f6373411421116d530062
26334b6e9122b102cc66898bceee5be00927575ff5bce29907a7b35a94688f37
26596e242c76558f8085c3d3a634ff993bc7ff98cdfb6d322bb7698c420e6bfe
27c46c4957cc16de2e83de20d062795cb910f93b3871447176d3b445e30725fd
27d67175ee9fdf263362ffaf194a4244d29c77f3dd277473d018cd2e2f704cbb
27e2e94d1bad737f0c63daf3dac4c19caab7f10b3eb97e8222f94b9af46a91b7
28336e54fc1d7f646abb4ab594697df93c7fb557e28f91ba53774b418b7fd8d4
286d2b0db108321938d2bc7bb726119722bc5c478b136a41731956ae999e623f
289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf
29e65993e40c87400ef3aceec146f899954d7573290509b6da4bd941e410208b
2ac81e8312bbad91023b7cfd6b56c3783a68ec6fec7db1527e19779d7cc6d5b0
2aeddc6156d50347d79fd1ddb2231aed83d3acf84d976b50eb83f4713b049a92
2c9d20a82bcd631dba5fb5a9c1dbc507baf559da09375e65b8870a328fc6e470
2cc1578883d80e9554799564e57dcc56c577e0965451ff70665632a7f1e00d6a
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ee5286027f64816df32c866794e4200a9304d855f83b2d0fdfc488b0bbca5e6
2f009a44aa057e608440849ba7d59135c178393165207fb8268d1680f9365b5b
30cba8c6f7374a344b5a6d97dda6da6f92281144a7123bd7168349de7d85f4b3
30ee8dc4920b2dca6621737d57c70ab1dff3b54c52001d9488d2cf048c99c3c3
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
327c6d6d6fedd96c190a0ad7bf7c9c59ff7bd38bb246c101c15713eeff60aae0
33508bbb19f0b319f64b1c90e719e76101ff80e7acd25d6322b74131881e7aad
34b984ae49edfcdb79cb4c79e352edb15f6126c2b0e7747128329ca64d104424
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
383f008785d02472af73ec5e68bc243d794b04a04b6dae87ce8313269c6037d4
38f52ff6595ef6742a67ee23b694490ea6f3aff15eb51485a4e59c59695e2ae0
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
391e5ff0fdc2640044326480077bb0bbc209efd87363a82d59f2acae156f7263
3985d9744607df37e881a163f12d2702036e9d428df52f3c3927f180e3320923
3a5235cc38138c3ddc64dc84b9003fd6170e39add20d9fa7c34c36c6cc043854
3a57daa4d2037281a9e2e69c9dfa7a94de521e5dd596574873f91f08ddd719c3
3d7c7f77cc3bb5bf35042f2484343fdccd96a98ee0319542d32a4db82512e8ac
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41a491b6ec4c4ba2be42e5bf9040f0dc254b0fb6db203ad01cdfa10145fdcd21
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
41e76977ba4a13e2fce0bb3a7601400871b78503797433cb4c02874ee766bec4
42b4421435906a79bd519a7bb10fc226b362b9c24ae23084f4c3578002401e0d
42deb9219fc21f52ec47f6de9f2cd7bbd2b6eff02e03fb2e77b935f3f2a849db
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
43cbe861b09360a856de530e3aac37acab9201d0eb166c906b26e0f71fc6ff23
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45476301b2259ad412aaba2bfa7ea21b339a4919b0c5ffe0e59dc3d6fd72e01e
467e60591f4bc28a37191e696b2306d64bf62e09e66ff245029dc5e78d9ea2cb
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46a42303f8d329f8f0902007fbf69799d461993ca88476b766bca97d47efa9b8
46b2a642f1a5f4f742095269fbd3446aecf316d36e72e1e69abd9c6d80c43b71
46b2dc3fc5e9ccbcde38dfcc96d4545befae794ae947ea3602693f2e7126b057
46ca84e2f876ba05f9663cbc472870d77b6ac0b5898a1c3c1e3c9cbb3b89b8be
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48b782933f4ffe1e923111eb93d3924b4807e78ce63064d0b01e0f96de529a4a
49db6141b2c6a946efecb340bbbbf3648f78c5ef34fcf66255619c0b50cf5be7
4b3a376b59ce32d35645ee8814802f252093eb2abf04d6cac7fb8ad1fe7676c6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c10d3dd5cbad71065d28118d060e660877892ec3d8eff3e2f94e3371814cd54
4c834812ad0c6ab8e9cddcf914f1f922d2b52cf81f306bdc361a05641bb0798c
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d5ffa9b4660a2cb3cc7733dd785224252768155d96805b19b862ef55af6d045
4d6b8ae11f53844e9c63027df0fb8f06a68978409d93474a92c86620e8b3e0ae
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
51d82fcbe88e209dab883d6b6787234077d2fd8c4a55b894b510987b1aed1439
5232d4cd0b9952a75ffe2c1ddec301ab50b63d64a45d74fa1bea93ba4dce98e3
527b790b30ba9ff568eb63074cbc482755e26f8a2924da414e1386c5961bf386
52c854815f543b120f9314bf012a95ff9902edef46b232928855005edd9cf67c
5464bc9da4917e6ae367325f6efab65b790ca2970f129a561ff67f81a0cf60e8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
558511bcfb89b1b48167f3edcb05ec605e78321541f2c3b5ca645c25e377d1c6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
55f6ea1d2c1d7e062b587d1b9447b295fb80313c584d18cc4ec89cf5528a23e5
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58255daa744ee7478e21dd58b685345e4f76d95522a5ba987c4e73e9281336c5
58a99953187f1d6f2b3764cbba4a21e4fa380f25270d01dc498f197bd7cc572d
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c7987d2f26ca9bf8254df658877b74005f2e90d3f477eacc606e011341d8082
5ca92c06dc31883efdd21b50d74cfd8756fa7a312728339494e2298cb40b6a9f
5cc5fe6024fbaeb5632bae656bb379211ae9650e431099e76fc9101d43b53fe8
5d103df41045bc8e9538ed05d79fdd7750af623fa8dd55fdc3b74d90d6ba20a0
5d86b5ff40546e3a2ba79df35d4f926b43b145f3b84619df160fc5f1ff307633
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e
61b459cc9bf965b73d8b86b4b8da20b0f019b14dcdcc33ff8909920d0f22eb32
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
6424f0c34de6a093e039f6e0f48fbc5fa4aef0632ebac232ae10e33949a42515
6464c0f03f85894296249e6b72b4336f0596e50aebd6cf06a1098b2fae7f764e
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
68a19d9fd419108282e38d70ce90ba9c43a1ceb16873905b2fb40a67c01dc8e5
697459e724a25abea1fdda67e431d766298fe99415123e958f041b35403ee303
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
6ab06f2d15226ff69b2dd976c70a29b0b342edd91dbb096b0cd72f3e49c008bf
6acb3ad7f78db7ffea36bcc58b48053e0956897815bc6d4e17981776ab7e98cd
6acd836f00f9e42efa7c285db835db0c17ade97c7ced02bbf616a39e10c69bc2
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ba67e30f5cd4fb3caaf2933a38b99b1eb6fbd82556cc265aa21f648d1a6dcbd
6bb69b415e42d2e350095981feaba2984da02076cfdb1290bfb3d328798e2c8d
6cbe43d61c59982190c10b521b67b8c769071ef8724645620c7584774182fc9a
6d819e03aaf3877c15b1d7d532cf06316663cad1aca835ac99497ab08e0bf0e9
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6f5979539fc25ac479358c9886e201f55e021c10680a04a3e60c9f194b76b0e2
6fc8ce0c05c6ee33aa6e9571eac061cd4a37db2a0873fd05b1b5ee2173c47207
721e2fc91b7bb9db69c285702ec27241a35a954df0d64285470f01d9ff04e6a3
72a5470035e46910d5be8c4adbb13cc754b84232c71fe7935811336dd46c76cc
72b6ea5647b859cadfb35b135b2147134e3f682cef0a8448fe90489dbcf8f700
72f2a5abbfe60e35dce603cad0c3655e2f73c4346718acee6e009e4f20bc15c5
7514edcf566d87ae9b89ec1bc43583d04a293f3b87e43f27b847ec0c96773ae7
7561ec2dc82f7edac7a440ad46f72c7b09bc8f6c75a14f1ba391de945da9cb2f
75b29ce0e4fb6bc98de910d48d78f6db6074b2c0a810503945808a5f009cace1
76c8bdf4e138d8308992ba5c68f2d7360a2d1c3929e1b7961a8d38b7da738b11
77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561
7926fe9941fcecc6bcbf3ab01ac90e77fd4e96e9cf37b0726992da33f995bfc4
7948f4c0710d073e8bdb7b09fe5aba4f6870fddc11355c64afe97110bc5be263
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
798f999a711b13524e79137a5ee8a84c28250b705490a683122de26e423c72f7
79ae2b3d93629b442a7f364ff29db3b2fdf1ade3beb44eb2f2869c1fc6154bf1
7a50549f0d7b3fa3516aed9a9a6ae5983cdc801dfb28eaad88a9eda8b245406d
7aec24da00fa42f92101889621acc9571dd817a405d61c90d7a1fd0b2e8e836e
7b67ebf675e4c3ee1d4b2b0cd2673f7818ba6d41eba05cac587eeba589b30f7a
7bf4473ecc25fc8a56c7da4846022537d11e73a499922e0a16be9b8f83869052
7cd5058b3eee2cbc384dd13af193029a6dc41666a094fb03d1570f9e6b86f505
7e032545a829fd3c770e58b6bbb1b3fd828642e7245ca104d3598780369bea70
7e071e5b39d13cef80f7a46d854de133fd73c15d1351ebcf7e1f1b48821e7aeb
7e67d8140ad5de35ddaecbf938b1287583b9427ba2d4dc3068a86fd211c4e4a0
7f04f5b9ee8bfeaba95049646865e4163a92ba767cea569902e81a713c0301b2
7f2e2597ce84ed8f63918b9abd72fb84b541a79b76bda3d1098989c73c467040
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
808843013cc660be8d2cc332d756356537f75e12c07c3c5692194aa3068efc9c
815a40676f7838f69ef86709bf36a6b09972b5a061bea76d2387a085d9afaafe
83b1c226ddee3a6b6f78e8a3d84d9cf590a157642b0da6db5917b4adb9f4f162
8449865d1ef6cc1de67cf30036c1a7e5de5e7be65056ae60688796ef2e4dc521
844e564cb40b66b3a845563c7558359ee722e0bf0cf5315aaed1349d5a70d65d
8496667e6ca10b43d843e825b1f87efa7afc417328b26f815c1b3c5b533ec1a8
85526a1f718fba197ba6c3bcbb062fbe6e0aa4dbff573484548218fa2eb43185
85b0a6b7e1a39cfab0b46283acb187039816c087dba5d16b7e64f78ee59a1137
8613e5c2d1ce6376faad48e6db8b6fa48110d474833eb80dea709ae0f33b0c31
86ec2da6a4b0444953187ebca1373c7eee98813073fd5ce9046739d006220e5d
88bd751de914c875cc5ca0b130ef57f97ac9f5457054659875c90414cbfdacd0
88e6382d15edbda0254ba0ad7f224f41b358a21ebfad6e1eed439f5ddf0ea245
89cbd52d4e9254d818f204220fd31473d0b9f187b2a287013c488a25ab948935
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ae3f04fcc4413086348e378e6e90a9e26715b0df41d4adddaef9d7e183bc0ac
8b5e64dd26272ff0faef8d484c89acbb7596d142df55d6079f2d18dc5b8a7b89
8cdd507ea72067bae053f884b4a92b3d937965830f268e1f5ae0e54a37490e40
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d90defdf0d8335c4513a8118bfe2c478075f8c25e15264b4af9c43c1e8912b9
8ff319462462e5748804a866c2deb70bfa6d660d1db8fa1f2dbd9fbaac1d2ec6
939c30540cdac2a2d0c51cbe2f66171b5c048081300702d70f24be2b01021028
93be7d71bc050e522b042f1e2580faee29eaa4fa6cc0e2467e5bcdf048460728
93c87f976cf92a16c0de1912a209b8a1d5e85fe70057222b149f4b3852ebeaed
946c9c95fb7da4ae9249907e40e11291c00135e70991d34811f08617b20a5b67
949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b
9587db6cfe0632c077c8849bcaaf521ba002b3ed7a42a09083e96aca3f984885
96690a6b0b7d81e20ea26ead168609c18a2abe39228421083addfa1285a5923c
966f73d75c3c4673169d0614ed1be2fc631ec6647f0a44636816186e0e1b37dc
9749ac28429970b13cc51887791e89b0b46ebd9ad594dde8be2a2cb4b157cbc3
978d3ba4801394114df599b7401282e1e0ada60a155273078581c747c985dfaa
97d9dfd8ffc1cb034055da0f01287531af2c4578292d84195a926f9ef304250e
97f8f1e7af3a90169dcbeeffbe3b11101c629434f5f6d68416b6fe9389421a5f
9814f85523d0253897e2447a36fdbdc2a5e7647eb96c192f3d278393c955d2f2
999a7e72ef35507647d38361b959bf1c8699dae691745431c8242bcb013c8c61
99b6f1b6970464dd47243663dd56651a4ef994ae0777eaba567bcb261f049dff
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a63d5248095b6078fd95a59c270efae7d1cc086d9911533010bfd6555482f96
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d16d4fd850e0f34efafd3e88832ed48cb0b89a25671603c60a67031a72920dd
9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a11d44a414371df82d6707e8b10d9a23b47d5b919d26ca752730bd1f1b5b3310
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e
a272a50a6b0526fe9222d72f29741b9d91a156ff75439a43b728fe1d5a6fec0f
a27cb364b78f8e64593a2196580f84d2d06ff25538bf77f07629f9e033474051
a2c342d254f9c6b527e13f987aaff45efa6945f31a8f10ddcfbbd110b4ad4e88
a4551991444bea767a97af5120479bd3b786c29a14498dc3e13a8ea3a029dced
a534323a87f0771c4f1e18ddb170b35d4e341a8f2f1c304ce0460133df99f93f
a55cd6de4655dc7bb21259ded6fb10e73640436324b5eb7f01c6a450baefa7df
a60b7831e3ec9be34c34c066c9cd4bbc107efc6222e3a3a2b1aec6a0df74bf08
a61d40e247028e71cd1ce66406d114465789bdefae0897135b87bb0a7626fdd1
a689b152f54d822bab4e2373e3142e04bc78d2b6e83f69c890f699f05d72f1b9
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a6f3c4eb8378e0bd2852618eacf0a02ff8147155da4d5fb765d89989327cd1cc
a7a1bef3e152fed8de5280d380fc6b7d78bd85cab7b21f2b7fb0f0f8f40d49b4
a7cf9d7d46a9d9b0d83d6d91e82f11dd37fbffab2d8841b530f352be0cb6cbd6
a8076319603b1eaf05c0a1943377d9365c5c3bfb49d7e93923b6aa5e634f4076
a8506edb7cecc184215763028665efc4fb10a6e79e257ccd8071638e3994dd09
a8d7806d30891af771cd4b2f6a0abac0f48745cfb46883adcbf065457c6e15a5
a93e43defae47723c1bba144137d39d486ae5e3dce2f0458e1bbd94e17ca859a
aa43723f128e97f050043ade360d208e66573f60f68b6bf6bddbf941ca1a7a04
aa7c1276f417b6409b5a96ad98272c276421b816c86954a30511f6c4fd9c7156
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ab9aee954920fa0a4b86754be3a0d08ae296764d6d019c186db8b305d56b8a0e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acb1221313fbb4d27f785ffd7a9ade0f7f44c37567ce1abf6aff7c399a7992d4
ad5f6dda15141642e04d54d4ef048c6be955d9adcc5fb4a9704674c9ec71c356
ae05730591bf219612c3a2d9ef0c3d8f606e3faba6a32250fcfc89da173e1079
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b02d71564678eb49636941abe2cc2230bc1a7d6578d5d0de066627dac5a31e6f
b0512ff1ecca4eeaa79eabd6f059915e9cec84022c2f78519acf20d942b628e0
b0e70b299ab9c122ad93531fa8e5309833baecd53dd55c992c538f8b33bfa22d
b123ab7c59e84a24066d68a900c06b4cfc5a4fc610a8fe7786561ab27b25ae0b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a48777454353c2b6ff6e617c2caf64c290e2ba4f55fd74a30d97f734198c21
b2fd9293903d510d132adefbde652c07bb7bbac8d78c6ac47fc826fb547a585b
b3b8631cb468badc4012a399bf6d49bc2f4fc4f2ccef578a830234eb6b168da1
b53b1d1a70352315b96b2659e0f80fbc988b1a19a3d177bcbb0a16a5fa32c45a
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
b5ee6bdb586691f0f33e190d32d77426e95e0a1b98728c09970a0baab3b548be
b67ad968ba3668562f331df45b73501e17c7c166bcf7e5443c33633cbc9d5783
b7123bf5d1742985950f5f6ab3845907263a91e175527eb11baae5f45c3735a9
b73141dde425aabe0bf349cb00fbed93333bfe8365da38c04f64b8f02b2339a1
b7e419ec912eb37670752481646f56c61d27503a535404dafba62db861ba3bc3
b810b79afc1d7f88bd046f3e61cad81ce27cd38523c374aba2b20b7afd10f3f8
b86ca7249e6f28cc9af909dcc5501e67101273ff2a2a19c408779a0fbf27e733
b98e1cfd3bc985929ee1cd472cb90f0ea7a35e2d21b9ef36865f93453eed1f4e
bade9777ab933b6324666fedee893c4382b7ec482a10584ac9dd89a0fde3f768
bb8f562b96a012eb6a42cb988b1a4ca6cb7d0207039d326881e41507cf9dde06
bba2d5622e1a33c1bd924e07f396c234a390f0bf9bb5fd1394521df422ad3607
bbbf189ee0fd46edc91bdc96aeac86c78c35c8d497ecd9a786ef318ccb62e985
bc48024d6ab3f5dbb711477fbc5145950dc85465dd85773e3cacfbed8107ffe3
beb9f5e32ed61fbce010497242a9b6b8219242b5ffc636038e7891510c773725
becc0343edc314cec6d7160694843ef7f82628f4d6400c3876a1d7e403f6c4e2
bfab790a7855af8b77b67f1747688d142aa5cb2d0afbcbe2ad96df43b0bfc95c
c02320086cffca4e6865282cd90e1a431344b8049bbff42c60a91dc2f31d86ce
c20e4fc83e796d4c45aa00445de01f6f49c068672460f88f6766c01c5cb64c4f
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2644f0bb64b3a4ea6c293f254d8f457cea99295bc592908a0e402a519795283
c2dfa9476e58f6ca4d283096ec9b6a21d68420f7ad3d1a8456b20ec02d10c973
c2e62cd951686c0abc1cbcd7ef6b3ebc2406c914bba8299c3947ec3911379099
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c34e5d3266ea00298001d8d288f2772c0829a74b54b7687b683a3dcdd91a4d23
c495be177a73032ce426e08423b5e3a8c1d4e881a15af772126a82fb0514c698
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c57bf25d597d1ff1383341c78e43db9993e76d2e1dbbe123a7a2089fa2f7264b
c5e9b6a06e5a3e76a98daffe9dfc99429a800bd01edf9dd5352fa9940bbb2830
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
c65a3178ce5d50e7ae192ca5ddaf928e14653b343ec1548e9dca0428c6e470fc
c724e5a7d19820339372c40bfdd774a97c8bd63c14ab7799932e11238e662d0a
c79b952455a77dfa6e4dbf3474e887a4a6cccf285881103803651bf408b4b16a
c841754969611c13572695eda297fa34b9653253dbfbe7eb36b09c109d21cbb6
c877d60d8ad6a37cc1b273651610af98635c0ac51b09bcf0632dc742e2ac751a
c8e6c8feaf7598e68bc7f017961adcb983a1c52cbfa0191e4f67f64d0bc1f32e
c947ca356cf3360b7293e4a3bd903436a1172ca30583bb6f508b4eaaf11024f7
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9bdd9313ffaf6f9b8afd8aa7182852af6557d7d9916ada161dd58f6c9af15e2
ca21228cf6890fea685c6e20f24be256a3946c11234905c4f4256544b2193006
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
cc608c825b8be3e95e1d718fdfe935654296c1911a3481b23b092274cebb3980
ccf7b12ecc8e9e8ffdde253ba24560e0b8742463ad4868c7659fc90968ffcb3a
cda3dd8b74a8cb2699277dc3b4d82ac4482304fe884d47bc7638111bb5257bd8
cda418d2e3272afa1482d2cf5b393eda0f131da66afb083caea72860d1239bb9
ce174010dbecc7aec9280ffd46eabfa8189b99d461403f060178a4075a872446
ce72896d7177b8a8f6d8676a7b9969e0b055779b3f1dfa8af36048921a8a7670
cf0ffb98a32729058f83b6e6c08e2e7458f5fb97a3d41ee805b191719011e521
cf6a511ee5602752a6968705fa9c53a5d0a06612fa3770286868339846d945ee
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d07cb50924c569c9929f4538aa8f9e3d743d7060a7d52eee27b5c8bd9bc289c2
d08110fb32a9fa5e161050a13a7980c6db1bdfedbd3a09ea2b263c8520faa7f6
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d1878d65f685395d69cf83126e577ddfe70ef6a992c9595385b14b6cff779d87
d1a4a7aa00e62b62538f84f4f380c16796c88078656d204c4f5ceebb59d84fe8
d1c4cb242f0a28257f1675fe096b19b94869b912cb47c3d4371178bb8033dd90
d20db6c1df31874b999f525e1eb15c5041d7b5b94c7336754c97d72fca64c1f1
d28ea63fc087de8bd031ea4c03a5fee77fdc8a287fa99cb31429680d626ac28b
d31a5605e7c96eb9d44d6301a42fb3a89953b0a804f7ac49b1eabdfddd86544d
d341c389c98bf2a17eb90f9049c5ceb77d45d2e71131016ec55169e0ae4504d4
d3be908514603b6d40c489a9658ef882f6f756b97377aef5e24f5dc8e96b9328
d48aad4e106f298f502e60ad78640c55965a9a151e13f4ffaf92a692ce204d73
d4f1c674b11f02fd36315c1914d77ad84c6df69d298e349a5799d10272c33a56
d4f31876d3647b02707b37456236cecc3c652b935f3252233e349b8c62cffc2e
d4fbdb5935b28450589b76b53bb1c5d0234d14de6b66173ffc6e38b91d1b1db3
d72fddb206c2364426bb62da3a01e8c225ac82e1d1594ced8373cdada181796c
d73f53d60e8d626b9238c3334cff2d2ad92d6228ed6b0131c6e2cf488948ca60
d7cd879df53ece5f82d10656b7890db0b9210823870eef37fceef4d7b133dd1c
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
d94f1a39acfe37b82ee50c1db98885a2fca89e81ca7850294df2dbde1f76972c
d9b818bdd46120d20f71b7d5591d39425e633c986d64b25ef9180acd02b748b5
dada31613ec07643549dd0ba2fccbbbb2063c5af7ddd3e2377c6cdb5ade0cc04
db1f114bd3e6e38934421095460c89696af935c93d037c2aeebe85f932ccfb1b
dce99a769693d71f1960b00a4c2d87f69f2478992668e5fb94ad9185c57828e2
dd9b482195c3f081b17360c55468e5d9c4680581dce66b751a0f85ad1290c23e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfabd954a3ec494e41f63bab6f12a56ce35150c3b6eb0da47f1e61d5c22bfc2a
e004085a05c3ac823c8da76194524817cf6eee449cfedafe7bfab2eb8593bced
e07f062112b1fc1be53c2cbfee962cf154485d2a0a584ba547bcd9a87e9bce82
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30c59b1f56c36a80c2f7784ab15ea34eec032869f5595645c0bdf065c7c6b89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6
e43fc8593a253ab1934637090c185357a3f0ef84e5c59b417b695bcdada0f4d2
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e742ec4ee8d808cfdeac07d3d4f3b08ba3c3c7266fceb5da9ddd425a4837e4a8
e82333e53f32afea84b4f08640b5061c25aedc66e68ef1f1777f654b303cfd79
e877e71c2d45d5bfcc3b617037a3c4c28615a9e054cee63ec60f408bc9aba731
e892bd5342b7801457391691156a04e2567e08a6f5f5bc4c4889b1175480e104
e8d032fdfe7216b337e6cb9caf7f50610d435df02f746a61696beaf84c1e42c3
e920ec2751d5162bf98b793142de66545bb5b1b41ef3309bd1292e7ce0c30ec3
e9600a311347b444b3852c4c53cf57f46cea4925aaddbf334ce8a100dad0dc28
e99be6ede34fb9a77ad03948bbda182d7d1374775dfe4a8ef431e07381af27e6
ea2d542d9bac031dca320ea6ed9c958255e986050cbfaf4eae6713905e31ddf8
ead0293d41f0c5fef76a0205ad3060391bdbeec5ae4920c5c6d2edec8bdea2e6
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec59969056e6ed0f661daed01453e8690dcb5bef6135f58994cbbde7483ce813
ecb740996ce05e9b7823c9690564a0d7b3840becad640d37e929cd4f4ee1cdf4
ed8f51a02e39a24a9cea2ca4b459fba827212322c00f15525dc1379f3b47a3ea
ef0adb856579b963b6049d94d5e020105cf548fd2356581f94a80b8c39da1074
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f006c556c753a58b408277de14a33ffdc8a921625cd682042960de78c6df2552
f05e45157561299fdf9c77b4ead956006bd678b5e82ad3180d5284e333c3ca28
f134ba40278a9ec46dae45158380d0b99773d3c0ed252d9efa634bda9c0f4526
f2a78ec0800976a7fbcd2f14881e6be9588f6f95d7e2ebcae41236f6ecfe3206
f3bccf2ba4483214a64dd5d4222b45ae474f5d51bbc50bc80e7c78445e621772
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f884b8e021f5ef1893ff2f2c6e88ac6b3e9880f9dbe57dd04f452fc142c7eae0
f8f0a3a57a6375a0604e8b4fd0b631c441bbc721f280fe5970b5717eff4cff6b
f94c318621cb28a1d2c4b46ebc98ced5022fc3a3c871e4fb04f1c9752ddde5a0
f990d729649be8031232ea26fa47393e5c9239c7a7efe4fef61f0b045b5f017b
fa2369c4c319e0ecf228571ee7377f4d9911b8fca09f1b5eff12b2690aa340d7
fbd96f97dfabbb444dd155929e9632f5049251e4a8885989179fffb74ea6348a
fc8463e5701a90b0f5686a725b46bd98733a03375d850a52088f4ad319fcf081
fd5b60ffc3ca0727647beaa306e807665623255c6aefc7ec3ce78bde5af14621
fd90bc961c819aae542acd724a90ef805b1f0a57991c8e37db6b9d677aae7634
fe6e0182538f31cda8fd3d5c7ede213cf4aa271df75cc7ab019896f225201db1
ff900b9a92673f2f33be869f28f899428a7250804c644269f9c6b5e7f2586a06