shrinke.me Open in urlscan Pro
2606:4700:3035::ac43:9770 Public Scan

URL: https://shrinkme.io/payout-rates
Title: Payout Rates

URL: https://shrinkme.io/pages/payment-proof
Title: Payment Proof

URL: https://blog.shrinkme.io/
Title: Blog

URL: https://shrinkme.io/auth/signin
Title: Login

URL: https://shrinkme.io/auth/signup
Title: Register

URL: https://shrinkme.io/pages/privacy
Title: Privacy Policy

URL: https://shrinkme.io/pages/terms
Title: Terms of Use

URL: https://shrinkme.io/pages/faq
Title: F.A.Q

URL: https://forms.gle/PSzDDwcQLJCjL8V8A
Title: ABUSE/DMCA

URL: https://www.facebook.com/shrinkme.io

URL: https://t.me/shrinkme_io

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs= HTTP 302
https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=

Request Chain 56

https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?rnd=0.33219505521269155&e=728x90_0%3A728x90%2C970x250%2C970x90%2C468x60%2C970x66%2C930x180%2C950x90%2C960x90%2C750x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs= HTTP 302
https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=728x90_0%3A728x90%2C970x250%2C970x90%2C468x60%2C970x66%2C930x180%2C950x90%2C960x90%2C750x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=

Request Chain 71

https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs= HTTP 302
https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEEqRz2DjlgdF6Kvr991pCkI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Request Chain 176

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Request Chain 178

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Request Chain 182

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 183

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=28309051151631192094555979392278972959&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Request Chain 185

https://bn01.er.bemail.it/zeotap.php?_bid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-72642-0.731264001613134872-50287da4709376befacf509ba90cb166&zdid=533&env=mWeb

Request Chain 186

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=6928361484929333399&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Request Chain 188

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=3bca84c8-c663-4266-6440-88c1e4cd6c8b&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=3bca84c8-c663-4266-6440-88c1e4cd6c8b&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361&bounce=1&random=860589550 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Request Chain 191

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-vcmjge91lw1NZWSr75CDNV44wYywEgQ1Hg--&zpartnerid=570&env=mWeb

Request Chain 192

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=tTjRO%2F19oD2j%2Fc1wSrFMbzpnNkc0wrMW%2BS41iYitP1U%3D

Request Chain 196

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361&_test=YCZ8DQAAAGFk8SrK HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8SrK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&_test=YCZ8DQAAAGFk8SrK

Request Chain 197

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=01906026-7c15-4100-9cbd-f005e22b050f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Request Chain 198

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=N8Ooj3tN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a

Request Chain 199

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&dcc=t

Request Chain 200

https://tags.bluekai.com/site/87734?id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 204

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEG0kX-H50LAuYiS1RI4akFI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Request Chain 205

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Request Chain 207

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Request Chain 211

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 212

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=83514630781594670522989343151868426594&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Request Chain 214

https://bn01.er.bemail.it/zeotap.php?_bid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-57880-0.754830001613134872-c206e834656e951f8ddf8359f6365861&zdid=533&env=mWeb

Request Chain 215

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=6928361484930119831&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Request Chain 217

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=cec17a6a-db43-46b6-69ee-109fd6a0ba58&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=cec17a6a-db43-46b6-69ee-109fd6a0ba58&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361&bounce=1&random=2656714736 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Request Chain 220

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-PvW2Cil1lw31UgRI.4WTgAajyGkqG_blDA--&zpartnerid=570&env=mWeb

Request Chain 221

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnGj%2Fc1wSrFMb9tF9Qts%2FDZk%2BS41iYitP1U%3D

Request Chain 225

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361&_test=YCZ8DQAAAKhN0DoG HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAKhN0DoG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&_test=YCZ8DQAAAKhN0DoG

Request Chain 226

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=32696026-7c15-4d00-9ab1-553e4d4c55ec&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Request Chain 227

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=N8Ooj3tN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a

Request Chain 228

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&dcc=t

Request Chain 229

https://tags.bluekai.com/site/87734?id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 233

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEIQ4wwcniNYK6wKYfpFuzZM&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Request Chain 234

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Request Chain 236

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Request Chain 240

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 241

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=9c9e772b-6cbc-4c8e-436c-bad90d393798&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=9c9e772b-6cbc-4c8e-436c-bad90d393798&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=59647049083820633351066134033792568126&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Request Chain 243

https://bn01.er.bemail.it/zeotap.php?_bid=9c9e772b-6cbc-4c8e-436c-bad90d393798&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-44812-0.778476001613134872-b9ec4670c60899f4d1353040cf434814&zdid=533&env=mWeb

Request Chain 244

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=6928361484931102871&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Request Chain 246

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9c9e772b-6cbc-4c8e-436c-bad90d393798&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9c9e772b-6cbc-4c8e-436c-bad90d393798&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361&bounce=1&random=3696468610 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Request Chain 249

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-LBftG_t1lw22h0azmvQ9lmsjpwBj1pU9cA--&zpartnerid=570&env=mWeb

Request Chain 250

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjCj%2Fc1wSrFMb%2Foj6FoiDd3B%2BS41iYitP1U%3D

Request Chain 254

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361&_test=YCZ8DQAAAGFk8irK HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8irK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&_test=YCZ8DQAAAGFk8irK

Request Chain 255

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=0aad6026-7c15-4200-8e74-3cdf5e58aaff&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Request Chain 256

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=N8Ooj3tN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a

Request Chain 257

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&dcc=t

Request Chain 258

https://tags.bluekai.com/site/87734?id=9c9e772b-6cbc-4c8e-436c-bad90d393798&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 263

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5134582420614854455

Request Chain 264

https://ms.quantumdex.io/user/sync/quantumdex HTTP 302
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=7a3aefbc-a00a-4041-b5da-0da48415f43c

Request Chain 265

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D HTTP 302
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=4b5c5780-6c84-4705-8f6a-bc06b8d84344

Request Chain 266

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=5965e9e58538953e51e46994

Request Chain 267

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

Request Chain 268

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

Request Chain 272

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454

Request Chain 273

https://ms.quantumdex.io/user/sync/quantumdex HTTP 302
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=d7f9d3d7-4a1e-41b4-99fa-649493a7b845

Request Chain 274

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D HTTP 302
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=d68446a6-9715-4802-b018-58c93d399131

Request Chain 275

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=7d75ad6b7d9a245e1023fcdc

Request Chain 276

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

Request Chain 277

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

Request Chain 281

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5650510348165703004

Request Chain 282

https://ms.quantumdex.io/user/sync/quantumdex HTTP 302
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8ed95fc7-fb31-475e-8a02-e72cf7c55c1a

Request Chain 283

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D HTTP 302
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=939e87a8-25dc-46de-9de1-fdf00cad43cf

Request Chain 284

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=d00a5d0cc57622c82dee37ea

Request Chain 285

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

Request Chain 286

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

Request Chain 290

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=a21b3c5aaafd6341608f751f

Request Chain 291

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2618267549818113117

Request Chain 292

https://ms.quantumdex.io/user/sync/quantumdex HTTP 302
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=56f2a635-dddb-4822-97fa-2f8a73e2309e

Request Chain 293

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D HTTP 302
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=bde84318-7d47-40ff-ab32-8a69c549b66b

Request Chain 294

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

Request Chain 295

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

Request Chain 299

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454

Request Chain 300

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=641ea3ed65aa29021494cb84

Request Chain 301

https://ms.quantumdex.io/user/sync/quantumdex HTTP 302
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=6eac075e-00da-414d-a0db-7239b30408a3

Request Chain 302

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D HTTP 302
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=9be65746-f5a5-4efd-8195-3a8d6d60082a

Request Chain 303

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

Request Chain 304

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 307
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

Request Chain 308

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=sonobi&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&user_id=hBxmDoVPZFyfGzdcg0p5CoIYMAifSWJb1EnT1LPH

Request Chain 309

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Request Chain 310

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=9b485b85-8409-4db0-8480-608ea42756f7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=b3gyWGVCWDJkNmEzUnpiRDduM240QQ&gdpr=&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=b3gyWGVCWDJkNmEzUnpiRDduM240QQ&gdpr=&gdpr_consent=&google_tc= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEN0v7FLhBT_phzBKr4my59Q&google_cver=1

Request Chain 311

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=fc636026-7c14-4300-932c-b3344ed82293

Request Chain 312

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=2159827868505102373

Request Chain 313

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=346369624 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=346369624 HTTP 302
https://sync.1rx.io/usersync/tradedesk/92ccbb93-6f15-40c8-b95c-57fbaf68a01c HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-b4f347ce-2c83-477d-9f00-3c7833531332-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

Request Chain 314

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=OWI0ODViODUtODQwOS00ZGIwLTg0ODAtNjA4ZWE0Mjc1NmY3 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Request Chain 315

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dsonobi%26bsw_param%3D3a132c57-409f-468d-b774-93a71e27daf1%26gdpr%3D%26consent%3D%26gdpr_pd%3D HTTP 302
https://x.bidswitch.net/sync?dsp_id=354&user_id=f962e4537bc94dfbb471dd23849f241e&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1&gdpr=&consent=&gdpr_pd= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172

Request Chain 316

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Request Chain 317

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=9d146026-7c14-4b00-8253-f1c601ddb95e

Request Chain 318

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=875739024104754753

Request Chain 319

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1533396110 HTTP 302
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-b4f347ce-2c83-477d-9f00-3c7833531332-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

Request Chain 320

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=757ec5f2-f6f5-4216-9a25-8e75c8190384&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=b3lMVG9ONWhVSUswN2c4LU9sdkpjZw&gdpr=&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=b3lMVG9ONWhVSUswN2c4LU9sdkpjZw&gdpr=&gdpr_consent=&google_tc= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEJNFkIZQ32jqfZFXiV599D4&google_cver=1

Request Chain 321

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NzU3ZWM1ZjItZjZmNS00MjE2LTlhMjUtOGU3NWM4MTkwMzg0 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Request Chain 322

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=3a132c57-409f-468d-b774-93a71e27daf1 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=3a132c57-409f-468d-b774-93a71e27daf1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=0f544f37-59a0-44f9-8d98-61a068667ec0&ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=250&expires=14&user_id=0f544f37-59a0-44f9-8d98-61a068667ec0&ssp=sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=a7ef6213-efa3-4d7f-9471-29f77726672f

Request Chain 323

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Request Chain 324

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=201c6026-7c14-4e00-8e61-719d6cadf791

Request Chain 325

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985138

Request Chain 326

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2399002715 HTTP 302
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-671a20c3-5003-4d18-a418-30e573045b85-003

Request Chain 327

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=d3df948e-7ab1-4316-ace0-0de9626949c2&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=ZGlyc1ZXVEVnc2lrSUZsUWsxUnhsQQ&gdpr=&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=ZGlyc1ZXVEVnc2lrSUZsUWsxUnhsQQ&gdpr=&gdpr_consent=&google_tc= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEDkx8uXGWOkLeZQBOULaDdw&google_cver=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=dMu4tUN6PEuC

Request Chain 328

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZDNkZjk0OGUtN2FiMS00MzE2LWFjZTAtMGRlOTYyNjk0OWMy HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Request Chain 329

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1&google_hm=M2ExMzJjNTctNDA5Zi00NjhkLWI3NzQtOTNhNzFlMjdkYWYx HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEFHygewV56At597d21M_uPM&google_cver=1&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3a132c57-409f-468d-b774-93a71e27daf1

Request Chain 330

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Request Chain 331

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e5776026-7c14-4a00-b905-7b30e25e56bf

Request Chain 332

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985149

Request Chain 333

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5120410437 HTTP 302
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d0307308-6fab-4e8d-97bb-254f290e86e7-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-d0307308-6fab-4e8d-97bb-254f290e86e7-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d0307308-6fab-4e8d-97bb-254f290e86e7-003

Request Chain 334

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=421c3e4a-ca80-466c-971e-4326081765ce&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=ZnA2WmJfQnF0U3hkQTNUZkZ1VGVXUQ&gdpr=&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=ZnA2WmJfQnF0U3hkQTNUZkZ1VGVXUQ&gdpr=&gdpr_consent=&google_tc= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEBZAMY_wzZ36GWWbRB5Tu7M&google_cver=1

Request Chain 335

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NDIxYzNlNGEtY2E4MC00NjZjLTk3MWUtNDMyNjA4MTc2NWNl HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Request Chain 338

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1&google_hm=M2ExMzJjNTctNDA5Zi00NjhkLWI3NzQtOTNhNzFlMjdkYWYx HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEFHygewV56At597d21M_uPM&google_cver=1&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172

Request Chain 339

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Request Chain 340

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=512d6026-7c14-4200-a275-5ef03689ee9c

Request Chain 341

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985152

Request Chain 342

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3796205379 HTTP 302
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

Request Chain 343

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=d368fb0b-d243-40a1-9428-b5edc0d3e6fc&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=Uk5YTnhMSWttNjh0UlNtMGFTS28tQQ&gdpr=&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=Uk5YTnhMSWttNjh0UlNtMGFTS28tQQ&gdpr=&gdpr_consent=&google_tc= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESELuk0bPJLQjzEJ_Y2Tvc9aM&google_cver=1

Request Chain 344

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZDM2OGZiMGItZDI0My00MGExLTk0MjgtYjVlZGMwZDNlNmZj HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Request Chain 347

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4736027777663284777

Request Chain 348

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFIcnVFN0FUUGdBQUFfYVpOSkxYUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAHruE7ATPgAAA_aZNJLXQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAHruE7ATPgAAA_aZNJLXQ&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFZ407ATPgAABBU5bJB7g&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3896177572672310745 HTTP 303
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3896177572672310745&_bee_ppp=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGI107ATPgAABDF5bJB7g

Request Chain 349

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6928361484928481431

Request Chain 350

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=X8joceadQMh9pVrocnQmWTiN

Request Chain 351

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6697467128 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6697467128 HTTP 302
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-671a20c3-5003-4d18-a418-30e573045b85-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-671a20c3-5003-4d18-a418-30e573045b85-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-671a20c3-5003-4d18-a418-30e573045b85-003

Request Chain 354

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=rfwALZKGvlEF&pid=557219

Request Chain 355

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=9d4e0597-c72d-4b6b-8bc2-1a8ad5ed1997-tuct720018d&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 358

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=y5EHQ8FsS7C7AGH5f6YzoA%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 362

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0I5MTA3NDMtQzE2Qy00QkIwLUJCMDAtNjFGOTdGQTYzM0Ew&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 363

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFQkWLewIOmClORN2iIFgik&google_cver=1

Request Chain 365

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=4643835817686605266

Request Chain 366

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd

Request Chain 367

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:df756026-7c14-4200-84d0-110cbcadbfbd&gdpr=0&gdpr_consent=

Request Chain 368

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7054972929616349454&gdpr=0&gdpr_consent=

Request Chain 371

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=78d89551-15af-4efa-9280-7599dab00172 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=78d89551-15af-4efa-9280-7599dab00172 HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=893d9126-0585-4ea9-b61d-584b01175bbb&ssp=pubmatic HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=250&expires=14&user_id=893d9126-0585-4ea9-b61d-584b01175bbb&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a7ef6213-efa3-4d7f-9471-29f77726672f&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 372

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=qBN2o6lAdPGzFCfxr0Vpp64XIKWzRnL2-EYogM2g

Request Chain 373

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3354563233082209371&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 374

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YCZ8DQAAAKhN0DoG&gdpr=0&gdpr_consent=

Request Chain 375

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:424a79a1-6f6b-4b7e-b587-b9b15390c089&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 384

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YCZ8Dh3K_cbFf3sG9Zns_AAABIgAAAAB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENbYvUJIwsNakcr6FeDT-cE&google_cver=1

Request Chain 385

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8Dh3K_cbFf3sG9Zns_AAABIgAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8Dh3K_cbFf3sG9Zns_AAABIgAAAAB&dcc=t

Request Chain 386

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YCZ8Dh3K-cbFf3sG9Zns-AAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YCZ8Dh3K-cbFf3sG9Zns-AAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECay6VHTf6YZGA-p59g_vT4&google_cver=1

Request Chain 389

https://cm.ctnsnet.com/int/cm?exc=19 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=7217beed4947408c897809c28b319e13&expiration=1615726869 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=109&external_user_id=7217beed4947408c897809c28b319e13&expiration=1615726869&C=1

Request Chain 390

https://match.prod.bidr.io/cookie-sync/ie HTTP 303
https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1 HTTP 303
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAFZ407ATPgAABBU5bJB7g&expiration=1614344462 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAFZ407ATPgAABBU5bJB7g&expiration=1614344462&C=1

Request Chain 393

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YCZ8DtXVfOeVW4P7CU-C7QAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YCZ8DtXVfOeVW4P7CU-C7QAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBSflH9A4Bs2qgq-pQyG2_s&google_cver=1

Request Chain 394

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C7QAABLwAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C7QAABLwAAAAB&dcc=t

Request Chain 395

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YCZ8DtXVfOeVW4P7CU_C7QAABLwAAAAB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENbYvUJIwsNakcr6FeDT-cE&google_cver=1

Request Chain 397

https://c1.adform.net/serving/cookie/match?party=29 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=111&external_user_id=4643835817686605266&expiration=1614344462

Request Chain 402

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C7wAABJcAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C7wAABJcAAAIB&dcc=t

Request Chain 403

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YCZ8DtXVfOeVW4P7CU_C7wAABJcAAAIB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENbYvUJIwsNakcr6FeDT-cE&google_cver=1

Request Chain 404

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YCZ8DtXVfOeVW4P7CU-C7wAA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=YCZ8DtXVfOeVW4P7CU-C7wAA&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEH5zd170O_qbW8dbd_4utMw&google_cver=1

Request Chain 408

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=1306497a-085d-85fc-052dea07

Request Chain 410

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C8AAABG8AAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C8AAABG8AAAIB&dcc=t

Request Chain 411

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YCZ8DtXVfOeVW4P7CU_C8AAABG8AAAIB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENbYvUJIwsNakcr6FeDT-cE&google_cver=1

Request Chain 412

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YCZ8DtXVfOeVW4P7CU-C8AAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMC8NvWVhEWTlR6Tz69Chis&google_cver=1

Request Chain 418

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

Request Chain 420

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C8wAABJAAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCZ8DtXVfOeVW4P7CU_C8wAABJAAAAIB&dcc=t

Request Chain 421

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YCZ8DtXVfOeVW4P7CU_C8wAABJAAAAIB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENbYvUJIwsNakcr6FeDT-cE&google_cver=1

Request Chain 422

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YCZ8DtXVfOeVW4P7CU-C8wAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECay6VHTf6YZGA-p59g_vT4&google_cver=1

Request Chain 424

https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819617034770757 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819617034770757&C=1

Request Chain 426

https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=05df220300cd642368a0cb0c&expiration=[EXPIRATION] HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=05df220300cd642368a0cb0c&expiration=[EXPIRATION]&C=1

429 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request HOTSTARNETFLIXPREMIUM Show response
shrinke.me/ 22 KB
7 KB 73ms
55ms Document
text/html 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cf33459b3a01497026e02f926da500e7b34fe1c2c8ead7e2dadb9794070f542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: shrinke.me
:scheme: https
:path: /HOTSTARNETFLIXPREMIUM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d4b6d7b38990e5946f04b58e6599bf6c51613134856; expires=Sun, 14-Mar-21 13:00:56 GMT; path=/; domain=.shrinke.me; HttpOnly; SameSite=Lax; Secure lang=en_US; expires=Mon, 07-Feb-2022 13:00:56 GMT; Max-Age=31104000; path=/ AppSession=bc969f5ba91c2d23ce8f861bb78bb52e; path=/; HttpOnly csrfToken=28c8a71f3c6459ef76b4f5b0c4a92c7d6a6ea15e1a835eaab3d8d0359377bb82dbd76ae849155c9d2025194ad1b9e0db64fa35687f70c62ecee24e1e1b5e9297; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-robots-tag: noindex, nofollow
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
cf-request-id: 0837ed97eb00001752ddbe1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FsdbakUUuodds4UdWbSd1JJpM96ZDQKPtWnW%2BxomcS%2B4H3m6l2912OBUhOgx5Bvd4fqvUUyVM3ss4nkcQTgI6utNlTTaIyE0T78volVVjLY2jDI%2B3D8b"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 62067ed31b311752-FRA
content-encoding: br

GET
H2 200 css
fonts.googleapis.com/ 6 KB
838 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7ade7bbe0fb193a1fba5b653fdd17354373c08416c0fb0af45ce11a03a92a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 13:00:56 GMT
server: ESF
date: Fri, 12 Feb 2021 13:00:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 12 Feb 2021 13:00:56 GMT

GET
H2 200 styles.min.css
shrinke.me/modern_theme/build/css/ 187 KB
31 KB 22ms
20ms Stylesheet
text/css 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/modern_theme/build/css/styles.min.css?ver=6.4.0

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b386764e2b714f6fe617daaedd1946a7161fc2ae5f9bd0bf606f76287121ee1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 640514
cf-request-id: 0837ed9827000017525c3a5000000001
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2ec69-5a22587d62000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=w1r0doefSaMEW%2FY21qa%2BrGnOH%2F8a4KQROTx38gZKxaX%2Bd11rP93Oh%2FhCNdAZ1yVAfyVI10SRJc%2B9zMzkNh3VokCCjawc7b24z9O9dBhseaZ47ML6uD0r"}]}
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cf-ray: 62067ed37bc71752-FRA
expires: Sun, 07 Mar 2021 03:05:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-137383949-1

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c42fd57588a4ce0f9e9556ad56eaa132d368f9b9d8673e315c3fea1cbfcc5803

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39105
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 12 Feb 2021 13:00:56 GMT

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 25ms
8ms Script
application/javascript 2001:4de0:ac19::1:b:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 17:24:41 GMT
server: nginx
etag: W/"573f4859-14e4a"
vary: Accept-Encoding
x-hw: 1613134856.dop201.fr8.t,1613134856.cds244.fr8.hc,1613134856.cds130.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H2 200 / Show response
services.vlitag.com/adv1/ 381 B
1 KB 141ms
124ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae74881fb20af19ff60e260e4f6b7adb515dfea70dd79e95eaba7b254823f924

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837ed9a8400002bc2740a2000000001
pragma: no-cache
last-modified: Fri, 12 Feb 2021 08:00:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-sv: 157.114
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=L4SmWSbjNg3%2BSQSES4TPTlkF%2B0MbsIusesuUj9d2kFg3qX5lCcXnTeXNS%2BVlOEZJytQDsUBFDmQLx0TGJcTvVCWhfoXurf%2BqgvcVBLHzC0cBMiRAIb3HoVk1I%2Bx8nE8y"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
cf-ray: 62067ed738672bc2-FRA
expires: on, 01 Jan 1970 00:00:00 GMT

GET
H2 200 sw.js Show response
shrinke.me/ 96 KB
34 KB 30ms
29ms Script
application/javascript 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/sw.js

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ba75869b8dc9e93dfb6bb58428301a77e3d5174716750d78e8dcd24658d4ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 459842
cf-request-id: 0837ed9828000017521ca62000000001
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"17fc0-5a22587d62000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H8caVR9jPFK0CO5kZS6z56%2BCFsbtLemsmsru3l50w5YEzEbcnTY2acx4tvMjVSRgJWvUzV0q%2BGUvhNM9l9i2Rd2UXFUjr0vATO0LJsyv4JwlSpFQAnt1"}]}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cf-ray: 62067ed37bcb1752-FRA
expires: Tue, 09 Mar 2021 05:16:54 GMT

GET
H2 200 / Show response
d1r90st78epsag.cloudfront.net/ 286 KB
95 KB 239ms
179ms Script
text/plain 143.204.214.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1r90st78epsag.cloudfront.net/?etsrd=792297
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.82 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-82.fra53.r.cloudfront.net
Software: /
Resource Hash: 7a4479d274ef4683fa9351cef18491ee64b72b809980c27735b3c705502e0510

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-length: 96580
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
x-amz-cf-id: eG71zNYRaJSdkm4X5mJIxBCFz837anhTlNb7f-5PMAA3Aa4SYiKd8Q==

GET
H/1.1 500
Internal Server Error 1844b8e470c024a415cff51a0843d71c.js
brittleformat.com/18/44/b8/ 0
0 362ms
119ms Script
text/html 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://brittleformat.com/18/44/b8/1844b8e470c024a415cff51a0843d71c.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 logo-sm.webp
shrinkme.io/ 31 KB
31 KB 61ms
27ms Image
image/webp 2606:4700:3036::6815:3aec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shrinkme.io/logo-sm.webp

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:3aec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9777428de88c524584f0133c3c0d9becf5a3840597eb16dc873bbc29b9a0bf58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8244487
content-length: 31236
cf-request-id: 0837ed9ae700004aaf76a32000000001
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "7a04-5a22587d62000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3eIvP2A8CnV5ddNJmWb1qeXr4LGDSmX00hntMA2dgqgm1WyXK%2F%2FVz4AMebCB0W3XBT%2FHDGvaC0Zz7FIiFr%2FocjAtM1cnZB5HcekehP08%2BwxwMkPg1ABE5w%3D%3D"}]}
content-type: image/webp
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 62067ed7dcfe4aaf-FRA
expires: Tue, 09 Nov 2021 02:52:49 GMT

GET
H/1.1 200
OK 23826 Show response
coccusadmanlob.com/t3tgUSTlRzMe6Sv/ 0
0 136ms
37ms Script
text/html 172.255.6.145
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://coccusadmanlob.com/t3tgUSTlRzMe6Sv/23826
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 172.255.6.145 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *

GET
H2 200 qJpGKf7.png
i.imgur.com/ 17 KB
17 KB 75ms
24ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qJpGKf7.png

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

afc64d8345a0c5e5fe8f866056f6e594bae4a885ef8bc44a37de95dd9eaae157

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
x-content-type-options: nosniff
age: 3031519
x-cache: HIT, HIT
content-length: 17527
x-served-by: cache-bwi5125-BWI, cache-fra19172-FRA
last-modified: Tue, 05 Nov 2019 17:14:35 GMT
server: cat factory 1.0
x-timer: S1613134857.027922,VS0,VE0
etag: "e44ce2565aa2068add8081e038f0a55b"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 161

GET
H2 200 async.js Show response
cdn.adtrue.com/rtb/ 7 KB
3 KB 47ms
19ms Script
application/x-javascript 2606:4700:10::ac43:607
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/async.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:607 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 16 Nov 2020 01:20:45 GMT
server: cloudflare
age: 7644275
etag: W/"5fb1d3ed-1c9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 62067ed8cf9dd6e5-FRA
cf-request-id: 0837ed9b7d0000d6e58d9c7000000001
expires: Thu, 11 Nov 2021 01:36:22 GMT

GET
H2 200 email-decode.min.js Show response
shrinke.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 10ms
10ms Script
application/javascript 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 0837ed9a1b00001752e224a000000001
last-modified: Tue, 09 Feb 2021 14:27:54 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"60229bea-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TWZNAos%2BMT2agcGdZFSHFD%2Frt%2F5WgQaRcyIe7ZMQ978tYrArdMlsROy1yv491RtiBez%2B9bbvrSvWUN6G98RO%2F9siuG8EdC06Dz3xhW6Sg4gmcZqoXdbP"}]}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 62067ed698501752-FRA
expires: Sun, 14 Feb 2021 13:00:56 GMT

GET
H2 200 ads.js Show response
shrinke.me/js/ 191 B
463 B 13ms
12ms Script
application/javascript 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/js/ads.js

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

347f6365abfcb020615486b3d7e0a6021a507bc720e5fc70efb8bacce6a160ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 954967
cf-request-id: 0837ed9a27000017525c3c1000000001
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bf-5a22587d62000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XrmiyirYgX62YONwUgyEx0CHpS2vfT4Is1V2LX%2FVO6Zn51Iqu3rrT%2BqFzTjKDcAk7%2FK9Y8XPrrG%2BfPD26wbW28LVHmMynSO4fNU9w7BojzI5wd%2F6jgVP"}]}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cf-ray: 62067ed6a8721752-FRA
expires: Wed, 03 Mar 2021 11:44:49 GMT

GET
H2 200 script.min.js Show response
shrinke.me/modern_theme/build/js/ 202 KB
57 KB 26ms
26ms Script
application/javascript 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/modern_theme/build/js/script.min.js?ver=6.4.0

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

852593ea1830ce3d6821822385a17af199442f4938b588ed7c84942c351d9f16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1342704
cf-request-id: 0837ed9a340000175230368000000001
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"32956-5a22587d62000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ascpgVN7h%2BdoCjImx02wv1jVJW4%2Bu5a7I77DF3PWAkUxpJ54y1gEtXUNtup0DzSaFrtgVq8Vli15NgYgQpjaw5WRmtwPQmftx4DyRI%2FdSlZOCz%2FhTD1L"}]}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cf-ray: 62067ed6b8991752-FRA
expires: Sat, 27 Feb 2021 00:02:32 GMT

GET
H2 200 api.js Show response
www.recaptcha.net/recaptcha/ 918 B
995 B 35ms
15ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d660f69e7f169ee61549e833b2813e85ae12163ca1d0de1940fb2c64cf916b67

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 578
x-xss-protection: 1; mode=block
expires: Fri, 12 Feb 2021 13:00:57 GMT

GET
H2 200 Z3R4QzccVgs0aBIGFGENRRwMN0cUTldsRA8GES1cAloVJhgUA1YpREVYWjBaAVZCchtFABkkaA4QWnkVUE1KcQ5eVlRhRBIWJypTVVZCYVFWEksgDgZHVXRVUkxVdwUETVV7AgJEVScOBkJBIgRTRxxyDkUJ Show response
leaderhistliness.info/ 116 KB
45 KB 381ms
129ms Script
application/javascript 52.86.219.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://leaderhistliness.info/Z3R4QzccVgs0aBIGFGENRRwMN0cUTldsRA8GES1cAloVJhgUA1YpREVYWjBaAVZCchtFABkkaA4QWnkVUE1KcQ5eVlRhRBIWJypTVVZCYVFWEksgDgZHVXRVUkxVdwUETVV7AgJEVScOBkJBIgRTRxxyDkUJ
Requested by: Host: shrinke.me
URL: https://shrinke.me/sw.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.86.219.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-86-219-129.compute-1.amazonaws.com
Software: / Express
Resource Hash: 5104ed92ddc4674d42218fd3c09c9e4445c2685ccb459095dd3cc53c72a4a584

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-encoding: gzip
etag: W/"1cfbd-V1z3134We5PR+NjKU2e4YnYdJhs"
x-powered-by: Express
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With,content-type

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137383949-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5750
date: Fri, 12 Feb 2021 11:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 12 Feb 2021 13:25:07 GMT

GET
H/1.1 500
Internal Server Error 1844b8e470c024a415cff51a0843d71c.js
brittleformat.com/18/44/b8/ 0
0 357ms
120ms Script
text/html 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://brittleformat.com/18/44/b8/1844b8e470c024a415cff51a0843d71c.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 / Show response
tag.vlitag.com/v3/1612888847/ 429 KB
91 KB 42ms
35ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=b696d0f5c06dbd9fd83feb568718537b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26bea19366cc98705b61264475579224fec851bf5d81906f85cc0f265f14f52e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 246004
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=159qkCtuZAcTUWpEOh0Nzz6R%2FHfC6U1anxUxrMAyLWgNpQCoB6fQqO1A6yVWYtasUUbX8FekCu0ZUh6cI5LotSVeth3dzT2WGIIFbSSi5QsfRnkLkd%2F4%2BZ6VnQ%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript; charset=utf-8
x-sv: 157.114
cache-control: public, max-age=31536000, immutable
cf-request-id: 0837ed9c4100002bc2a53ce000000001
cf-ray: 62067eda0d422bc2-FRA

GET
H2 200 header9.webp
shrinkme.io/ 127 KB
128 KB 13ms
12ms Image
image/webp 2606:4700:3036::6815:3aec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shrinkme.io/header9.webp

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:3aec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd3fb9c39fddd8aba2e4c7af555aeb970686c92304fba3ff4850901ec3e1ff53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8660004
content-length: 130482
cf-request-id: 0837ed9c4000004aaf7e0a5000000001
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "1fdb2-5a22587d62000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BqXIQTlahgrX7Qk2E5LMkSbiT2RsgnGrXIuACBwxcVsPn0dc2u5dMroD7IuW8KK0i9QIajX8A7XMtQxnEUcv7M4qf%2Fx%2BbtGaG1kP0rEBiVBBLG%2BfDfbnCg%3D%3D"}]}
content-type: image/webp
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 62067eda09ad4aaf-FRA
expires: Thu, 04 Nov 2021 07:27:33 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v15/ 13 KB
13 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 07 Feb 2021 15:30:55 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:14 GMT
server: sffe
age: 423002
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13708
x-xss-protection: 0
expires: Mon, 07 Feb 2022 15:30:55 GMT

GET
H2 200 fontawesome-webfont.woff2
shrinke.me/modern_theme/build/fonts/ 75 KB
76 KB 20ms
18ms Font
font/woff2 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shrinke.me/modern_theme/build/fonts/fontawesome-webfont.woff2

Requested by

Host: shrinke.me
URL: https://shrinke.me/modern_theme/build/css/styles.min.css?ver=6.4.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://shrinke.me
Referer: https://shrinke.me/modern_theme/build/css/styles.min.css?ver=6.4.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3372
content-length: 77160
cf-request-id: 0837ed9c4400001752601e0000000001
last-modified: Tue, 31 Mar 2020 12:16:00 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "12d68-5a22587d62000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7v9YBwga1iCG1g04T3MBTknr9p2JlGAUBZ3SOX12sMMSLD3yqPr8CAWn4VBxR2i1GTX17zy4rhSu2%2Bxha6tiAQi1%2BZKfkZqtERO27VhcAQkhEqU6KVgY"}]}
content-type: font/woff2
x-xss-protection: 1; mode=block
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 62067eda0dee1752-FRA

GET
H3-Q050 200 7Auwp_0qiz-afTLGLQjUwkQ.woff2
fonts.gstatic.com/s/muli/v22/ 24 KB
24 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQjUwkQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a71c8749cc0bb450f96766d4cab3b2b9c4d5a9b30c3683f3a5863d8d2ed9c9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:20:30 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Jul 2020 20:49:47 GMT
server: sffe
age: 333627
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24884
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:20:30 GMT

GET
H2 200 impress Show response
exchange.adtrue.com/delivery/ Frame 6B05 4 KB
4 KB 781ms
373ms Script
application/javascript 35.165.113.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20034&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cb=4067329134&timeZone=1&adWidth=300&adHeight=250&loc=https://shrinke.me/HOTSTARNETFLIXPREMIUM
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.165.113.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-165-113-112.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 15733d86dfd3a4e96ad3e1550ddf4b675c3258e04a90160b66717fdf0e268175

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: nginx
x-adtrue-instance: java3
content-length: 4243
content-type: application/javascript

GET
H2 200 impress Show response
exchange.adtrue.com/delivery/ Frame FA4B 4 KB
4 KB 600ms
197ms Script
application/javascript 35.165.113.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20033&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cb=4067329134&timeZone=1&adWidth=300&adHeight=250&loc=https://shrinke.me/HOTSTARNETFLIXPREMIUM
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.165.113.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-165-113-112.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 2706c68f0020ae3356940db5dfc1eec2a0a2ea7251702e7a1a9e0c0762de3d22

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: nginx
x-adtrue-instance: java2
content-length: 4243
content-type: application/javascript

GET
H2 200 HOTSTARNETFLIXPREMIUM
shrinke.me/ 21 KB
21 KB 57ms
56ms Image
text/html 2606:4700:3035::ac43:9770
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shrinke.me/HOTSTARNETFLIXPREMIUM

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:9770 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 0837ed9c80000017523d3d1000000001
pragma: no-cache
x-robots-tag: noindex, nofollow
server: cloudflare
x-frame-options: SAMEORIGIN, SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FDsnXYp9rDUXR33SXnGf7KoquBBunUeYCJeze2uZosSXgsQyHXpEkSwa%2Fob2mmKUkqgfTqH424QjRf0dLw33nb9%2BgXH5cGvKvdw4UZ%2FLIeL2dO6uFGRS"}]}
content-type: text/html; charset=UTF-8
x-xss-protection: 1; mode=block
cache-control: no-store, no-cache, must-revalidate
cf-ray: 62067eda6e671752-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3-Q050 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v15/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_vx3rCs.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c6cf0709b8e52572cae1fb57128acd0a5a453c9ce99dc3712a1860ff90c6bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:300,300i,400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 20:12:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:15 GMT
server: sffe
age: 319713
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13612
x-xss-protection: 0
expires: Tue, 08 Feb 2022 20:12:24 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
384 B 48ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=119422037&t=pageview&_s=1&dl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&ul=en-us&de=UTF-8&dt=ShrinkMe.io&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=498846133&gjid=179651360&cid=1768211098.1613134857&tid=UA-137383949-1&_gid=1157360275.1613134857&_r=1&gtm=2ou230&z=961933602

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ 332 KB
332 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Requested by

Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:05 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 52
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 339515
x-xss-protection: 0
expires: Sat, 12 Feb 2022 13:00:05 GMT

GET
H2 200 page_status Show response
services.vlitag.com/ 19 B
724 B 133ms
116ms XHR
application/json 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://services.vlitag.com/page_status?url=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41ef556b0a4f4bdd486a106c3c90f6b5b89889c3f5040af4028e81c9837994ec

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-sv: 157.114
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VNIk04AHNfxsVz8r6R%2BjUwvrrvpMOT%2BkyAbnWdge%2Fkh09quDA1Xe3DvK3iyT0YX6mxLZpSnH8Pqc5z1aYzmFRxYQIJ8llx6uzzWc62uEwAffYXqmnjd%2Fvd%2FnnsTQsAWq"}]}
content-type: application/json
access-control-allow-origin: https://shrinke.me
x-xss-protection: 1; mode=block
cf-ray: 62067edb0c384a9d-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19
cf-request-id: 0837ed9ce900004a9de7954000000001

GET
H2 200 cmp-v2.0.1.js Show response
assets.vlitag.com/plugins/cmptcf2/ 267 KB
68 KB 35ms
23ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1245639
cf-polished: origSize=489839
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837ed9cf700002bc2898be000000001
x-robots-tag: noindex, nofollow
last-modified: Tue, 29 Dec 2020 02:18:12 GMT
server: cloudflare
etag: W/"5fea91e4-7796f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gjfpbJGKMQaAfnO2Nc4C7nMb6nxTLifXSnXt4v7FXMxUg3M%2FQSd3EyKiJAOSAQdOJkvN3gyAV8%2BxMkfPUlXlXbLcJFGnWDAEIEQ5PlbgPJAEkylQSky%2BgzpV0jyw6A%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 62067edb2f972bc2-FRA
expires: Fri, 29 Jan 2021 03:30:18 GMT

GET
H2 200 prebid-v4.24.0.js Show response
assets.vlitag.com/prebid/default/ 382 KB
109 KB 46ms
34ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57a72cc0bb0e27083090874f0b03240ebd96eabf5a8515abdfa4defcfa7acbda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 247660
cf-polished: origSize=390907
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837ed9cf900002bc2961e2000000001
x-robots-tag: noindex, nofollow
last-modified: Tue, 09 Feb 2021 16:13:11 GMT
server: cloudflare
etag: W/"6022b497-5f6fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DnFRqLwfpuFRFR2fkrMQgoF9TuNorZ0u9HVVqodQvFHedEcwh58Vsx2j%2F8DOsvmU7b52kQJABG5cT437iSuPaGltPVhkRN8ebhhJ12poXzJMJrwWgBNynFXGhqD0Kg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 62067edb2f942bc2-FRA
expires: Tue, 09 Feb 2021 16:43:17 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 57 KB
20 KB 64ms
43ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10965bfa7fe5b2adc40fbf925d577f4420f0d2b7a88b46c506be4c07d725046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "781 / 202 of 1000 / last-modified: 1613132208"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 19522
x-xss-protection: 0
expires: Fri, 12 Feb 2021 13:00:57 GMT

GET
H2 200 viPlayer_v42.min.js Show response
assets.vlitag.com/plugins/vlPlayer/ 13 KB
5 KB 24ms
12ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/vlPlayer/viPlayer_v42.min.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbeb241324f4c3e889518c86ec74c1f6f634fff0c6f23f8c5af28273b8f31112

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2361360
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837ed9cf700002bc2819b9000000001
x-robots-tag: noindex, nofollow
last-modified: Thu, 26 Nov 2020 03:46:23 GMT
server: cloudflare
etag: W/"5fbf250f-33d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Xn6YEsQBNWlsakrWDCokjHvOg1gIxdQDz6Q1ILpCsfWbaNz8OddBgzoXBkixJZcgSDoGkftKem7ikQqAL4u%2FhUc7I4enPgvXWH0edFw5sAqPRYkygDNhDauf3ugy0w%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 62067edb2f962bc2-FRA
expires: Sat, 16 Jan 2021 05:34:57 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 322 KB
112 KB 34ms
13ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fec14b132aa8f5c290a39129469655fb29aeed7faf69a4d628c34cc667812988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113725
x-xss-protection: 0
expires: Fri, 12 Feb 2021 13:00:57 GMT

GET
H2 200 sf_host.min.js Show response
assets.vlitag.com/plugins/safeframe/src/js/ 38 KB
16 KB 26ms
15ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2361360
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837ed9cf700002bc246b5f000000001
x-robots-tag: noindex, nofollow
last-modified: Fri, 01 Nov 2019 05:04:50 GMT
server: cloudflare
etag: W/"5dbbbcf2-9806"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SttggDxgbuy%2FIL9WhqzmQwWgEjQgEHwkjU%2BTNVQ6FK3%2Bu9e7zUmtIM0aogebi7S27XZrchZgzLbRC83YsPZmv6o6ZZZLQTuwFS4DCqJf9ppX%2B9fY6a5lLbEKNdHtkQ%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 62067edb2f992bc2-FRA
expires: Sat, 16 Jan 2021 05:34:57 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
84 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-137383949-1&cid=1768211098.1613134857&jid=498846133&gjid=179651360&_gid=1157360275.1613134857&_u=IEBAAUAAAAAAAC~&z=1550416790

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 12 Feb 2021 13:00:57 GMT
content-type: text/plain
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame A0DF 21 KB
12 KB 31ms
31ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c8fb7445e49686cc6bc32d8312e457d33c75693dee406e07c37f747f2c399928

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tlDg3jEeCh0MgV+bUP+Bwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 12 Feb 2021 13:00:57 GMT
content-security-policy: script-src 'report-sample' 'nonce-tlDg3jEeCh0MgV+bUP+Bwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11583
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-137383949-1&cid=1768211098.1613134857&jid=498846133&_u=IEBAAUAAAAAAAC~&z=2117094993

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 18ms
18ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-137383949-1&cid=1768211098.1613134857&jid=498846133&_u=IEBAAUAAAAAAAC~&z=2117094993

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_2021021001.js Show response
securepubads.g.doubleclick.net/gpt/ 288 KB
102 KB 114ms
57ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021001.js?31060146

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

c11fb9ac4922e75ae9e0a017f41ae36febd8a185834b7bb608e9049ebe68da62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 10 Feb 2021 15:07:43 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103470
x-xss-protection: 0
expires: Fri, 12 Feb 2021 13:00:57 GMT

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 1 KB
1 KB 19ms
6ms XHR
application/json 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210212

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

addb634cee9c6ba10eeeb8b3a6815fc5242607469028cec3bfffec76a851a63f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 7296
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 764
etag: W/"539-eMP4/fLJ72Z6syP3R1OgYg76+Zo"
x-served-by: cache-fra19121-FRA, cache-hhn4068-HHN
date: Fri, 12 Feb 2021 13:00:57 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 /
logs.vlitag.com/slots/ 0
441 B 131ms
118ms Image
image/jpeg 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logs.vlitag.com/slots/?d=8509&url=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&slots=%7B%22970_250%22%3A1%2C%22320_100%22%3A2%7D
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n1ipPBpNiEBU724pm9jnQQIFtI5LtBYa%2FYDwyMzRebTUY8qEVsSjRnWziG1V%2F9U6JiDfHvSMsMa4cbQ8UbQ%2BNqOWu3%2F8LLuc2NEPPFbWWWeWPn8YKGvvmF7dOYc%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: image/jpeg
cache-control: public, max-age=31536000
cf-ray: 62067edc19a92bc2-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 0837ed9d8f00002bc2a3123000000001

GET
H2 200 /
logs.vlitag.com/sub/ 0
267 B 245ms
232ms Image
image/jpeg 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://logs.vlitag.com/sub/?d=shrinke.me&h=shrinke.me
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tbMNSP35RZb7IqB7GoYCDPzKbl7mJgLuayyO%2Ba2uf19v7%2Fw2AmpxqUZ6Rvwn5%2BkRwuXs3Ny9ZSno17H%2Fllxk%2BUpSOO0BHefMpOcFIIWhopjNYU%2BbytfL7tSroOY%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: image/jpeg
cache-control: public, max-age=31536000
cf-ray: 62067edc19ac2bc2-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 0837ed9d8f00002bc27bb92000000001

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame A0DF 50 KB
25 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 09:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 12941
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Sat, 12 Feb 2022 09:25:16 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame A0DF 332 KB
332 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:05 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 52
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 339515
x-xss-protection: 0
expires: Sat, 12 Feb 2022 13:00:05 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
710 B 117ms
44ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:00:57 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.138:80
AN-X-Request-Uuid: 58a231b2-9b07-4833-af11-98b368a25f65
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
738 B 132ms
116ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://shrinke.me
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HNhQx5gM2Zu9IdkeeILtfMqEUyHxa2ufAzblvgLCdaW3NTG32HS%2B8XkU98zKXq2u%2Bx4F6RTRX%2FrQKx5KPT%2BpkOPfmcUjhqF6zydl7QGBctTLuU9%2BYSQl2Iwpx%2FO1gQeq2A%3D%3D"}]}
access-control-allow-credentials: true
cf-ray: 62067edc3beb4a67-FRA
cf-request-id: 0837ed9da000004a678fb1a000000001

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
372 B 130ms
118ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://shrinke.me
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VV0s1Qp%2FlfJwZAKYsmUGpsPdAbc2LEYYLi1vVhy0gsZ%2BfHPRFmfQcH%2Fg5eBbDqJ%2BVdBGZ93kSdNVHZNJr3WrxPYksthTt5xw2VwcPcopP7zzjlin%2FhMIoWV7xtaOMLFyJw%3D%3D"}]}
access-control-allow-credentials: true
cf-ray: 62067edc3bed4a67-FRA
cf-request-id: 0837ed9da000004a67d10ce000000001

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
710 B 140ms
68ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:00:57 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.109:80
AN-X-Request-Uuid: 498d6637-ce01-44a6-a24b-57ea35cd6ec0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
140 B 115ms
37ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.24.0&cb=86394985116
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
708 B 113ms
42ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:00:57 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.9:80
AN-X-Request-Uuid: eec7a525-ae1e-4167-9c52-7a79f280a45e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
172 B 97ms
34ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 , Poland, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
367 B 117ms
116ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://shrinke.me
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dP1X7FN0jDxdOTSCby%2FyLssrGGMs382LlRRzWtJjIidAQ0JeGwbAH3VHeyeBpNwIEOQcVVZ2IMnk2mK1etKjQFpaf7jKUZzglkejEYiOE0CoArx%2BJy5myKaAFTCgzOuLkQ%3D%3D"}]}
access-control-allow-credentials: true
cf-ray: 62067edc4c014a67-FRA
cf-request-id: 0837ed9da900004a67bb97e000000001

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/
Redirect Chain

https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbj...
https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&...

369 B
781 B

41ms
41ms

XHR
application/json

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Renswoude, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 0e7ca60c8d864be7d018edd098e99d8c4b03133059d1c61c49bce052c7ff12e4

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://shrinke.me
expires: Fri, 12 Feb 2021 13:00:57 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 369
x-sid: AMS-606

Redirect headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: openresty
access-control-allow-origin: https://shrinke.me
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-606

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/
Redirect Chain

https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?rnd=0.33219505521269155&e=728x90_0%3A728x90%2C970x250%2C970x90%2C468x60%2C970x66%2C930x180%2C950x90%2C960x90%2C750x100&ur=https%3A%2F%2Fshr...
https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=728x90_0%3A728x90%2C970x250%2C970x90%2C468x60%2C970x66%2C930x180%2C950x90%2C960x90%2C750x100&ur=https%3A%2F%...

381 B
792 B

41ms
40ms

XHR
application/json

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=728x90_0%3A728x90%2C970x250%2C970x90%2C468x60%2C970x66%2C930x180%2C950x90%2C960x90%2C750x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Renswoude, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 33293033e8eb5702c84050917bb243b5552ebff0df23c681a175a16028e0bbb6

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://shrinke.me
expires: Fri, 12 Feb 2021 13:00:57 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 381
x-sid: AMS-606

Redirect headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: openresty
access-control-allow-origin: https://shrinke.me
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=728x90_0%3A728x90%2C970x250%2C970x90%2C468x60%2C970x66%2C930x180%2C950x90%2C960x90%2C750x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-606

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
172 B 86ms
36ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 , Poland, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
710 B 111ms
40ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:00:57 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.154:80
AN-X-Request-Uuid: 970a20fa-f545-4b84-bad8-f9e3c7b5337c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
373 B 117ms
116ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://shrinke.me
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rNqbzhQ3JEJyCITyw7zDVX%2FN9uu%2FDWk4A84lNcjTu%2Bu1DR7dIqsNILijo3amIybWvddnTCxLzuUJQ%2FCZ67SU%2FV5eqDRdMg7X0WYsGtXhW4QO7ba05DDh4rfjgimuxI1SmA%3D%3D"}]}
access-control-allow-credentials: true
cf-ray: 62067edc5c1c4a67-FRA
cf-request-id: 0837ed9db400004a6784977000000001

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
140 B 99ms
38ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.24.0&cb=1992445558
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:56 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
DATA 200
OK truncated
/ Frame A0DF 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A0DF 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame A0DF 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 12:56:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 86667
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Thu, 18 Feb 2021 12:56:30 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A0DF 10 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 333346
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:11 GMT

GET
H3-Q050 200 SGJ4Xo5vMuWCkA4ToaEsHzMtrgEPqOGxfvvNYXokBxs.js Show response
www.google.com/js/bg/ Frame A0DF 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/SGJ4Xo5vMuWCkA4ToaEsHzMtrgEPqOGxfvvNYXokBxs.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4862785e8e6f32e582900e13a1a12c1f332dae010fa8e1b17efbcd617a24071b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 02:49:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 11:30:00 GMT
server: sffe
age: 123068
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6346
x-xss-protection: 0
expires: Fri, 11 Feb 2022 02:49:49 GMT

GET
H3-Q050 200 webworker.js
www.google.com/recaptcha/api2/ Frame A0DF 102 B
180 B 20ms
17ms Other
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

050be014144f5a95d8be13335084810c845e1e74e93337420cb3f2960f976966

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&co=aHR0cHM6Ly9zaHJpbmtlLm1lOjQ0Mw..&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=he689susizm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Fri, 12 Feb 2021 13:00:57 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
709 B 82ms
82ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:00:57 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.57:80
AN-X-Request-Uuid: cf5718d4-89f5-47f2-ba2f-e70f6bba3d4a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
271 B 121ms
120ms XHR
text/plain 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: https://shrinke.me
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M%2BhPYYoWOm8PCdt3oX1xPltunBtP6myQAEkf%2B6HpYn1LPpaG6BX9DnVvTzJgZD8otaM1qC8CMHMAJkQWO2Tp9TNHrX6BeclA7QUAqG6DRRlpMg8%2BQza1QnfTbDyrexauCA%3D%3D"}]}
access-control-allow-credentials: true
cf-ray: 62067edd3de14a67-FRA
cf-request-id: 0837ed9e4100004a67a38e1000000001

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
140 B 48ms
48ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.24.0&cb=5868338482
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
172 B 35ms
35ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 , Poland, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/
Redirect Chain

https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbj...
https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&...

381 B
699 B

39ms
39ms

XHR
application/json

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Renswoude, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ad37c66c1639bfc488c442af10cdb9a6e5a9e06044bd8395e013ca0bc47a018d

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://shrinke.me
expires: Fri, 12 Feb 2021 13:00:57 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 381
x-sid: AMS-606

Redirect headers

date: Fri, 12 Feb 2021 13:00:57 GMT
server: openresty
access-control-allow-origin: https://shrinke.me
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c995/1/shrinke.me/ROS?ct=1&rnd=0.33219505521269155&e=320x50_0%3A320x50%2C320x100%2C300x75%2C300x31%2C300x100&ur=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&r=pbjs&pbv=4.24.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&gdpr=1&gdprcs=
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-606

GET
H3-Q050 200 bframe Show response
www.google.com/recaptcha/api2/ Frame E6E0 7 KB
1 KB 21ms
20ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&cb=lqn18mtmaw3v

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ef6a644875ca38d0867232eb9a01df80f7e275565c8a280a7f651ce6b9bd5b47

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tRoxEbXSU/GyxO9wuxCIyg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&cb=lqn18mtmaw3v
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 12 Feb 2021 13:00:57 GMT
content-security-policy: script-src 'report-sample' 'nonce-tRoxEbXSU/GyxO9wuxCIyg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1122
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
tag.vlitag.com/passback/ Frame B608 195 B
528 B 14ms
14ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.vlitag.com/passback/?t=1612888847&d=8509&z=29440&divID=vi_850929440_166&w=970&h=250

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1b65da7e1759e98a2f61c7c52b78089e03473fbfa1fe85e8891e3255cbbf9f5

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 222628
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zFIwBZ0zUxBuGVfPC4dnve4jW7BW4ISXFrmsGLVnCrr2X14IR6KKbHX3dmXfwbiBekq6Rb5r5%2F5ijjv2AgIQH%2BpNU2F89oTI2H0l12areRO1ZDnZe7gdODZhCQ%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript; charset=utf-8
x-sv: 157.114
cache-control: public, max-age=31536000, immutable
cf-request-id: 0837ed9e9600002bc2a222c000000001
cf-ray: 62067eddbcdb2bc2-FRA

GET
H2 200 /
stats.vlitag.com/pi/ 0
462 B 130ms
123ms Image
image/jpeg 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.vlitag.com/pi/?e=zdNqTByBwYt-KqUq-Pryw-wwBA-qKtqMMtAKUytRzNhqllwqe0RrNMZAaRmNYaPPARrcorNco_MZAaYaPPA_TUURrtNRcsokty_orN
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9mFA3Hli2sKZi3CIABemTJqKHeeR2kMsQzamhkcCmvf4wbW1NmkGcABKyYq9NngIw8QdVAwRc4y9NUBipxS3h7wzEXBQiSq1ByUTK0jThkdRzwpHmeRvQm26ssm9"}],"max_age":604800,"group":"cf-nel"}
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
cf-ray: 62067eddccf62bc2-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 0837ed9ea000002bc246b87000000001

GET
H2 200 / Show response
tag.vlitag.com/passback/ Frame C029 197 B
436 B 17ms
16ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.vlitag.com/passback/?t=1612888847&d=8509&z=29441&divID=vi_850929441_357&w=320&h=100

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecebd072da484574bae3ad8fbd2dda03529d4e5716486df4fdde5820cab09931

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 235877
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DN0BmKSoNQIZPIyYGpt%2BwKGXl4HgJpnRhvn9NxvmH9VUW9fM9NMmlckg30tu0pcrRSRI0mCQNDqBJjfQ53W0JYdrgHO7OTVr0TMrBuewT5J1uekb6HYUw1ZXlg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript; charset=utf-8
x-sv: 157.114
cache-control: public, max-age=31536000, immutable
cf-request-id: 0837ed9e9f00002bc274af9000000001
cf-ray: 62067eddccf32bc2-FRA

GET
H2 200 /
stats.vlitag.com/pi/ 0
295 B 117ms
117ms Image
image/jpeg 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.vlitag.com/pi/?e=zdNrTwKZTYA-KKqZ-PMwq-aeKZ-treTBKUwKAZMRzNhqllwqe0RrNMZAaRmNYaPPTRrcorNco_MZAaYaPPT_BZKRrtNRcsokty_orN
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hhw6R%2FICMogbHMZz5WjpbKQq8nW%2B9r8tbBEKCkZdmvCdvFKI0Zp%2BZlcNK6mt03%2BU0yRL63s3FxIRlH%2BifL%2FYU3YXV%2B0rt8LxxZ2VPIwe4JBup9upIYZbwziwJFGC"}],"max_age":604800,"group":"cf-nel"}
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
cf-ray: 62067eddccf92bc2-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 0837ed9ea000002bc2461e7000000001

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ Frame 3A2F 97 KB
38 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-128776493-27

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aaa89acf61e2311bffc6e1d59704a249953aee63c46ebfb301f277c1a91bb224

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39103
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 12 Feb 2021 13:00:57 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ Frame F52A 97 KB
38 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-128776493-27

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5da1abfbd817c76c4632db9e256da7b12cffdb719c409a8d2236fbf72bd7b204

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39103
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 12 Feb 2021 13:00:57 GMT

GET
H2 200 / Show response
tag.vlitag.com/passback/ Frame 32FD 197 B
448 B 18ms
17ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.vlitag.com/passback/?t=1612888847&d=8509&z=29441&divID=vi_850929441_644&w=320&h=100

Requested by

Host: tag.vlitag.com
URL: https://tag.vlitag.com/v3/1612888847/?q=b696d0f5c06dbd9fd83feb568718537b&n=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecebd072da484574bae3ad8fbd2dda03529d4e5716486df4fdde5820cab09931

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 75874
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yaOBzoyRCHBczFuLaJ9Nzr%2FC2EmkzqaHbGhfZkI94xGRVQStoHstcLRhrRq0AOFx4%2F%2Fs0NoR%2BJpygpVo6L%2F6ygH7dN7QjtFEUAhhjxgh9j9N%2FXxVVMfQSYckvQ%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript; charset=utf-8
x-sv: 1.210
cache-control: public, max-age=31536000, immutable
cf-request-id: 0837ed9ece00002bc27239b000000001
cf-ray: 62067ede1db52bc2-FRA

GET
H2 200 /
stats.vlitag.com/pi/ 0
386 B 114ms
114ms Image
image/jpeg 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stats.vlitag.com/pi/?e=zdNrZtUaKBM-UUwt-Pryw-qyer-AeqqrBUBTyYURzNhqllwqe0RrNMZAaRmNYaPPTRrcorNco_MZAaYaPPT_UPPRrtNRcsokty_orN
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bIoSAELwKT3Yemud%2BoK3dsp9gqoohOag34RccheS4l7jWuRCL7XDMN7WPl%2FsfxE23TK3X70UghPMWiIgfDY10Y61VpOnK%2FI7cJBVceKfXV%2BKbNkGdDFtSuWHYEWU"}],"max_age":604800,"group":"cf-nel"}
content-type: image/jpeg
cache-control: no-cache, no-store, must-revalidate
cf-ray: 62067ede1db82bc2-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
cf-request-id: 0837ed9ecd00002bc27bba9000000001

GET
H2 200 shrinke.me.992723.js Show response
jsc.adskeeper.com/s/h/ Frame B608 234 KB
69 KB 31ms
15ms Script
text/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.com/s/h/shrinke.me.992723.js
Requested by: Host: tag.vlitag.com
URL: https://tag.vlitag.com/passback/?t=1612888847&d=8509&z=29440&divID=vi_850929440_166&w=970&h=250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 310ced7d1a5809948d863ad31334d59e2e0fc20d627e4320e1ef179367e4b268

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1781
cf-ray: 62067ede38124a67-FRA
content-length: 70012
x-amz-id-2: 9XNGzWYah2SHZ26cHjhxGuOQLb/ncHfMYz1CbKuojawDQ0+LpUg/bprpf9Q2HNBpE58Sufc1ptw=
last-modified: Thu, 11 Feb 2021 10:13:07 GMT
server: cloudflare
etag: "034df3511cf9446cd794bca76710a4e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: D87FC95F7E75434D
cache-control: public, max-age=14400
cf-request-id: 0837ed9ede00004a678e085000000001
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 12 Feb 2021 17:00:57 GMT

GET
H2 200 shrinke.me.1062925.js Show response
jsc.adskeeper.com/s/h/ Frame C029 226 KB
67 KB 37ms
22ms Script
text/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Requested by: Host: tag.vlitag.com
URL: https://tag.vlitag.com/passback/?t=1612888847&d=8509&z=29441&divID=vi_850929441_357&w=320&h=100
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91986e60f6cd1ee57cc6fcb34c702521f028f350e14c23545e20f9b37bac45e7

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5425
cf-ray: 62067ede38154a67-FRA
content-length: 67920
x-amz-id-2: x0GBzoVmAjLzI9L4Y8U70+5c4Q/mgUDZwuvN6hn+KWQJIl+ORxGfz35Wmzuyk5Ecxk6eE96cNCo=
last-modified: Thu, 11 Feb 2021 10:47:53 GMT
server: cloudflare
etag: "f99f7d32a104cda09931709e60e605af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: FA96881AD6004263
cache-control: public, max-age=14400
cf-request-id: 0837ed9edf00004a67db2d8000000001
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 12 Feb 2021 17:00:57 GMT

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame E6E0 50 KB
25 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&cb=lqn18mtmaw3v

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&cb=lqn18mtmaw3v
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 09:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 12941
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Sat, 12 Feb 2022 09:25:16 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame E6E0 332 KB
332 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&cb=lqn18mtmaw3v

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6Ld2tZgUAAAAANd3fPgc_aw6fvtoDDJGmzsZX0cA&cb=lqn18mtmaw3v
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:05 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 52
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 339515
x-xss-protection: 0
expires: Sat, 12 Feb 2022 13:00:05 GMT

GET
H2 200 prebid.js Show response
cdn.adtrue.com/pb/ Frame FA4B 257 KB
82 KB 17ms
16ms Script
application/x-javascript 2606:4700:10::ac43:607
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/pb/prebid.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20033&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cb=4067329134&timeZone=1&adWidth=300&adHeight=250&loc=https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:607 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4259dbb0191c97a891b857a18b128a117310364e59726cff9eb639dcd22023b

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 21 Aug 2020 05:31:13 GMT
server: cloudflare
age: 8758246
etag: W/"5f3f5c21-405dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 62067ede281fd6e5-FRA
cf-request-id: 0837ed9ed80000d6e589991000000001
expires: Fri, 29 Oct 2021 04:10:11 GMT

GET
H2 200 request Show response
track.adtrue.com/track/ Frame F2C5 662 B
756 B 614ms
200ms Document
text/html 34.209.29.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.adtrue.com/track/request?pzoneid=20033&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20033&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cb=4067329134&timeZone=1&adWidth=300&adHeight=250&loc=https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.209.29.143 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-209-29-143.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 2610fe2184436d61ecf9b0e225eb7aad9b3adceecd49cb9f7494786322be2c0d

Request headers

:method: GET
:authority: track.adtrue.com
:scheme: https
:path: /track/request?pzoneid=20033&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-type: text/html
content-length: 662
server: nginx
x-host-name: java4

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame 3A2F 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-128776493-27

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5750
date: Fri, 12 Feb 2021 11:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 12 Feb 2021 13:25:07 GMT

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame F52A 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-128776493-27

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5750
date: Fri, 12 Feb 2021 11:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 12 Feb 2021 13:25:07 GMT

GET
H2 200 shrinke.me.1062925.js Show response
jsc.adskeeper.com/s/h/ Frame 32FD 226 KB
66 KB 13ms
11ms Script
text/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Requested by: Host: tag.vlitag.com
URL: https://tag.vlitag.com/passback/?t=1612888847&d=8509&z=29441&divID=vi_850929441_644&w=320&h=100
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91986e60f6cd1ee57cc6fcb34c702521f028f350e14c23545e20f9b37bac45e7

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:57 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5425
cf-ray: 62067ede58a34a67-FRA
content-length: 67920
x-amz-id-2: x0GBzoVmAjLzI9L4Y8U70+5c4Q/mgUDZwuvN6hn+KWQJIl+ORxGfz35Wmzuyk5Ecxk6eE96cNCo=
last-modified: Thu, 11 Feb 2021 10:47:53 GMT
server: cloudflare
etag: "f99f7d32a104cda09931709e60e605af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: FA96881AD6004263
cache-control: public, max-age=14400
cf-request-id: 0837ed9efa00004a679729c000000001
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 12 Feb 2021 17:00:57 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame B608 2 KB
988 B 61ms
48ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:10:29 GMT
server: ESF
date: Fri, 12 Feb 2021 13:00:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
DATA 200
OK truncated
/ Frame B608 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d98d7a81b2cc1e6b36d75db78826771fed2ddbe50ab593bea89ba19d6e6f7cb4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame FA4B 0
112 B 157ms
89ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame FA4B 19 B
710 B 109ms
37ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:00:58 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.240:80
AN-X-Request-Uuid: 8bbe0bde-b66d-4019-8f59-3fecbb13c4a6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame FA4B 0
140 B 38ms
38ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.4.0&cb=69414411175
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ Frame 3A2F 1 B
49 B 13ms
13ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=729418557&t=pageview&_s=1&dl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&ul=en-us&de=UTF-8&dt=noBid_shrinke.me_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=shrinke.me&cm=noBid&cc=Default&_u=AACAAUABAAAAAC~&jid=2115797646&gjid=432146329&cid=1768211098.1613134857&tid=UA-128776493-27&_gid=1157360275.1613134857&_r=1&gtm=2ou230&z=583149895

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://shrinke.me
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ Frame 3A2F 35 B
122 B 6ms
6ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=729418557&t=pageview&_s=2&dl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&ul=en-us&de=UTF-8&dt=noBid_shrinke.me_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=shrinke.me&cm=noBid&cc=Default&_u=AACAAUABAAAAAC~&jid=&gjid=&cid=1768211098.1613134857&tid=UA-128776493-27&_gid=1157360275.1613134857&gtm=2ou230&z=1930133728

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 18:22:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 67090
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ Frame F52A 35 B
58 B 7ms
7ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1786864300&t=pageview&_s=1&dl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&ul=en-us&de=UTF-8&dt=noBid_shrinke.me_0.00_Default&sd=24-bit&sr=1600x1200&vp=&je=0&cn=0.00&cs=shrinke.me&cm=noBid&cc=Default&_u=AACAAUAB~&jid=&gjid=&cid=1768211098.1613134857&tid=UA-128776493-27&_gid=1157360275.1613134857&gtm=2ou230&z=975672686

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 11 Feb 2021 18:22:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 67090
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame C029 2 KB
572 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:10:52 GMT
server: ESF
date: Fri, 12 Feb 2021 13:00:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
DATA 200
OK truncated
/ Frame C029 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c01eb02b169c34320241d002edf0d09f06802afc629f8430e7fb430606d67c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 32FD 2 KB
572 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:18:09 GMT
server: ESF
date: Fri, 12 Feb 2021 13:00:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
DATA 200
OK truncated
/ Frame 32FD 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c01eb02b169c34320241d002edf0d09f06802afc629f8430e7fb430606d67c8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame B608 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://fonts.googleapis.com/css?family=Open+Sans
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 333357
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:01 GMT

GET
H2 200 1 Show response
servicer.adskeeper.com/992723/ Frame B608 1 KB
1 KB 58ms
56ms Script
application/x-javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.adskeeper.com/992723/1?w=970&h=250&cols=1&pv=5&cbuster=1613134858249862494054&uniqId=0fe45&niet=4g&nisd=false&iframe=1&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cxurl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&lu=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&pageView=1&pvid=1779654880a8c7a112b&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.992723.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3317eb7e4a7839467c848455070ade9541ec8894872bcb961e5eb54072da903c

Request headers

Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee01d954a67-FRA
cf-request-id: 0837eda00d00004a67de3a5000000001

GET
H2 200 prebid.js Show response
cdn.adtrue.com/pb/ Frame 6B05 257 KB
82 KB 27ms
27ms Script
application/x-javascript 2606:4700:10::ac43:607
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/pb/prebid.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20034&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cb=4067329134&timeZone=1&adWidth=300&adHeight=250&loc=https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:607 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4259dbb0191c97a891b857a18b128a117310364e59726cff9eb639dcd22023b

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 21 Aug 2020 05:31:13 GMT
server: cloudflare
age: 8758247
etag: W/"5f3f5c21-405dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 62067ee02b40d6e5-FRA
cf-request-id: 0837eda0190000d6e5b33e1000000001
expires: Fri, 29 Oct 2021 04:10:11 GMT

GET
H2 200 request Show response
track.adtrue.com/track/ Frame 0DD4 662 B
755 B 295ms
200ms Document
text/html 34.209.29.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=20034&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cb=4067329134&timeZone=1&adWidth=300&adHeight=250&loc=https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.209.29.143 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-209-29-143.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 2610fe2184436d61ecf9b0e225eb7aad9b3adceecd49cb9f7494786322be2c0d

Request headers

:method: GET
:authority: track.adtrue.com
:scheme: https
:path: /track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-type: text/html
content-length: 662
server: nginx
x-host-name: java1

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame C029 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://fonts.googleapis.com/css?family=Open+Sans
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 333357
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:01 GMT

GET
H2 200 1 Show response
servicer.adskeeper.com/1062925/ Frame C029 989 B
773 B 114ms
113ms Script
application/x-javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.adskeeper.com/1062925/1?w=320&h=100&cols=1&pv=5&cbuster=1613134858320296500075&uniqId=0e797&niet=4g&nisd=false&iframe=1&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cxurl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&lu=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&pageView=0&pvid=17796548850ac846de3&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 413824d9d2a07c7f9de6576b164e56a806d79b2bd0cdded3f497a8983eb53146

Request headers

Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee08e974a67-FRA
cf-request-id: 0837eda05300004a67d52f5000000001

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 32FD 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://fonts.googleapis.com/css?family=Open+Sans
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 333357
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:01 GMT

GET
H2 200 passback.js Show response
cdn.adtrue.com/rtb/ Frame 4EF2 753 B
578 B 19ms
19ms Script
application/x-javascript 2606:4700:10::ac43:607
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/passback.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:607 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Oct 2020 03:26:52 GMT
server: cloudflare
age: 8757717
etag: W/"5f98e4fc-2f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 62067ee08bebd6e5-FRA
cf-request-id: 0837eda05a0000d6e5e0206000000001
expires: Fri, 29 Oct 2021 04:19:01 GMT

GET
H2 200 1 Show response
servicer.adskeeper.com/1062925/ Frame 32FD 989 B
772 B 97ms
97ms Script
application/x-javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.adskeeper.com/1062925/1?w=320&h=100&cols=1&pv=5&cbuster=161313485835388456866&uniqId=01835&niet=4g&nisd=false&iframe=1&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cxurl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&lu=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&pageView=0&pvid=177965488719ddbd057&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1c6c9413e68400e32cff93563269a160c8ea687247c292c6af7046e420c3c7a

Request headers

Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee0bf084a67-FRA
cf-request-id: 0837eda07300004a67cca1a000000001

GET
H2 200 passback Show response
exchange.adtrue.com/tag/ Frame 4EF2 910 B
1 KB 197ms
196ms Script
application/javascript 35.165.113.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=20033&divid=35655832&ref=undefined
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/rtb/passback.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.165.113.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-165-113-112.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 36f45a07f6e29b45649ab14c67b8f939bfbb1f989093b5157e0f646260e27154

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
server: nginx
content-length: 910
content-type: application/javascript

GET
H2 200 i.js Show response
cm.adskeeper.com/ Frame B608 19 B
188 B 108ms
107ms Script
application/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.com/i.js?&cbuster=1613134858425284703092
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.992723.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: MISS
x-mg-request-uuid: 1867ef40-d33f-4dff-bd21-8f4360d27e3f
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee1283d4a67-FRA
cf-request-id: 0837eda0be00004a67a3926000000001
server: cloudflare

GET
H2 200 i-noref.js Show response
cm.adskeeper.com/ Frame C5A9 19 B
258 B 101ms
100ms Script
application/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.com/i-noref.js?cbuster=1613134858429351598282
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.992723.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: MISS
x-mg-request-uuid: e21386eb-eb5a-49db-a7f0-ec3b020132a1
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee1385a4a67-FRA
cf-request-id: 0837eda0c500004a678a88a000000001
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDIvNTM1ODAwLzU2YjkzNDY3ZWY3MmJhMzI2MmQzOWNmZDAyNWVmMDViLmpwZw.webp
s-img.adskeeper.co.uk/g/8169080/492x277/0x217x1080x720/ Frame B608 22 KB
22 KB 71ms
28ms Image
image/webp 104.19.130.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/8169080/492x277/0x217x1080x720/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDIvNTM1ODAwLzU2YjkzNDY3ZWY3MmJhMzI2MmQzOWNmZDAyNWVmMDViLmpwZw.webp?v=1613134858-dTkY-y3JkMWs3ld3SjtRbykoxhe7Rn3lUWUdeLPb9W0
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.130.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c24706f8f63e83ecc9cb0fd2c821417db17590290632ce14cd42ce1328bef99

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
cf-cache-status: HIT
x-mg-request-uuid: 3bb237b7-057e-4abe-90fa-880724b0f74a
age: 20927
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22168
cf-request-id: 0837eda0fc0000cc36d7902000000001
last-modified: Fri, 12 Feb 2021 06:59:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 62067ee19f8dcc36-ZRH

GET
H2 200 adskeeper_svg.svg
cdn.adskeeper.co.uk/images/ Frame B608 4 KB
2 KB 70ms
28ms Image
image/svg+xml 104.19.133.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_svg.svg
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 1362
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6BE463F6BAC5A7C1
x-amz-id-2: RArm/XP29WEXpt1na/QYRjXvNh1vZoLGeDDzh3exT1n3ePKYDPneFDIazwhil5ouns7OiCmA9m0=
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-request-id: 0837eda0fb00002373f42df000000001
cf-ray: 62067ee19a252373-ZRH
expires: Fri, 12 Feb 2021 17:00:58 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 6B05 0
56 B 137ms
137ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6B05 19 B
709 B 51ms
51ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:00:58 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.57:80
AN-X-Request-Uuid: fa71c190-7d8b-4a87-898e-99f3d92b45b4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://shrinke.me
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 6B05 0
140 B 39ms
38ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=32&wv=4.4.0&cb=28990782310
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://shrinke.me
date: Fri, 12 Feb 2021 13:00:57 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 adskeeper_svg.svg
cdn.adskeeper.co.uk/images/ Frame C029 4 KB
1 KB 58ms
37ms Image
image/svg+xml 104.19.133.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_svg.svg
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 1362
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6BE463F6BAC5A7C1
x-amz-id-2: RArm/XP29WEXpt1na/QYRjXvNh1vZoLGeDDzh3exT1n3ePKYDPneFDIazwhil5ouns7OiCmA9m0=
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-request-id: 0837eda0fb000023730a2c6000000001
cf-ray: 62067ee19a272373-ZRH
expires: Fri, 12 Feb 2021 17:00:58 GMT

GET
H2 200 i.js Show response
cm.adskeeper.com/ Frame C029 19 B
152 B 106ms
106ms Script
application/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.com/i.js?&cbuster=1613134858458965319755
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: MISS
x-mg-request-uuid: 1409417d-52a1-42ce-8b8f-412d1f5db0eb
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee168cb4a67-FRA
cf-request-id: 0837eda0dd00004a67ad1c5000000001
server: cloudflare

GET
H2 200 i-noref.js Show response
cm.adskeeper.com/ Frame 4424 19 B
156 B 105ms
104ms Script
application/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.com/i-noref.js?cbuster=1613134858462550117823
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: MISS
x-mg-request-uuid: c3c43d1b-d7e1-44a7-b9eb-e5604b13b681
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee168d54a67-FRA
cf-request-id: 0837eda0e100004a67d832d000000001
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMzU0NzAxLzQ5MDdhNmRmMWFkYjYyOWQ5ZGU0YzRlOThkNWFiMzFhLmpwZw.webp
s-img.adskeeper.co.uk/g/7806761/492x328/0x0x492x328/ Frame C029 16 KB
17 KB 62ms
48ms Image
image/webp 104.19.130.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/7806761/492x328/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMzU0NzAxLzQ5MDdhNmRmMWFkYjYyOWQ5ZGU0YzRlOThkNWFiMzFhLmpwZw.webp?v=1613134858-yZOlD3hgCyfFoScO4dNT3eYpbfo0fg3ERgphP7BjlmM
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.130.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f057ddc3ba51772f4676ec30fc61376aa92dd14eac79fc572bb30db998fbe714

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
cf-cache-status: HIT
x-mg-request-uuid: 983a2db8-5637-40fd-98a6-9ca24ec48b9f
age: 3983648
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16834
cf-request-id: 0837eda0fe0000cc36df963000000001
last-modified: Mon, 28 Dec 2020 09:59:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 62067ee19f91cc36-ZRH

GET
H2 200 widget-ssp-performance
c.adskeeper.com/ Frame C029 43 B
240 B 68ms
60ms Image
image/gif 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.adskeeper.com/widget-ssp-performance?time=115
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 62067ee178ed4a67-FRA
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
cf-request-id: 0837eda0ea00004a67b1044000000001

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMzU0NzAxLzQ5MDdhNmRmMWFkYjYyOWQ5ZGU0YzRlOThkNWFiMzFhLmpwZw.webp
s-img.adskeeper.co.uk/g/7806761/492x328/0x0x492x328/ Frame 32FD 16 KB
17 KB 27ms
26ms Image
image/webp 104.19.130.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/7806761/492x328/0x0x492x328/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMzU0NzAxLzQ5MDdhNmRmMWFkYjYyOWQ5ZGU0YzRlOThkNWFiMzFhLmpwZw.webp?v=1613134858-yZOlD3hgCyfFoScO4dNT3eYpbfo0fg3ERgphP7BjlmM
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.130.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f057ddc3ba51772f4676ec30fc61376aa92dd14eac79fc572bb30db998fbe714

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
cf-cache-status: HIT
x-mg-request-uuid: 983a2db8-5637-40fd-98a6-9ca24ec48b9f
age: 3983648
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16834
cf-request-id: 0837eda1300000cc362dad4000000001
last-modified: Mon, 28 Dec 2020 09:59:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 62067ee1e818cc36-ZRH

GET
H2 200 adskeeper_svg.svg
cdn.adskeeper.co.uk/images/ Frame 32FD 4 KB
1 KB 27ms
26ms Image
image/svg+xml 104.19.133.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_svg.svg
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
cf-cache-status: HIT
age: 1362
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6BE463F6BAC5A7C1
x-amz-id-2: RArm/XP29WEXpt1na/QYRjXvNh1vZoLGeDDzh3exT1n3ePKYDPneFDIazwhil5ouns7OiCmA9m0=
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-request-id: 0837eda13000002373d88c8000000001
cf-ray: 62067ee1ead62373-ZRH
expires: Fri, 12 Feb 2021 17:00:58 GMT

GET
H2 200 i.js Show response
cm.adskeeper.com/ Frame 32FD 19 B
152 B 95ms
94ms Script
application/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.com/i.js?&cbuster=1613134858533785614059
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: MISS
x-mg-request-uuid: 12d331e2-da25-4002-bb5d-07b5513cd96d
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee1d9c04a67-FRA
cf-request-id: 0837eda12800004a67db315000000001
server: cloudflare

GET
H2 200 i-noref.js Show response
cm.adskeeper.com/ Frame C849 19 B
231 B 115ms
114ms Script
application/javascript 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.com/i-noref.js?cbuster=1613134858537402153276
Requested by: Host: jsc.adskeeper.com
URL: https://jsc.adskeeper.com/s/h/shrinke.me.1062925.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: MISS
x-mg-request-uuid: 4555e659-c5f5-43f8-a2b9-faabe1c8aa7d
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee1d9c64a67-FRA
cf-request-id: 0837eda12a00004a67ce801000000001
server: cloudflare

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ Frame F2C5 77 KB
31 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Requested by

Host: track.adtrue.com
URL: https://track.adtrue.com/track/request?pzoneid=20033&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f508bb29b31036fdd5a77d80d3a7989e8e0fb08f12d4f34fd13e1bc5e1bd7fa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://track.adtrue.com/track/request?pzoneid=20033&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31175
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ Frame 0DD4 77 KB
30 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Requested by

Host: track.adtrue.com
URL: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f508bb29b31036fdd5a77d80d3a7989e8e0fb08f12d4f34fd13e1bc5e1bd7fa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31175
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
H2 200 passback.js Show response
cdn.adtrue.com/rtb/ Frame 6898 753 B
511 B 16ms
15ms Script
application/x-javascript 2606:4700:10::ac43:607
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adtrue.com/rtb/passback.js
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:607 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43bda1428a5263bac1077be4600446811177d2517529640d7cf560363d67a629

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 28 Oct 2020 03:26:52 GMT
server: cloudflare
age: 8757717
etag: W/"5f98e4fc-2f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31104000
cf-ray: 62067ee22e82d6e5-FRA
cf-request-id: 0837eda15e0000d6e5a0156000000001
expires: Fri, 29 Oct 2021 04:19:01 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ Frame F2C5 136 KB
52 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DTZ6LRDBJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

742425d1f9a32f10e7fb4ae5da908b7a8f40dd0dc19e462211e91cb79205e40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://track.adtrue.com/track/request?pzoneid=20033&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53280
x-xss-protection: 0
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame F2C5 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://track.adtrue.com/track/request?pzoneid=20033&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5751
date: Fri, 12 Feb 2021 11:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 12 Feb 2021 13:25:07 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ Frame 0DD4 136 KB
52 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0DTZ6LRDBJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

742425d1f9a32f10e7fb4ae5da908b7a8f40dd0dc19e462211e91cb79205e40f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53280
x-xss-protection: 0
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame 0DD4 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPLC9ST

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://track.adtrue.com/track/request?pzoneid=20034&domain=shrinke.me&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&loc=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5751
date: Fri, 12 Feb 2021 11:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Fri, 12 Feb 2021 13:25:07 GMT

GET
H2 200 passback Show response
exchange.adtrue.com/tag/ Frame 6898 601 B
792 B 196ms
196ms Script
application/javascript 35.165.113.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=20034&divid=1325585605&ref=undefined
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/rtb/passback.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.165.113.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-165-113-112.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: c73ceacd23ee7ad38c7f5952364d74b5ada1aee41cc1c6f9816964f881fac2c7

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
server: nginx
content-length: 601
content-type: application/javascript

GET
H2 200 n.js Show response
cdn.runative-syndicate.com/sdk/v1/ Frame 4EF2 17 KB
17 KB 106ms
29ms Script
application/javascript 67.27.234.121
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.runative-syndicate.com/sdk/v1/n.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=20033&divid=35655832&ref=undefined
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 6be018cf63d68429cc6f5c49caa24448469db98e412beba3bc99ac033ced43da

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
last-modified: Mon, 18 Jan 2021 15:00:01 GMT
server: nginx
age: 2151493
etag: "6005a271-44f3"
content-type: application/javascript
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 17651

GET
H2 200 n.css
cdn.run-syndicate.com/sdk/v1/ Frame 4EF2 8 KB
8 KB 106ms
28ms Stylesheet
text/css 67.27.233.249
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.run-syndicate.com/sdk/v1/n.css
Requested by: Host: cdn.runative-syndicate.com
URL: https://cdn.runative-syndicate.com/sdk/v1/n.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.249 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
last-modified: Mon, 18 Jan 2021 15:00:01 GMT
server: nginx
age: 2151985
etag: "6005a271-2055"
content-type: text/css
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 8277

GET
H2 200 passback Show response
track.adtrue.com/track/ Frame 5CBA 0
73 B 200ms
200ms Document
text/html 34.209.29.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.adtrue.com/track/passback?pzoneid=20033
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.209.29.143 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-209-29-143.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: track.adtrue.com
:scheme: https
:path: /track/passback?pzoneid=20033
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-type: text/html
content-length: 0
server: nginx
x-host-name: java1

GET
H2 200 adtrue.shrinke.me.994621.js Show response
jsc.adskeeper.co.uk/a/d/ Frame 6898 234 KB
63 KB 62ms
60ms Script
text/javascript 104.19.130.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.js
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=20034&divid=1325585605&ref=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.130.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a93a6b449d2a356fff9f47e8291eeb45e28aae171b0c232009ad4459073d8b8f

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 89874F4ECFEFD7BF
cf-polished: origSize=239797
last-modified: Thu, 11 Feb 2021 10:12:36 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: AkS2J4c8tYdE88rByvwkEtK+TRNfXlBGJMLNUNNRYZGy0mtMoDE5ZQAdRY/Ea6ndmifpjNejahc=
cf-bgj: minify
server: cloudflare
etag: W/"a9e777a406b01f239904cf5cc7830c2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=14400
cf-request-id: 0837eda24a0000cc36e88db000000001
cf-ray: 62067ee3abcdcc36-ZRH
expires: Fri, 12 Feb 2021 17:00:58 GMT

GET
H2 200 passback Show response
track.adtrue.com/track/ Frame E156 0
73 B 201ms
200ms Document
text/html 34.209.29.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.adtrue.com/track/passback?pzoneid=20034
Requested by: Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/tag/passback?adtrue_pzoneid=20034&divid=1325585605&ref=undefined
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.209.29.143 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-209-29-143.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: track.adtrue.com
:scheme: https
:path: /track/passback?pzoneid=20034
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:00:58 GMT
content-type: text/html
content-length: 0
server: nginx
x-host-name: java4

GET
H2 200 css
fonts.googleapis.com/ Frame 6898 2 KB
646 B 14ms
13ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 12 Feb 2021 12:16:49 GMT
server: ESF
date: Fri, 12 Feb 2021 13:00:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 12 Feb 2021 13:00:58 GMT

GET
DATA 200
OK truncated
/ Frame 6898 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d98d7a81b2cc1e6b36d75db78826771fed2ddbe50ab593bea89ba19d6e6f7cb4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6898 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://shrinke.me
Referer: https://fonts.googleapis.com/css?family=Open+Sans
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 333357
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:01 GMT

GET
H2 200 1 Show response
servicer.adskeeper.co.uk/994621/ Frame 6898 1010 B
1 KB 113ms
111ms Script
application/x-javascript 104.19.133.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.adskeeper.co.uk/994621/1?w=300&h=250&cols=1&pv=5&cbuster=1613134858988661453503&uniqId=14f98&niet=4g&nisd=false&iframe=1&ref=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&cxurl=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&lu=https%3A%2F%2Fshrinke.me%2FHOTSTARNETFLIXPREMIUM&pageView=1&pvid=17796548aeda1daa627&implVersion=11&dpr=1
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34bbb0d5d8e5b95f7c885ef198f7f2d4d473440b1f27643fc4eae2eda9d0b1d9

Request headers

Referer: https://shrinke.me/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee4c9342373-ZRH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837eda2fd000023732a8c0000000001

GET
H2 200 adskeeper_svg.svg
cdn.adskeeper.co.uk/images/ Frame 6898 4 KB
1 KB 32ms
32ms Image
image/svg+xml 104.19.133.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.adskeeper.co.uk/images/adskeeper_svg.svg
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c1798ee0e6e7de78f91bb457e6670385951caea9fc9c97295ca303ec6fe49be

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: br
cf-cache-status: HIT
age: 1363
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6BE463F6BAC5A7C1
x-amz-id-2: RArm/XP29WEXpt1na/QYRjXvNh1vZoLGeDDzh3exT1n3ePKYDPneFDIazwhil5ouns7OiCmA9m0=
last-modified: Tue, 08 Dec 2020 08:34:59 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1607416491/ctime:1607416491/gid:0/gname:root/md5:93f6d1136fb77e38a0a2c72108588f09/mode:33206/mtime:1607416491/uid:0/uname:root
etag: W/"93f6d1136fb77e38a0a2c72108588f09"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-request-id: 0837eda370000023730f249000000001
cf-ray: 62067ee58af92373-ZRH
expires: Fri, 12 Feb 2021 17:00:59 GMT

GET
H2 200 i.js Show response
cm.adskeeper.co.uk/ Frame 6898 113 B
237 B 234ms
233ms Script
application/javascript 104.19.133.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i.js?&cbuster=1613134859109813398827
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56ea2c14c88efe566bb7f22b3555a8b4fb40b5e3e534a8425f33a449d1e47f47

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: br
cf-cache-status: MISS
x-mg-request-uuid: 5b3c2eef-1bb4-4f2d-8f1c-c39238e53edc
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee58b092373-ZRH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837eda377000023732a8d0000000001
server: cloudflare

GET
H2 200 i-noref.js Show response
cm.adskeeper.co.uk/ Frame 7323 19 B
239 B 236ms
236ms Script
application/javascript 104.19.133.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adskeeper.co.uk/i-noref.js?cbuster=1613134859113475214985
Requested by: Host: jsc.adskeeper.co.uk
URL: https://jsc.adskeeper.co.uk/a/d/adtrue.shrinke.me.994621.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: br
cf-cache-status: MISS
x-mg-request-uuid: 864054a2-6c79-43c1-ace0-94f8b524777c
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee58b122373-ZRH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837eda3780000237343849000000001
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp
s-img.adskeeper.co.uk/g/8164865/492x277/0x0x900x600/ Frame 6898 17 KB
18 KB 27ms
26ms Image
image/webp 104.19.130.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.co.uk/g/8164865/492x277/0x0x900x600/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTEvMTAxOTI0LzcyYTQ1NjNjYzFmY2Y5MjAwOWYzMGZkYThiZjFiMGFhLmpwZWc.webp?v=1613134859-3i8fxq234Z6vOx_aO4I6vMwlx7X8QYt-_57CH5rfvX0
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.130.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36025ef2a560e099f221984bc7e55cafa8dac8482a9c2776f0c6c68cc7ca1e17

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
cf-cache-status: HIT
x-mg-request-uuid: 09578c51-31c2-4ae8-bf05-a108e9cf5870
age: 343462
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17742
cf-request-id: 0837eda3790000cc361a8ed000000001
last-modified: Mon, 08 Feb 2021 10:20:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 62067ee58f74cc36-ZRH

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame FA4B 80 KB
26 KB 68ms
23ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3be9a1246aa3ef95d4da2d2f20529572b3eb729256c03cd42c5097ce16956d3d

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:33 GMT
server: nginx
etag: W/"601bd2e1-13f72"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:00:59 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame FA4B 80 KB
26 KB 66ms
24ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3be9a1246aa3ef95d4da2d2f20529572b3eb729256c03cd42c5097ce16956d3d

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:33 GMT
server: nginx
etag: W/"601bd2e1-13f72"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:00:59 GMT

GET
H2 200 /
cm.steepto.com/setmuidn/ Frame 6898 0
315 B 204ms
162ms Image
image/gif 104.19.137.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.steepto.com/setmuidn/?muidf=l1cXLNmODC05
Requested by: Host: shrinke.me
URL: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.137.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cf-ray: 62067ee74f6e2397-ZRH
content-length: 0
cf-request-id: 0837eda489000023977a295000000001

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 6B05 80 KB
26 KB 29ms
28ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3be9a1246aa3ef95d4da2d2f20529572b3eb729256c03cd42c5097ce16956d3d

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:33 GMT
server: nginx
etag: W/"601bd2e1-13f72"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:00:59 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 6B05 80 KB
26 KB 27ms
27ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3be9a1246aa3ef95d4da2d2f20529572b3eb729256c03cd42c5097ce16956d3d

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:33 GMT
server: nginx
etag: W/"601bd2e1-13f72"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:00:59 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame EC7E 0
150 B 40ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=shrinke.me

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=shrinke.me
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1654
date: Fri, 12 Feb 2021 13:00:59 GMT
content-length: 0

GET
H2 200 c
c.adskeeper.com/ Frame B608 43 B
155 B 56ms
56ms Image
image/gif 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.adskeeper.com/c?f=1&pv=3&v=294|235|12|9WJxDBHQTA8TKDdX_Vy58MK1cfLPQGHKJ-XCffP5UDKf6HNBdlCUVVPbabO-T1kw&fw=1&extjs=66044&cid=992723&h2=gnPj4Upfd8jEoYtO8PfayKeZqbihNWaZ19O6oMGrR-Q*&rid=598871c8-6d32-11eb-8ad6-d094662c24f7&tt=Direct&iv=11&pageImp=1&cbuster=1613134859578402079994&tpl=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:59 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: b85e064b-e6fc-4653-ac3e-aafbb160cc21
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee868d14a67-FRA
cf-request-id: 0837eda53d00004a67a398e000000001
server: cloudflare

GET
H2 200 c
c.adskeeper.com/ Frame 32FD 43 B
367 B 55ms
54ms Image
image/gif 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.adskeeper.com/c?f=1&pv=3&v=314|94|12|Dj_LXHuTxBYgtwp6KtXEQDzGMjtlwtcE__TD3rs7GdEhMSqPG3eeeJQLyZH2M3s1&fw=1&extjs=66044&cid=1062925&h2=gnPj4Upfd8jEoYtO8PfayKeZqbihNWaZ19O6oMGrR-Q*&rid=599839f8-6d32-11eb-98c2-d094662f8ab5&tt=Direct&iv=11&pageImp=0&cbuster=1613134859580677918436&tpl=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:59 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: d0902aee-575f-448b-8a36-ecca10047461
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee868d84a67-FRA
cf-request-id: 0837eda53e00004a678ba65000000001
server: cloudflare

GET
H2 200 c
c.adskeeper.com/ Frame C029 43 B
156 B 60ms
60ms Image
image/gif 2606:4700::6812:1041
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.adskeeper.com/c?f=1&pv=3&v=314|94|12|Dj_LXHuTxBYgtwp6KtXEQDzGMjtlwtcE__TD3rs7GdEhMSqPG3eeeJQLyZH2M3s1&fw=1&extjs=66044&cid=1062925&h2=gnPj4Upfd8jEoYtO8PfayKeZqbihNWaZ19O6oMGrR-Q*&rid=59934955-6d32-11eb-8708-d094662c1c35&tt=Direct&iv=11&pageImp=0&cbuster=161313485958212706694&tpl=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1041 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:00:59 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 397bf7b4-9773-4413-8590-9254a6bb13ec
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067ee868e44a67-FRA
cf-request-id: 0837eda54100004a67811fc000000001
server: cloudflare

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 29ms
28ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3be9a1246aa3ef95d4da2d2f20529572b3eb729256c03cd42c5097ce16956d3d

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:33 GMT
server: nginx
etag: W/"601bd2e1-13f72"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:00:59 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 27ms
27ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 3be9a1246aa3ef95d4da2d2f20529572b3eb729256c03cd42c5097ce16956d3d

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:00:59 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:33 GMT
server: nginx
etag: W/"601bd2e1-13f72"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:00:59 GMT

GET
H2 200 c
c.adskeeper.co.uk/ Frame 6898 43 B
449 B 88ms
81ms Image
image/gif 104.19.130.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.adskeeper.co.uk/c?f=1&pv=3&v=294|247|12|wu4MKJJkgoKnjjMA4JOI6eUjhAmL1ifEPjOJdKd_YtDQS0oAfLKUbzt8rU-Yx1qJ&fw=1&extjs=66044&cid=994621&h2=PpCN8S8RpuqgawplLvLjFKCY8ki03-Z77VGaOn48320*&rid=59fe7f3c-6d32-11eb-8708-d094662c1c35&tt=Direct&iv=11&pageImp=1&cbuster=1613134860249471586325&tpl=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.130.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 764a00c0-3d34-45d6-8af7-e6866b1b6cfe
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 62067eecbe43cc36-ZRH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0837eda7ef0000cc36d935f000000001
server: cloudflare

GET
H2 200 / Show response
spl.zeotap.com/ Frame C4C5 8 KB
2 KB 49ms
34ms Document
text/html 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10ea1b14b626e584d538233765af2e23d3925ffc6050458adfdb7c48fd31ad2f

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=de0e2f32c720534897c1b46a39efebd5d1613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax zc=9c9e772b-6cbc-4c8e-436c-bad90d393798; Path=/; Domain=.zeotap.com; Max-Age=63072000; SameSite=None; Secure zsc=N%CEN%1F%A0%B7%EB%D8bg%F0%D2%D8%1E%DDX%A1%F0%F0%84%1D%9Ft%A3%3Du%2Arj%D0%EB%A8%C2%FC%D3%8B%7DO0G%8C%9E%C4a%BA%E0%3A%5E%EF%83%E7%8F%CA%7DK3%D1%5B%8Bv2%9Ah%BFyO%7C%A2%F4%96%D6Q%EC%D0%F2M%A4%EE%3C%25%05J%85bm%BA%A3%1B-%3F%F7%90%18%9BLu%97%A9%8C%91%1B%B2~4%EB%ED0%7Fl%D7%BEw%E0v~%1A%FB%809%9C%E49%C4%9E%C9_%9B%8F%D7t%11%7C%DD%1C%DBQ%FD%87H%A7g%A9%0C%D4-%04%8C%E0%7FY%2AV%3C%12%EEs%5Cl%DD%16h%3B%26%09BS%9DC; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://shrinke.me
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa1200002b22d898b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62067ef01fff2b22-FRA
content-encoding: br

GET
H2 200 quantumdex Show response
sync.quantumdex.io/usersync/ Frame 0605 2 KB
1000 B 134ms
126ms Document
text/html 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04dafc2566b60ca28c12d0362a5aa4306005bee16aa5b35099eab10fbff437c8

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/quantumdex
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=d660b4a2af752d1d84ff909af619440401613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.quantumdex.io; HttpOnly; SameSite=Lax uid=38792dd8-054e-4503-87be-13ccbb40cac9; expires=Thu, 04 Mar 2021 13:01:00 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa0500004a67ad2a7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3RGHB4BCcTvjNu2HoW2I2pLKTz9vDnXplR4ehNPQVb%2FIH%2BDzozIvvzFVLaP2CpWnJvsx3SclXoGjW4TunRRKGQzliom6Q7tPxlCGeZQSGyfzWpRH1TQgnXVXnERWLMM%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 62067ef00a9d4a67-FRA
content-encoding: br

GET
H2 200 quantumdex Show response
sync.quantumdex.io/usersync/ Frame 54EB 2 KB
896 B 133ms
127ms Document
text/html 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04dafc2566b60ca28c12d0362a5aa4306005bee16aa5b35099eab10fbff437c8

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/quantumdex
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=d660b4a2af752d1d84ff909af619440401613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.quantumdex.io; HttpOnly; SameSite=Lax uid=5a0801ab-2836-43de-bcd1-5e901dbe469b; expires=Thu, 04 Mar 2021 13:01:00 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa0400004a67973a1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Q3g2Cc1QyFqDF%2BVJ2Fod4Y6o7ZMzTzLv0Y4QP01ZSue%2BMRJLZ2yORAVBOhCnO3u5YGzv%2BoJvIgr62DAgf85aGeRXs5A2xpp0Rdk9MOdv2f2TwHK0di3nCBw6irE3vLI%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 62067ef00a9c4a67-FRA
content-encoding: br

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E39A 52 KB
17 KB 75ms
24ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 05 Feb 2021 21:11:46 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 12 Feb 2021 13:01:00 GMT
Age: 25860
X-Served-By: cache-lga21935-LGA, cache-fra19175-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 79504, 204979
X-Timer: S1613134861.863957,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 / Show response
spl.zeotap.com/ Frame EB42 8 KB
2 KB 43ms
31ms Document
text/html 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2a9a293e360fb639bbd210a138444d47e5ce9cb73f4b1fa7dd6e7f82d417755

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=de0e2f32c720534897c1b46a39efebd5d1613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax zc=3bca84c8-c663-4266-6440-88c1e4cd6c8b; Path=/; Domain=.zeotap.com; Max-Age=63072000; SameSite=None; Secure zsc=%EC%11Z%C2%16-%ABQ%C9%B7%FE%DA%17%11r%5B%F6%CDUnh%B1%A2%CA%E7%DE%24%E63Gy%21o%1E%98%3E%0D%1C%97%F2%7Cr%91%90%99%17%BD%E3%A3v%2F%F9%B1%D4Yp%A6%C9%A5%BEK%FA%0E%EA%AE%EF%A85k2f%C3z%CD%17%BF%FEN%CDc%C1Cy%3B%D0G%11%09%40%90%EDAP%DCh%5B%C6%A5%D7%BF%C7b%03%86%7C%1A%86%EDB%A4a1%91v%60%13%9B%EC%1D%AE%AA%E37%83%CA%DD%B6%87%C8%98%B3%BF%DDB%8B%A6%97~ys%BD%A5%0F%3E%C4%FFV%0D%10%F8%1F%98%60%B0a%3C%FC%01%EE%1B%B3%CC%F4%0A%DDv%A3%3F; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://shrinke.me
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa1200002b22d321a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62067ef018002b22-FRA
content-encoding: br

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame CC85 52 KB
17 KB 75ms
26ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 05 Feb 2021 21:11:46 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 12 Feb 2021 13:01:00 GMT
Age: 25860
X-Served-By: cache-lga21935-LGA, cache-fra19126-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 79504, 205693
X-Timer: S1613134861.862358,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 248D 52 KB
17 KB 75ms
24ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 05 Feb 2021 21:11:46 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 12 Feb 2021 13:01:00 GMT
Age: 25860
X-Served-By: cache-lga21935-LGA, cache-fra19123-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 79504, 205398
X-Timer: S1613134861.866351,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 / Show response
spl.zeotap.com/ Frame 8796 8 KB
2 KB 41ms
31ms Document
text/html 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db6362c172823fdd39d47313177015f121a37ab68e15618075f200e905a5fc97

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=de0e2f32c720534897c1b46a39efebd5d1613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax zc=cec17a6a-db43-46b6-69ee-109fd6a0ba58; Path=/; Domain=.zeotap.com; Max-Age=63072000; SameSite=None; Secure zsc=%7BS%14%92%2C%C6%3CY%ED%86N3W%3C%9D%C6r%A9%13%3A%DA1VH%0D%2C%ADj%8F%975%DD%E6%08%05%FF%3DHj%C4%FA%19%13%04%E1%60%3F%F82%04%0D%0D%E1%DA%5E%09%92%25%C5%81%B9%C1%3Fq%D7%29%FE%E0x%94%A8o%82%7DL%C5%A7%F1%B69e%1B%223%B4%A0%3B%2C%BF%A1%CC%AC%3Fr%A7Z%EA%F3E%08%B0%DB%D4%40H%CA4i%84B%3A%D3W6%CFR%0D%3D%B6%D8%3A%DCJDS%E68U%9B%F2%26%BD%F5%A4%1Bt%DB%3ED%92I%F8%94%A1%7B%18B%27i%06%F3%05%02%89%5D%A7%00%B4%03%2C%60%D4%BA%E3s%0D%82h; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://shrinke.me
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa1200002b22a4147000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62067ef018012b22-FRA
content-encoding: br

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 89E4 52 KB
17 KB 79ms
28ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 05 Feb 2021 21:11:46 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 12 Feb 2021 13:01:00 GMT
Age: 25860
X-Served-By: cache-lga21935-LGA, cache-fra19178-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 79504, 675876
X-Timer: S1613134861.872043,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame C33F 52 KB
17 KB 73ms
23ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 05 Feb 2021 21:11:46 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 12 Feb 2021 13:01:00 GMT
Age: 25860
X-Served-By: cache-lga21935-LGA, cache-fra19153-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 79504, 201296
X-Timer: S1613134861.866995,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 quantumdex Show response
sync.quantumdex.io/usersync/ Frame EAC5 2 KB
863 B 151ms
150ms Document
text/html 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f52b14b10b53ea401af98ade01fc19b43dd630f5fe8671b21c7f0a735df43c5b

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/quantumdex
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=d660b4a2af752d1d84ff909af619440401613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.quantumdex.io; HttpOnly; SameSite=Lax uid=09c7c521-a596-4520-9496-0ae188a3a5de; expires=Thu, 04 Mar 2021 13:01:00 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa0500004a678bad1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Mwi6Ur2YCRukuUCeNgIrhcv9QRW3p1IIGeRJstK4LMN%2BmLG%2BNIFq6mVPQuI5%2F9BJ2UasKqgdhC5zPdvkRvd6xICqwsu5AOe2r7wI1m70Q7G9hTv2kkNSIdv3DxqX4sA%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 62067ef00a9f4a67-FRA
content-encoding: br

GET
H2 200 quantumdex Show response
sync.quantumdex.io/usersync/ Frame A971 2 KB
864 B 138ms
138ms Document
text/html 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3bc54cd49c8b541497f981a208a6e36b6e7c6743f33104494d4968e9ea72ba7b

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/quantumdex
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=d660b4a2af752d1d84ff909af619440401613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.quantumdex.io; HttpOnly; SameSite=Lax uid=fd9392a8-ea07-4d26-90ac-c0af02f3ec40; expires=Thu, 04 Mar 2021 13:01:00 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa0600004a67ccaf9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XAqAs%2FmnOyj67rZyivWE4P7VqCvlzb5zu%2BWGzMGAV4nMkwDIoAUxeeJL%2F0dLNc0u4tK3znyIxuI60PbtKbwdns1tQoxd327UkhiMjSC54fC3M1jOdxbXMcKYfig0zfk%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 62067ef00aa24a67-FRA
content-encoding: br

GET
H2 200 quantumdex Show response
sync.quantumdex.io/usersync/ Frame FA11 2 KB
995 B 134ms
134ms Document
text/html 2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/quantumdex
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-v4.24.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04dafc2566b60ca28c12d0362a5aa4306005bee16aa5b35099eab10fbff437c8

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/quantumdex
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
content-type: text/html
set-cookie: __cfduid=d660b4a2af752d1d84ff909af619440401613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.quantumdex.io; HttpOnly; SameSite=Lax uid=185f2aab-8878-4710-ad1e-a88e83f8457a; expires=Thu, 04 Mar 2021 13:01:00 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa0700004a67db9f8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zfmSCbp2UVhGUj0%2BHeRYJZd5Vaj16fYlctL1nb5wxJssz5%2B3E%2BpbrKxsKX3XCNprqrr1xgJuXa1kDFMVT81O4IPN3NesJ7tn1ewKKANkr3oTC%2BIpiY8fwnuiMNcKeDs%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 62067ef00aa54a67-FRA
content-encoding: br

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame EB42 0
0 52ms
51ms Image
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6e...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6...
https://mwzeom.zeotap.com/mw?google_gid=CAESEEqRz2DjlgdF6Kvr991pCkI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec...

95 B
179 B

49ms
46ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEEqRz2DjlgdF6Kvr991pCkI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef12a482b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaaba00002b22ae93b000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEEqRz2DjlgdF6Kvr991pCkI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d...

95 B
178 B

39ms
25ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef11a242b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaab000002b22ef84b000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
alt-svc: clear
content-length: 0

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame EB42 0
188 B 136ms
42ms Image
text/plain 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc...
https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d...

95 B
259 B

34ms
34ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef18b222b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaaf500002b22e4809000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame EB42 0
55 B 142ms
88ms Image
text/plain 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 61
date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 varnish
server: nginx
x-timer: S1613134861.920543,VS0,VE61
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19148-FRA

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame EB42 0
361 B 142ms
44ms Image
text/html 154.57.158.51
FREEWHEEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 154.57.158.51 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS: amsadvip2.fwmrm.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:00 GMT
Cache-Control: no-store
Expires: 0
Content-Type: text/html
Content-Length: 0
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"

GET
H/1.1 200
OK UCookieSetPug
image6.pubmatic.com/AdServer/ Frame EB42 0
240 B 127ms
30ms Image
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D3bca84c8-c663-4266-6440-88c1e4cd6c8b%26reqId%3Dc2bcec3c-6fa6-4e1d-6efb-7eb5b7571242%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:00 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=136...
https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
179 B

37ms
36ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef13a7f2b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaac700002b22dbb83000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=28309051151631192094555979392278972959&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-...

95 B
178 B

26ms
26ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=28309051151631192094555979392278972959&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef1cbe32b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edab2100002b22f2310000000001

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: sBenD3JBT/o=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=28309051151631192094555979392278972959&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 /
loadeu.exelator.com/load/ Frame EB42 0
324 B 1117ms
25ms Image
text/plain 18.198.69.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.69.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-72642-0.731264001613134872-50287da4709376befacf509ba90cb166&zdid=533&env=mWeb

95 B
306 B

38ms
37ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-72642-0.731264001613134872-50287da4709376befacf509ba90cb166&zdid=533&env=mWeb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f04d95ed6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb7060000d6b951aad000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-72642-0.731264001613134872-50287da4709376befacf509ba90cb166&zdid=533&env=mWeb
Date: Fri, 12 Feb 2021 13:01:12 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=6928361484929333399&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-...

95 B
179 B

37ms
37ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=6928361484929333399&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f067c22d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb8090000d6b9edb9b000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=6928361484929333399&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Date: Fri, 12 Feb 2021 13:01:04 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame EB42 95 B
413 B 35ms
33ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=3bca84c8-c663-4266-6440-88c1e4cd6c8b

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=3bca84c8-c663-4266-6440-88c1e4cd6c8b&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=3bca84c8-c663-4266-6440-88c1e4cd6c8b&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e...

95 B
307 B

25ms
24ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f1eecd8d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edc7530000d6b968bb4000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
via: 1.1 google
last-modified: Fri, 12 Feb 2021 13:01:08 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame EB42 36 B
378 B 7301ms
44ms Image
image/gif 89.163.159.108
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.108 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2 403 tpid=3bca84c8-c663-4266-6440-88c1e4cd6c8b
bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/ Frame EB42 49 B
243 B 7336ms
61ms Image
image/gif 99.80.128.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=3bca84c8-c663-4266-6440-88c1e4cd6c8b?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.128.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.30.107
content-type: image/gif
content-length: 49
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-vcmjge91lw1NZWSr75CDNV44wYywEgQ1Hg--&zpartnerid=570&env=mWeb

95 B
179 B

32ms
32ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-vcmjge91lw1NZWSr75CDNV44wYywEgQ1Hg--&zpartnerid=570&env=mWeb
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef25d062b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edab7700002b22b1211000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-vcmjge91lw1NZWSr75CDNV44wYywEgQ1Hg--&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=tTjRO%2F19oD2j%2Fc1wSrFMbzpnNkc0wrMW%2BS41iYitP1U%3D

95 B
178 B

35ms
35ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=tTjRO%2F19oD2j%2Fc1wSrFMbzpnNkc0wrMW%2BS41iYitP1U%3D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef36f372b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edac2300002b22b121f000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=tTjRO%2F19oD2j%2Fc1wSrFMbzpnNkc0wrMW%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame EB42 43 B
391 B 60ms
33ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame EB42 0
336 B 162ms
45ms Image
text/plain 34.249.114.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.114.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cache-control: private, no-cache, no-store
x-request-time: D=32 t=1613134861
x-served-by: beacon-n022-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame EB42 95 B
524 B 3152ms
40ms Image
image/png 159.69.72.190
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.69.72.190 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: cm022.richaudience.com
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:04 GMT
Server: nginx/1.14.2
Connection: keep-alive
Content-Type: image/png
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8SrK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb...

95 B
202 B

517ms
517ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8SrK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&_test=YCZ8DQAAAGFk8SrK
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef3cfd92b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edac5900002b22f6164000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1613134861.390081,VS0,VE0
x-served-by: cache-hhn4064-HHN
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8SrK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&_test=YCZ8DQAAAGFk8SrK
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=01906026-7c15-4100-9cbd-f005e22b050f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3...

95 B
270 B

27ms
27ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=01906026-7c15-4100-9cbd-f005e22b050f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f256fddd6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edcb630000d6b951809000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:09 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x11
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=01906026-7c15-4100-9cbd-f005e22b050f&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:31 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame EB42
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=N8Ooj3tN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a

0
338 B

136ms
45ms

Image
text/plain

34.249.114.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.114.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
cache-control: private, no-cache, no-store
x-request-time: D=30 t=1613134864
x-served-by: beacon-n014-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://spl.zeotap.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: text/html; charset=utf-8
location: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a
access-control-allow-credentials: true
cf-ray: 62067f08f85cd6b9-FRA
access-control-allow-headers: *
cf-request-id: 0837edb9970000d6b9fb3d2000000001

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame EB42
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-644...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-644...

43 B
433 B

88ms
49ms

Image
image/gif

52.95.118.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.118.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame EB42
Redirect Chain

https://tags.bluekai.com/site/87734?id=3bca84c8-c663-4266-6440-88c1e4cd6c8b&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
179 B

40ms
39ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f055a3bd6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb7530000d6b9daaa7000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Fri, 12 Feb 2021 13:01:04 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 12a7
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 404 gif
im.thenewco.id/ Frame EB42 0
43 B 1669ms
667ms Image
image/gif 34.102.181.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://im.thenewco.id/gif?3puuid=3bca84c8-c663-4266-6440-88c1e4cd6c8b&3pid=3181cf1b-2b10-42bf-a085-d5d3264f1a06&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.181.119 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:03 GMT
via: 1.1 google
last-modified: Fri, 12 Feb 2021 13:01:03 GMT
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Wed, 11 Nov 1998 11:11:11 GMT

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame EB42 557 B
678 B 1071ms
1070ms Script
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=3bca84c8-c663-4266-6440-88c1e4cd6c8b&reqId=c2bcec3c-6fa6-4e1d-6efb-7eb5b7571242&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ef9409d81a6a6167f19b58e9a4a0e92a0e51275f454bf61a11fefa794051c14

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 62067ef058822b22-FRA
date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 0837edaa3800002b22bc117000000001

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 8796 0
0 81ms
37ms Image
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-5...
https://mwzeom.zeotap.com/mw?google_gid=CAESEG0kX-H50LAuYiS1RI4akFI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9d...

95 B
201 B

26ms
22ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEG0kX-H50LAuYiS1RI4akFI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef12a4e2b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaabc00002b22de8b7000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEG0kX-H50LAuYiS1RI4akFI&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0...

95 B
238 B

36ms
22ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef11a272b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaaae00002b22160c8000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
alt-svc: clear
content-length: 0

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame 8796 0
187 B 128ms
42ms Image
text/plain 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0...
https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0...

95 B
179 B

23ms
22ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef18b242b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaaf600002b22b63cc000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame 8796 0
59 B 134ms
88ms Image
text/plain 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 61
date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 varnish
server: nginx
x-timer: S1613134861.920515,VS0,VE61
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19148-FRA

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame 8796 0
361 B 137ms
45ms Image
text/html 154.57.158.51
FREEWHEEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 154.57.158.51 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS: amsadvip2.fwmrm.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:00 GMT
Cache-Control: no-store
Expires: 0
Content-Type: text/html
Content-Length: 0
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"

GET
H/1.1 200
OK UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 8796 0
240 B 124ms
30ms Image
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dcec17a6a-db43-46b6-69ee-109fd6a0ba58%26reqId%3D0ebb9dc4-b06e-48d0-56df-d25f26c0052f%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=136...
https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
179 B

26ms
25ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef13a792b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaac700002b22a7a58000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=83514630781594670522989343151868426594&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-...

95 B
240 B

395ms
395ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=83514630781594670522989343151868426594&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef1dbef2b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edab2400002b2220097000000001

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 0DyylU9xRXs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=83514630781594670522989343151868426594&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 /
loadeu.exelator.com/load/ Frame 8796 0
324 B 1078ms
24ms Image
text/plain 18.198.69.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.69.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-57880-0.754830001613134872-c206e834656e951f8ddf8359f6365861&zdid=533&env=mWeb

95 B
179 B

54ms
54ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-57880-0.754830001613134872-c206e834656e951f8ddf8359f6365861&zdid=533&env=mWeb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f0509c0d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb7250000d6b9f0380000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-57880-0.754830001613134872-c206e834656e951f8ddf8359f6365861&zdid=533&env=mWeb
Date: Fri, 12 Feb 2021 13:01:12 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=6928361484930119831&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-...

95 B
179 B

53ms
52ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=6928361484930119831&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f06ac7ad6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb8280000d6b9e1386000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=6928361484930119831&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Date: Fri, 12 Feb 2021 13:01:04 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame 8796 95 B
424 B 34ms
32ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=cec17a6a-db43-46b6-69ee-109fd6a0ba58

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=cec17a6a-db43-46b6-69ee-109fd6a0ba58&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=cec17a6a-db43-46b6-69ee-109fd6a0ba58&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48...

95 B
179 B

28ms
28ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f1eecd5d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edc7530000d6b9fd298000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
via: 1.1 google
last-modified: Fri, 12 Feb 2021 13:01:08 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame 8796 36 B
378 B 7297ms
44ms Image
image/gif 89.163.159.108
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.108 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2 403 tpid=cec17a6a-db43-46b6-69ee-109fd6a0ba58
bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/ Frame 8796 49 B
242 B 7339ms
61ms Image
image/gif 99.80.128.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=cec17a6a-db43-46b6-69ee-109fd6a0ba58?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.128.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.14.18
content-type: image/gif
content-length: 49
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-PvW2Cil1lw31UgRI.4WTgAajyGkqG_blDA--&zpartnerid=570&env=mWeb

95 B
283 B

24ms
24ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-PvW2Cil1lw31UgRI.4WTgAajyGkqG_blDA--&zpartnerid=570&env=mWeb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef25d032b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edab7600002b22c301c000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-PvW2Cil1lw31UgRI.4WTgAajyGkqG_blDA--&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnGj%2Fc1wSrFMb9tF9Qts%2FDZk%2BS41iYitP1U%3D

95 B
179 B

53ms
53ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnGj%2Fc1wSrFMb9tF9Qts%2FDZk%2BS41iYitP1U%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef36f342b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edac2300002b22bf16f000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=%2FwlQXusTgnGj%2Fc1wSrFMb9tF9Qts%2FDZk%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame 8796 43 B
607 B 71ms
33ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 8796 0
336 B 137ms
45ms Image
text/plain 34.249.114.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.114.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cache-control: private, no-cache, no-store
x-request-time: D=34 t=1613134861
x-served-by: beacon-n013-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 8796 95 B
524 B 3139ms
44ms Image
image/png 159.69.72.190
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.69.72.190 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: cm022.richaudience.com
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:04 GMT
Server: nginx/1.14.2
Connection: keep-alive
Content-Type: image/png
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAKhN0DoG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25...

95 B
179 B

23ms
23ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAKhN0DoG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&_test=YCZ8DQAAAKhN0DoG
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef3e8362b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edac7500002b22ba27e000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1613134861.415579,VS0,VE0
x-served-by: cache-hhn4064-HHN
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAKhN0DoG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&_test=YCZ8DQAAAKhN0DoG
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=32696026-7c15-4d00-9ab1-553e4d4c55ec&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc...

95 B
358 B

40ms
39ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=32696026-7c15-4d00-9ab1-553e4d4c55ec&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f25b862d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edcb910000d6b92bac2000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:09 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=32696026-7c15-4d00-9ab1-553e4d4c55ec&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:31 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 8796
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=N8Ooj3tN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a

0
337 B

131ms
46ms

Image
text/plain

34.249.114.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.114.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1613134864
x-served-by: beacon-n016-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://spl.zeotap.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: text/html; charset=utf-8
location: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a
access-control-allow-credentials: true
cf-ray: 62067f08f85bd6b9-FRA
access-control-allow-headers: *
cf-request-id: 0837edb9990000d6b9128bc000000001

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 8796
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69e...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69e...

43 B
433 B

106ms
50ms

Image
image/gif

52.95.118.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.118.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 8796
Redirect Chain

https://tags.bluekai.com/site/87734?id=cec17a6a-db43-46b6-69ee-109fd6a0ba58&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
594 B

46ms
33ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:03 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f02fe14d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb5da0000d6b917815000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Fri, 12 Feb 2021 13:01:03 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: e0e5
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 404 gif
im.thenewco.id/ Frame 8796 0
43 B 1064ms
25ms Image
image/gif 34.102.181.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://im.thenewco.id/gif?3puuid=cec17a6a-db43-46b6-69ee-109fd6a0ba58&3pid=3181cf1b-2b10-42bf-a085-d5d3264f1a06&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.181.119 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:03 GMT
via: 1.1 google
last-modified: Fri, 12 Feb 2021 13:01:03 GMT
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Wed, 11 Nov 1998 11:11:11 GMT

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame 8796 557 B
432 B 37ms
32ms Script
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd2d8f9802ee97995957e7c61dc7e54f8d12a60640d2f61952210b1d6918dfc7

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 62067ef068af2b22-FRA
date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 0837edaa4200002b22a3be8000000001

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame C4C5 0
0 101ms
35ms Image
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.13 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4...
https://mwzeom.zeotap.com/mw?google_gid=CAESEIQ4wwcniNYK6wKYfpFuzZM&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bf...

95 B
178 B

24ms
23ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEIQ4wwcniNYK6wKYfpFuzZM&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef12a502b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaabd00002b22dbb82000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEIQ4wwcniNYK6wKYfpFuzZM&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a...

95 B
177 B

32ms
24ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef11a282b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaaaf00002b22d106a000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://mwzeom.zeotap.com/mw?cid=5b1928e1-6d32-11eb-a299-c2cb643764e1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
alt-svc: clear
content-length: 0

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame C4C5 0
187 B 124ms
42ms Image
text/plain 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8...
https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a...

95 B
179 B

27ms
27ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef18b202b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaaf400002b22a5074000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame C4C5 0
163 B 123ms
81ms Image
text/plain 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-vcl-time-ms: 55
date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 varnish
server: nginx
x-timer: S1613134861.920492,VS0,VE55
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19148-FRA

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame C4C5 0
361 B 131ms
43ms Image
text/html 154.57.158.51
FREEWHEEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 154.57.158.51 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS: amsadvip2.fwmrm.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:00 GMT
Cache-Control: no-store
Expires: 0
Content-Type: text/html
Content-Length: 0
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"

GET
H/1.1 200
OK UCookieSetPug
image6.pubmatic.com/AdServer/ Frame C4C5 0
240 B 127ms
29ms Image
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9c9e772b-6cbc-4c8e-436c-bad90d393798%26reqId%3D8a11bfd1-2b24-4a4a-4a98-6f0d2129b231%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=136...
https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
385 B

25ms
24ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef13a772b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edaac600002b22ba255000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:00 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=afa776a7-cde9-47bf-b580-124556350fc6&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=9c9e772b-6cbc-4c8e-436c-bad90d393798&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=9c9e772b-6cbc-4c8e-436c-bad90d393798&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=59647049083820633351066134033792568126&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-...

95 B
179 B

24ms
24ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=59647049083820633351066134033792568126&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef1dbf72b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edab2900002b22f614b000000001

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: TljvQBw8Txk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=59647049083820633351066134033792568126&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 /
loadeu.exelator.com/load/ Frame C4C5 0
324 B 1051ms
25ms Image
text/plain 18.198.69.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.69.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=9c9e772b-6cbc-4c8e-436c-bad90d393798&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-44812-0.778476001613134872-b9ec4670c60899f4d1353040cf434814&zdid=533&env=mWeb

95 B
179 B

35ms
34ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-44812-0.778476001613134872-b9ec4670c60899f4d1353040cf434814&zdid=533&env=mWeb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f0529fed6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb73b0000d6b9e8a9a000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021021214-44812-0.778476001613134872-b9ec4670c60899f4d1353040cf434814&zdid=533&env=mWeb
Date: Fri, 12 Feb 2021 13:01:12 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=6928361484931102871&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-...

95 B
180 B

26ms
26ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=6928361484931102871&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f06dcc6d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb8440000d6b9fb3b9000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=6928361484931102871&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Date: Fri, 12 Feb 2021 13:01:04 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame C4C5 95 B
413 B 35ms
33ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=9c9e772b-6cbc-4c8e-436c-bad90d393798

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9c9e772b-6cbc-4c8e-436c-bad90d393798&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9c9e772b-6cbc-4c8e-436c-bad90d393798&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a...

95 B
179 B

26ms
26ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f1eecd9d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edc7540000d6b9ed89f000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
via: 1.1 google
last-modified: Fri, 12 Feb 2021 13:01:08 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=8w8uRdyv9S17OEJXOhDmb.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame C4C5 36 B
378 B 7300ms
45ms Image
image/gif 89.163.159.108
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=9c9e772b-6cbc-4c8e-436c-bad90d393798&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.108 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2 403 tpid=9c9e772b-6cbc-4c8e-436c-bad90d393798
bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/ Frame C4C5 49 B
243 B 7335ms
61ms Image
image/gif 99.80.128.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=9c9e772b-6cbc-4c8e-436c-bad90d393798?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.128.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:08 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.29.59
content-type: image/gif
content-length: 49
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-LBftG_t1lw22h0azmvQ9lmsjpwBj1pU9cA--&zpartnerid=570&env=mWeb

95 B
179 B

24ms
24ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-LBftG_t1lw22h0azmvQ9lmsjpwBj1pU9cA--&zpartnerid=570&env=mWeb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef25d042b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edab7700002b22e11bc000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-LBftG_t1lw22h0azmvQ9lmsjpwBj1pU9cA--&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjCj%2Fc1wSrFMb%2Foj6FoiDd3B%2BS41iYitP1U%3D

95 B
196 B

23ms
23ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjCj%2Fc1wSrFMb%2Foj6FoiDd3B%2BS41iYitP1U%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef36f302b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edac2300002b22a417b000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjCj%2Fc1wSrFMb%2Foj6FoiDd3B%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame C4C5 43 B
389 B 70ms
35ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame C4C5 0
337 B 155ms
45ms Image
text/plain 34.249.114.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.114.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cache-control: private, no-cache, no-store
x-request-time: D=33 t=1613134861
x-served-by: beacon-n002-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame C4C5 95 B
524 B 3162ms
43ms Image
image/png 159.69.72.190
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.69.72.190 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: cm022.richaudience.com
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:04 GMT
Server: nginx/1.14.2
Connection: keep-alive
Content-Type: image/png
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8irK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0...

95 B
179 B

28ms
28ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8irK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&_test=YCZ8DQAAAGFk8irK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067ef3cfdf2b22-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edac5a00002b22f8026000000001

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1613134861.391783,VS0,VE0
x-served-by: cache-hhn4064-HHN
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YCZ8DQAAAGFk8irK&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&_test=YCZ8DQAAAGFk8irK
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=0aad6026-7c15-4200-8e74-3cdf5e58aaff&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd...

95 B
387 B

53ms
52ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=0aad6026-7c15-4200-8e74-3cdf5e58aaff&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:09 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f252f59d6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edcb3e0000d6b9e8bf3000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:09 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=0aad6026-7c15-4200-8e74-3cdf5e58aaff&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:31 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame C4C5
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=N8Ooj3tN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a

0
337 B

46ms
45ms

Image
text/plain

34.249.114.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.114.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
cache-control: private, no-cache, no-store
x-request-time: D=26 t=1613134864
x-served-by: beacon-n002-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://spl.zeotap.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: text/html; charset=utf-8
location: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=2d212901-e02e-40d6-699a-08ec8f069c3a
access-control-allow-credentials: true
cf-ray: 62067f08f85fd6b9-FRA
access-control-allow-headers: *
cf-request-id: 0837edb9970000d6b98c2e7000000001

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame C4C5
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436...

43 B
433 B

143ms
50ms

Image
image/gif

52.95.118.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.118.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9c9e772b-6cbc-4c8e-436c-bad90d393798&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C4C5
Redirect Chain

https://tags.bluekai.com/site/87734?id=9c9e772b-6cbc-4c8e-436c-bad90d393798&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
179 B

230ms
230ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 62067f04384bd6b9-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0837edb69f0000d6b98c2ba000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Fri, 12 Feb 2021 13:01:04 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: a45
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 404 gif
im.thenewco.id/ Frame C4C5 0
180 B 1078ms
24ms Image
image/gif 34.102.181.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://im.thenewco.id/gif?3puuid=9c9e772b-6cbc-4c8e-436c-bad90d393798&3pid=3181cf1b-2b10-42bf-a085-d5d3264f1a06&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.181.119 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:03 GMT
via: 1.1 google
last-modified: Fri, 12 Feb 2021 13:01:03 GMT
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Wed, 11 Nov 1998 11:11:11 GMT

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame C4C5 557 B
595 B 27ms
26ms Script
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74fe5544ee9a29147bc07cf3d065e9e9a1a6a3f0339d3cca187d29345c31adc8

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 62067ef068b62b22-FRA
date: Fri, 12 Feb 2021 13:01:00 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 0837edaa4300002b22fb2e6000000001

GET
H2 204 cmp
spl.zeotap.com/ Frame C4C5 0
0 25ms
25ms Document
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9c9e772b-6cbc-4c8e-436c-bad90d393798&reqId=8a11bfd1-2b24-4a4a-4a98-6f0d2129b231&zdid=1361&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: zc=9c9e772b-6cbc-4c8e-436c-bad90d393798; zsc=N%CEN%1F%A0%B7%EB%D8bg%F0%D2%D8%1E%DDX%A1%F0%F0%84%1D%9Ft%A3%3Du%2Arj%D0%EB%A8%C2%FC%D3%8B%7DO0G%8C%9E%C4a%BA%E0%3A%5E%EF%83%E7%8F%CA%7DK3%D1%5B%8Bv2%9Ah%BFyO%7C%A2%F4%96%D6Q%EC%D0%F2M%A4%EE%3C%25%05J%85bm%BA%A3%1B-%3F%F7%90%18%9BLu%97%A9%8C%91%1B%B2~4%EB%ED0%7Fl%D7%BEw%E0v~%1A%FB%809%9C%E49%C4%9E%C9_%9B%8F%D7t%11%7C%DD%1C%DBQ%FD%87H%A7g%A9%0C%D4-%04%8C%E0%7FY%2AV%3C%12%EEs%5Cl%DD%16h%3B%26%09BS%9DC
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
set-cookie: __cfduid=d6ebe68e106593ee91c690e71e7d4bc081613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa6500002b220e3c3000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62067ef0a9272b22-FRA

GET
H2 204 cmp
spl.zeotap.com/ Frame 8796 0
0 24ms
23ms Document
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=cec17a6a-db43-46b6-69ee-109fd6a0ba58&reqId=0ebb9dc4-b06e-48d0-56df-d25f26c0052f&zdid=1361&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: zc=9c9e772b-6cbc-4c8e-436c-bad90d393798; zsc=N%CEN%1F%A0%B7%EB%D8bg%F0%D2%D8%1E%DDX%A1%F0%F0%84%1D%9Ft%A3%3Du%2Arj%D0%EB%A8%C2%FC%D3%8B%7DO0G%8C%9E%C4a%BA%E0%3A%5E%EF%83%E7%8F%CA%7DK3%D1%5B%8Bv2%9Ah%BFyO%7C%A2%F4%96%D6Q%EC%D0%F2M%A4%EE%3C%25%05J%85bm%BA%A3%1B-%3F%F7%90%18%9BLu%97%A9%8C%91%1B%B2~4%EB%ED0%7Fl%D7%BEw%E0v~%1A%FB%809%9C%E49%C4%9E%C9_%9B%8F%D7t%11%7C%DD%1C%DBQ%FD%87H%A7g%A9%0C%D4-%04%8C%E0%7FY%2AV%3C%12%EEs%5Cl%DD%16h%3B%26%09BS%9DC
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Fri, 12 Feb 2021 13:01:00 GMT
set-cookie: __cfduid=d6ebe68e106593ee91c690e71e7d4bc081613134860; expires=Sun, 14-Mar-21 13:01:00 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0837edaa7600002b22f83fa000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62067ef0b95d2b22-FRA

GET
H2

200

setuid
sync.quantumdex.io/ Frame 0605
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5134582420614854455

43 B
464 B

129ms
129ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5134582420614854455
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cyLAUi%2BIScVaeYQZ1L3et1mdWrC4BwOIqkatT6da7rmwpxIaqomagzLvV8EurbDo%2FXAmZRljdhsYFyLbOUXE8hHoDqY0jnJpYKQajcT1JWfbPPuG0Mgv8kb2N0XzHnw%3D"}]}
content-type: image/gif
cf-ray: 62067ef19ecb4a67-FRA
content-length: 43
cf-request-id: 0837edaafd00004a67a3a22000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.17:80
AN-X-Request-Uuid: 45d7bb66-c676-4610-87cb-b8b5ddc4a096
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5134582420614854455
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 0605
Redirect Chain

https://ms.quantumdex.io/user/sync/quantumdex
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=7a3aefbc-a00a-4041-b5da-0da48415f43c

43 B
327 B

127ms
127ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=7a3aefbc-a00a-4041-b5da-0da48415f43c
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pEj48r1ZodGVp9PdgijcmuIgMbJRGLVmf%2FDiLsJekRe%2BQRY6EvVTWENFPBlpHcuNC18FVXNhApRULgrvXopJbuFRYlrVN7XeDTwRd30VZhG6fBKMog%2FSC3yzQbZ5qmM%3D"}]}
content-type: image/gif
cf-ray: 62067ef19ee34a67-FRA
content-length: 43
cf-request-id: 0837edab0400004a67d53f4000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BJLv4ISmpw9QiuMz9IAMQCfulKp3VfkbASVCRKQTblr1B4%2B4p%2BJaAsvps6Su5YTLwomcosnXBPFvJ7qspVI0AknqwchIkvRHmqxg6kRzQDRt2buUIOPDJY28JSIE"}]}
location: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=7a3aefbc-a00a-4041-b5da-0da48415f43c
cf-ray: 62067ef0ec8e4a67-FRA
content-length: 0
cf-request-id: 0837edaa9100004a67db3ef000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame 0605
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=4b5c5780-6c84-4705-8f6a-bc06b8d84344

43 B
325 B

125ms
125ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=4b5c5780-6c84-4705-8f6a-bc06b8d84344
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9L2mJhzoEwUttn8TU6jBRzH%2FtlwD1uIfVXquSt1fESqHHU2gkOFnrP0DlNI%2BU1fgF9EH6Zh4NlPYv6o2mgxBAM1BfxR9J0SsUqnb0MYGoxjyHROEUS7i3Jfz5LFkljQ%3D"}]}
content-type: image/gif
cf-ray: 62067ef39b754a67-FRA
content-length: 43
cf-request-id: 0837edac3c00004a6788247000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=4b5c5780-6c84-4705-8f6a-bc06b8d84344
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 0605
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=5965e9e58538953e51e46994

43 B
435 B

132ms
132ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=5965e9e58538953e51e46994
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=z2WKjJ5K81z8V5vTSDM98dAN7RSM57b8T%2BNuQZjFMbFzbqOgcw83UnAVAp5CZuvjcaEeRQRyaNJv%2FNsaHxjIpThMHhGaUTUkbB3mqKZRtVwm9vBcBa%2Fwa1E9nA1wC%2Fo%3D"}]}
content-type: image/gif
cf-ray: 62067efa8b974a67-FRA
content-length: 43
cf-request-id: 0837edb09900004a67b5a2d000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: nginx
Location: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=5965e9e58538953e51e46994
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame ADD0
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

1 KB
3 KB

175ms
43ms

Document
text/html

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a99fd1eccd07526f6b8a49d770da4cb0ef1637dc9628cf37dc8a68763ba6200d

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YCZ8Dh3K-cbFf3sG9Zns-AAA; CMPS=3202
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1522
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8Dh3K-cbFf3sG9Zns-AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMPRO=1160;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMST=YCZ8DmAmfA4A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 13 Feb 2021 13:01:02 GMT CMRUM3=8260267c0ea8c0&2d60267c0e05a0&6960267c0e05a0&e660267c0e27600&f160267c0e05a00&2760267c0e0b40&6d60267c0e05a0&4960267c0e05a00;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT

Redirect headers

Server: Apache
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8Dh3K-cbFf3sG9Zns-AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame B1C6
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

774 B
1 KB

653ms
134ms

Document
text/html

208.100.17.183
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e0453a9daa80fad6e35123a6066056146491529fc5cc55df1e3d2ab99c23192f

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uid=CmUMLGAmfA4xU6BSA7JbAg==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy: unsafe-url
set-cookie: pids=%5B%5D;Version=1;Domain=tynt.com;Path=/;Max-Age=7776000;Secure;SameSite=None
content-type: text/html
content-length: 774
date: Fri, 12 Feb 2021 13:01:02 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

server: nginx/1.16.1
date: Fri, 12 Feb 2021 13:01:02 GMT
content-type: text/html; charset=utf-8
content-length: 171
location: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
set-cookie: uid=CmUMLmAmfA6UJ3sfBo8cAg==; expires=Sat, 12-Feb-22 13:01:02 GMT; domain=tynt.com; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 8F6E 2 KB
818 B 1080ms
25ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 , Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 400
Bad Request sync.html Show response
s.adtelligent.com/ Frame 2EDE 63 B
334 B 292ms
104ms Document
text/plain 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=590678
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: b7c43fd75a6ed3a267427a714feebb9a1e4ba350dc540ffb2cddb472ac27bc25

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: VertaMedia 1.0
Date: Fri, 12 Feb 2021 13:00:59 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 63
Access-Control-Allow-Origin: https://sync.quantumdex.io
Access-Control-Allow-Credentials: true
Connection: Keep-Alive

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame F364 884 B
2 KB 217ms
100ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

872f40bfa0962a662cb3faee6075c99ca15d93a528f82271a5462423182f5f41

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
X-Xss-Protection: 0
Set-Cookie: __uqc=1; expires=Fri, 12 Feb 2021 15:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uis=9b485b85-8409-4db0-8480-608ea42756f7; expires=Sun, 14 Mar 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_bw=1; expires=Sat, 13 Feb 2021 01:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_td=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_pp=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_mm=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_zt=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_rx=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_eb=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None HAPLB5S=s579|YCZ8E; path=/; domain=.go.sonobi.com
Content-Encoding: gzip
Server: sonobi-go

GET
H2

200

setuid
sync.quantumdex.io/ Frame 54EB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454

43 B
325 B

138ms
137ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EmXKSFcv5uCEr12CgPMhThDwzS8VbMubkbiyVAPoqGxJrVG3HFMw5BfbnGD%2BJs3SIvr%2Btb5wJHSTavbN4QVqfK1JnoONfSMwr52yBLzkNhiu3V8Ui5NcQJilSgbkap4%3D"}]}
content-type: image/gif
cf-ray: 62067ef1df834a67-FRA
content-length: 43
cf-request-id: 0837edab2500004a67d53f7000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.77:80
AN-X-Request-Uuid: 829b58c9-4f1e-4831-9ad1-6ee33c7f3fd9
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 54EB
Redirect Chain

https://ms.quantumdex.io/user/sync/quantumdex
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=d7f9d3d7-4a1e-41b4-99fa-649493a7b845

43 B
467 B

131ms
130ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=d7f9d3d7-4a1e-41b4-99fa-649493a7b845
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UHmj91jcWnGyiHaw%2F2VqdfmHksdBumjeQgU%2BOmNV9huAFqAA6AhXqnLrnblP8L82Iocn0sAZbqywgKS1BKo4HknLM7rZqGZK4UHbhqGd7aSyX%2BA5XXwSwqSMOKdRNak%3D"}]}
content-type: image/gif
cf-ray: 62067ef2489b4a67-FRA
content-length: 43
cf-request-id: 0837edab6b00004a6782a60000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=90k0ybbisN8bfuHpNfDF6WDNFLw1Omf8MXouPybRAZZYR9XLw3soHxvRejpIctwp4xaevb2QpZzLeJhFn0PdH56rR%2Fuozm6P44fU8hpjvgQWzhO93D6nYaRuagEI"}]}
location: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=d7f9d3d7-4a1e-41b4-99fa-649493a7b845
cf-ray: 62067ef0ec904a67-FRA
content-length: 0
cf-request-id: 0837edaa9100004a678e19b000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame 54EB
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=d68446a6-9715-4802-b018-58c93d399131

43 B
329 B

125ms
125ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=d68446a6-9715-4802-b018-58c93d399131
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F8Ni%2BMvzuGBITYnrdkaJfETc0ZFVKXWWy1Ug4EzyXDw1u9iFcjTGKNsp%2B4pM1M7XycBC6WqnpKExc%2BGso4UP9yEFaAQzwX0TpF9Yws4QUlTFy2Z38N6JfrN8KTMFZM8%3D"}]}
content-type: image/gif
cf-ray: 62067ef3dc0d4a67-FRA
content-length: 43
cf-request-id: 0837edac6500004a67de0dd000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=d68446a6-9715-4802-b018-58c93d399131
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame 54EB
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=7d75ad6b7d9a245e1023fcdc

43 B
334 B

134ms
134ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=7d75ad6b7d9a245e1023fcdc
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JqIcrtD%2FPRyDjE8AtqRCfsY%2Ft91%2FR20fIbO7DcYmlYKH%2FYdf%2Fx3mBEg62Zmj7MzsRCPu%2FEj%2BFjG8kCzie6DWpnYGkDjxXGC56Udks3PLGzABxUdZKMIvddJNDT%2BZI3c%3D"}]}
content-type: image/gif
cf-ray: 62067efadc1d4a67-FRA
content-length: 43
cf-request-id: 0837edb0c600004a670201b000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: nginx
Location: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=7d75ad6b7d9a245e1023fcdc
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame A5BC
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

2 KB
3 KB

190ms
46ms

Document
text/html

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 700d72f404366a12c5a570e6316a422db7a57d9a28de7c08a6ca4dea09048a8c

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=3202; CMID=YCZ8DtXVfOeVW4P7CU-C7QAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1649
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C7QAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMPRO=1212;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMRUM3=2760267c0e0b40&c460267c0e05a0&c360267c0e05a00&6960267c0e05a0&f160267c0e05a00&e660267c0e27600&6f60267c0e05a0&2d60267c0e05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMST=YCZ8DmAmfA4A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 13 Feb 2021 13:01:02 GMT

Redirect headers

Server: Apache
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C7QAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame EB4A
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

774 B
1 KB

654ms
135ms

Document
text/html

208.100.17.183
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: 9e6497b20c5beda899818a3c4918df204f51cc3385064119575dfd333d4ef4dd

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uid=CmUMLGAmfA4xU6BSA7JbAg==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy: unsafe-url
set-cookie: pids=%5B%5D;Version=1;Domain=tynt.com;Path=/;Max-Age=7776000;Secure;SameSite=None
content-type: text/html
content-length: 774
date: Fri, 12 Feb 2021 13:01:02 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

server: nginx/1.16.1
date: Fri, 12 Feb 2021 13:01:02 GMT
content-type: text/html; charset=utf-8
content-length: 171
location: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
set-cookie: uid=CmUMKWAmfA5Nh3mmBAFKAg==; expires=Sat, 12-Feb-22 13:01:02 GMT; domain=tynt.com; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 9176 2 KB
818 B 1073ms
26ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 , Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 400
Bad Request sync.html Show response
s.adtelligent.com/ Frame 52C6 63 B
334 B 256ms
69ms Document
text/plain 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=590678
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: b7c43fd75a6ed3a267427a714feebb9a1e4ba350dc540ffb2cddb472ac27bc25

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: VertaMedia 1.0
Date: Fri, 12 Feb 2021 13:00:59 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 63
Access-Control-Allow-Origin: https://sync.quantumdex.io
Access-Control-Allow-Credentials: true
Connection: Keep-Alive

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame A5EC 884 B
2 KB 251ms
41ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

2d0be5d1c6d5d4d9fc851e85668d20694a0986c0c3248b4d9b653fe83978c643

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
X-Xss-Protection: 0
Set-Cookie: __uqc=1; expires=Fri, 12 Feb 2021 15:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uis=757ec5f2-f6f5-4216-9a25-8e75c8190384; expires=Sun, 14 Mar 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_bw=1; expires=Sat, 13 Feb 2021 01:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_td=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_pp=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_mm=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_zt=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_rx=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_eb=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None HAPLB5S=s579|YCZ8E; path=/; domain=.go.sonobi.com
Content-Encoding: gzip
Server: sonobi-go

GET
H2

200

setuid
sync.quantumdex.io/ Frame FA11
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5650510348165703004

43 B
466 B

140ms
140ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5650510348165703004
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RkOBOCXrhPmQekUPeTPMJj7Zz03Jwl5wk39MQNHLGpT4%2F%2FMSj05B0onL2BQdSXH6WXpqJU635SNNrBcCsmsFXjwH4R%2Bjy%2Bwu8Lmui0v3dHmRSUNN9FTqhYqM3lcP72o%3D"}]}
content-type: image/gif
cf-ray: 62067ef1cf6f4a67-FRA
content-length: 43
cf-request-id: 0837edab1f00004a67b807d000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.43:80
AN-X-Request-Uuid: c2f43806-5887-44b6-9daa-e57e85b2a65f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=5650510348165703004
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame FA11
Redirect Chain

https://ms.quantumdex.io/user/sync/quantumdex
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8ed95fc7-fb31-475e-8a02-e72cf7c55c1a

43 B
321 B

129ms
128ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8ed95fc7-fb31-475e-8a02-e72cf7c55c1a
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Gnmgl046N9R8goMZGS7Ax3gJuwLFCBWsc%2FzJl9tfLleh1t0yPwZPCwl7KKUVchJvx1sRivNa4qanrEJtykRVhdoigdW7Ul2YA26TpH8PWYnvLHtsASgtY5XiXI55LDE%3D"}]}
content-type: image/gif
cf-ray: 62067ef1bf404a67-FRA
content-length: 43
cf-request-id: 0837edab1200004a678a983000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pzCLOlJPDyTWTyudmja%2F0fhzy7pJtnxREGH7W6snT5Q%2BMCo2TpU3MIx%2FVJODs9DidpyJikiY4CPKOuAE4O%2FdBk7038zRgyXRjL7gDJmQ9vEld%2FLBcQ%2B8UGwqdshh"}]}
location: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=8ed95fc7-fb31-475e-8a02-e72cf7c55c1a
cf-ray: 62067ef0fcb44a67-FRA
content-length: 0
cf-request-id: 0837edaa9c00004a67b806d000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame FA11
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=939e87a8-25dc-46de-9de1-fdf00cad43cf

43 B
325 B

125ms
125ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=939e87a8-25dc-46de-9de1-fdf00cad43cf
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LQeUSW%2FY2dm4lA03twUcjxAKWBWW2BHCAiqGEasn2Jd1tV6bw5PgUB%2FO2zhwC8x8Ftd4S1iS3MgXAubgmwWTZ4%2F3rjPzbsUE8QB0TSXQRvJBYFjYHuOa71wPZfWsaqA%3D"}]}
content-type: image/gif
cf-ray: 62067ef41c9f4a67-FRA
content-length: 43
cf-request-id: 0837edac8e00004a679e973000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=939e87a8-25dc-46de-9de1-fdf00cad43cf
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame FA11
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=d00a5d0cc57622c82dee37ea

43 B
329 B

126ms
126ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=d00a5d0cc57622c82dee37ea
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BW9eQUaZ5TKEfBS%2B86mSdU6W7rD4GA42dXKVqbXHTtoNhMZ9p%2BKmE8gdYz%2Fal6OySs67jxpy3npeDjD1mKnHTu7YlVGklMbDEU8Syx%2BMTlymqg3c9WDYxCHVhYX63CI%3D"}]}
content-type: image/gif
cf-ray: 62067efb0c9e4a67-FRA
content-length: 43
cf-request-id: 0837edb0e900004a67db089000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: nginx
Location: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=d00a5d0cc57622c82dee37ea
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 2155
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

2 KB
3 KB

197ms
38ms

Document
text/html

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bc552057bbe110b8a25046794938e00a4ea9386bdaa5fe11ad672e9b6627d53a

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=3202; CMID=YCZ8DtXVfOeVW4P7CU-C7wAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1596
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C7wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMPRO=1175;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMRUM3=e660267c0e27600&f160267c0e05a00&0560267c0e05a0&da60267c0e27600&bf60267c0e05a0&2d60267c0e05a0&2760267c0e0b40&4960267c0e05a00;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMST=YCZ8DmAmfA4A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 13 Feb 2021 13:01:02 GMT

Redirect headers

Server: Apache
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C7wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame 7C00
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

774 B
1 KB

653ms
134ms

Document
text/html

208.100.17.183
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: 9e6497b20c5beda899818a3c4918df204f51cc3385064119575dfd333d4ef4dd

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uid=CmUMLGAmfA4xU6BSA7JbAg==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy: unsafe-url
set-cookie: pids=%5B%5D;Version=1;Domain=tynt.com;Path=/;Max-Age=7776000;Secure;SameSite=None
content-type: text/html
content-length: 774
date: Fri, 12 Feb 2021 13:01:02 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

server: nginx/1.16.1
date: Fri, 12 Feb 2021 13:01:02 GMT
content-type: text/html; charset=utf-8
content-length: 171
location: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
set-cookie: uid=CmUMKmAmfA6XKS+JCNqAAg==; expires=Sat, 12-Feb-22 13:01:02 GMT; domain=tynt.com; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame B3F0 2 KB
818 B 1063ms
27ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 , Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 400
Bad Request sync.html Show response
s.adtelligent.com/ Frame 888B 63 B
334 B 242ms
63ms Document
text/plain 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=590678
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: b7c43fd75a6ed3a267427a714feebb9a1e4ba350dc540ffb2cddb472ac27bc25

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: VertaMedia 1.0
Date: Fri, 12 Feb 2021 13:00:59 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 63
Access-Control-Allow-Origin: https://sync.quantumdex.io
Access-Control-Allow-Credentials: true
Connection: Keep-Alive

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame 0ECD 884 B
2 KB 285ms
42ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

ff6b0fbeb763a2b3b8d2f4e0c7817d1ec9f6b363317fe31d111c089c988d8ee8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
X-Xss-Protection: 0
Set-Cookie: __uqc=1; expires=Fri, 12 Feb 2021 15:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uis=d3df948e-7ab1-4316-ace0-0de9626949c2; expires=Sun, 14 Mar 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_bw=1; expires=Sat, 13 Feb 2021 01:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_td=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_pp=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_mm=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_zt=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_rx=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_eb=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None HAPLB5S=s579|YCZ8E; path=/; domain=.go.sonobi.com
Content-Encoding: gzip
Server: sonobi-go

GET
H2

200

setuid
sync.quantumdex.io/ Frame A971
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=a21b3c5aaafd6341608f751f

43 B
347 B

126ms
126ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=a21b3c5aaafd6341608f751f
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9DEGm73aseh36ICGf3lkoKslkTrvV%2FlW%2FmLXopRZ1Alv3SpUTo6rzF4v3nyOPs0eNJoAoxFTPboGDd9s4VZRCFuOB6WWNEzyc4BZKOb3LHoxwfH8usYT2Gali29ONTM%3D"}]}
content-type: image/gif
cf-ray: 62067efb4d154a67-FRA
content-length: 43
cf-request-id: 0837edb10b00004a678c37e000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: nginx
Location: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=a21b3c5aaafd6341608f751f
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A971
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2618267549818113117

43 B
326 B

126ms
126ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2618267549818113117
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ubrwUiEapwhVPjTFZrerqQXj8CLQhKOKn16%2BxQNcu7KCy6OHGSKnPO2nELOJaxTfjCQFhdfsulYYZ%2BFLmjUZARDer65EtsTsj%2F4EU3BgFh6YbDfOWFPfdoh2i0cWEMk%3D"}]}
content-type: image/gif
cf-ray: 62067ef1cf764a67-FRA
content-length: 43
cf-request-id: 0837edab2100004a67871e5000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.142:80
AN-X-Request-Uuid: e92f8b66-8573-48b2-b350-e6ecf17ac8c1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=2618267549818113117
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame A971
Redirect Chain

https://ms.quantumdex.io/user/sync/quantumdex
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=56f2a635-dddb-4822-97fa-2f8a73e2309e

43 B
333 B

130ms
130ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=56f2a635-dddb-4822-97fa-2f8a73e2309e
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GDssRuGZxZUq%2Fp23%2BE8bt9sa8AkLaiD14LPQK3KPbYjeS%2BZZs0B9cLozhQYes%2B6kONL9KBPJ6BiCxtbRRuQ5I1rE8oi%2Bye%2FZdaJLAkXlVTaZBjS7%2FvQXY%2FnEMvE8l9I%3D"}]}
content-type: image/gif
cf-ray: 62067ef1cf634a67-FRA
content-length: 43
cf-request-id: 0837edab1b00004a67953f3000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9d6n6QTKLkXUMn8iz4zQQ5Ye8h4DQqNnoLN30G7FGptUP4%2FKHf4O9ysSihcAag8yxEMzXkDh%2BqyVwsvzWgVfexamYQqfujMg1ezVxLb87MP9XrlX6oBHDXxvQ2iA"}]}
location: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=56f2a635-dddb-4822-97fa-2f8a73e2309e
cf-ray: 62067ef10ced4a67-FRA
content-length: 0
cf-request-id: 0837edaaa800004a67d53e5000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame A971
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=bde84318-7d47-40ff-ab32-8a69c549b66b

43 B
327 B

125ms
125ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=bde84318-7d47-40ff-ab32-8a69c549b66b
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5vo%2BJ6M02KSdWJxVTEk59AGBwMXvy7QtXmxSCqkjvB47L7h1qhYDXWoIQTVR9XolLj%2BCBeEmSxrlDGBBC7J7TIZPlJPULPb2DUjsOZnrYtgIkwUgmSBMnggB3NUwdD4%3D"}]}
content-type: image/gif
cf-ray: 62067ef45d474a67-FRA
content-length: 43
cf-request-id: 0837edacb700004a67ad2e8000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=bde84318-7d47-40ff-ab32-8a69c549b66b
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame C2C0
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

2 KB
3 KB

204ms
39ms

Document
text/html

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c710b7e18fc11559ace048aa6cab6354bf3a67d7a2ae9783ccb2500caa0281bf

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=3202; CMID=YCZ8DtXVfOeVW4P7CU-C8AAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1660
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C8AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMPRO=1135;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMST=YCZ8DmAmfA4A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 13 Feb 2021 13:01:02 GMT CMRUM3=2d60267c0e05a0&f160267c0e05a00&6960267c0e05a0&e660267c0e27600&4960267c0e05a00&2860267c0e05a00&2760267c0e0b40&2f60267c0e05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT

Redirect headers

Server: Apache
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C8AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame 4892
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

774 B
1 KB

653ms
135ms

Document
text/html

208.100.17.183
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: 9e6497b20c5beda899818a3c4918df204f51cc3385064119575dfd333d4ef4dd

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uid=CmUMLGAmfA4xU6BSA7JbAg==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy: unsafe-url
set-cookie: pids=%5B%5D;Version=1;Domain=tynt.com;Path=/;Max-Age=7776000;Secure;SameSite=None
content-type: text/html
content-length: 774
date: Fri, 12 Feb 2021 13:01:02 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

server: nginx/1.16.1
date: Fri, 12 Feb 2021 13:01:02 GMT
content-type: text/html; charset=utf-8
content-length: 171
location: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
set-cookie: uid=CmUMLGAmfA4xU6BSA7JbAg==; expires=Sat, 12-Feb-22 13:01:02 GMT; domain=tynt.com; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame B654 2 KB
818 B 1054ms
26ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 , Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 400
Bad Request sync.html Show response
s.adtelligent.com/ Frame EF20 63 B
334 B 258ms
85ms Document
text/plain 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=590678
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: b7c43fd75a6ed3a267427a714feebb9a1e4ba350dc540ffb2cddb472ac27bc25

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: VertaMedia 1.0
Date: Fri, 12 Feb 2021 13:00:59 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 63
Access-Control-Allow-Origin: https://sync.quantumdex.io
Access-Control-Allow-Credentials: true
Connection: Keep-Alive

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame EE90 884 B
2 KB 320ms
42ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

d3ab6d41bfb3a14ea7a742475a0d17cb060b619b110a44449f09841edeb4d10a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
X-Xss-Protection: 0
Set-Cookie: __uqc=1; expires=Fri, 12 Feb 2021 15:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uis=421c3e4a-ca80-466c-971e-4326081765ce; expires=Sun, 14 Mar 2021 13:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_bw=1; expires=Sat, 13 Feb 2021 01:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_td=1; expires=Sat, 27 Feb 2021 13:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_pp=1; expires=Thu, 25 Feb 2021 13:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_mm=1; expires=Sat, 27 Feb 2021 13:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_zt=1; expires=Thu, 25 Feb 2021 13:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_rx=1; expires=Sat, 27 Feb 2021 13:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_eb=1; expires=Thu, 25 Feb 2021 13:01:01 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None HAPLB5S=s57129|YCZ8E; path=/; domain=.go.sonobi.com
Content-Encoding: gzip
Server: sonobi-go

GET
H2

200

setuid
sync.quantumdex.io/ Frame EAC5
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454

43 B
326 B

126ms
126ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wQSP00dzgXjbawR3Vsuend0V9Q6WM0A15krsZEXTd4o%2BpaVL4uP5ZFsHfJF6%2FsvWLhnso%2BiPh9%2B3KFJjkwkhcQOrgqvx7YpBTLNrsuZljPktOmooAIvrEc4M6KFTvmU%3D"}]}
content-type: image/gif
cf-ray: 62067ef20ff74a67-FRA
content-length: 43
cf-request-id: 0837edab4400004a678c308000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 729.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.102:80
AN-X-Request-Uuid: dc452455-7b67-4b9c-a20e-2cf9b48cdf10
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=7054972929616349454
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame EAC5
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=641ea3ed65aa29021494cb84

43 B
471 B

124ms
124ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=641ea3ed65aa29021494cb84
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:02 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qCuB%2B3KDzBhiw%2BvNIvv25XvWkbl4eQ5Jef%2Fu6DRGI1zOqohrOdTzHS4JMT42mHDIhHRCQA%2FS5xepwxAZAwo%2BemiI8k%2BTY%2B3PqktPC0bBMaewO5zviL%2FhnCtJdXwyKPw%3D"}]}
content-type: image/gif
cf-ray: 62067efb7d8d4a67-FRA
content-length: 43
cf-request-id: 0837edb12e00004a6795081000000001

Redirect headers

Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: nginx
Location: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=641ea3ed65aa29021494cb84
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame EAC5
Redirect Chain

https://ms.quantumdex.io/user/sync/quantumdex
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=6eac075e-00da-414d-a0db-7239b30408a3

43 B
329 B

126ms
126ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=6eac075e-00da-414d-a0db-7239b30408a3
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=karzexmpG5KmJVGRmEFjZDzvs6KiQ3PG3OVE1o%2BAwHb%2BhSw%2F4muAaPuJFy32OnaqwY1EnO5dLzAMuT3pN4litHbOvNWkMld2NwN5SqQUf%2FY4ccOGVtBRHEZ%2Bho7xGMM%3D"}]}
content-type: image/gif
cf-ray: 62067ef1cf6c4a67-FRA
content-length: 43
cf-request-id: 0837edab1e00004a67d8029000000001

Redirect headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=llt0CPXmXrLxwkkj36SNjAE6OCVx%2BbODjSJopOHl%2BtFxowcxDqbMXIIa2wgbU1tZFSnNoz9Z0JjcdTwAoYLeHqUfwPXzSN%2FupoT7S%2FgEDVEauHPbtzq0zgAgI3US"}]}
location: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=6eac075e-00da-414d-a0db-7239b30408a3
cf-ray: 62067ef10d014a67-FRA
content-length: 0
cf-request-id: 0837edaaaa00004a67de0ac000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame EAC5
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=9be65746-f5a5-4efd-8195-3a8d6d60082a

43 B
327 B

127ms
126ms

Image
image/gif

2606:4700:20::ac43:47f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=9be65746-f5a5-4efd-8195-3a8d6d60082a
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/usersync/quantumdex
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Nbjk%2F6AALrekUFH23kW9vS%2F5BdSgu4vCS7wnoRPPAJr0Xg1xY36lgEHo2bAJDG9%2FCtaoFzFPm8kwvDo07NB6WmkhNfhHP2Lbz5C2LbO%2Bd6S4TaCbWkgqqfRZYj7reE4%3D"}]}
content-type: image/gif
cf-ray: 62067ef49dce4a67-FRA
content-length: 43
cf-request-id: 0837edace100004a67fea37000000001

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sync.quantumdex.io/setuid?bidder=sonobi&uid=9be65746-f5a5-4efd-8195-3a8d6d60082a
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 1E03
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1

2 KB
3 KB

211ms
41ms

Document
text/html

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: aa7514e92c489dcbaea040eecef29c9a247860ae9af25a695d3ff9e44e9d3777

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=3202; CMID=YCZ8DtXVfOeVW4P7CU-C8wAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1663
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C8wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMPRO=1168;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT CMRUM3=3960267c0e05a00&f160267c0e05a00&6f60267c0e05a0&e660267c0e27600&2d60267c0e05a0&0d60267c0e05a0&2760267c0e0b40&4060267c0e05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMST=YCZ8DmAmfA4A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 13 Feb 2021 13:01:02 GMT

Redirect headers

Server: Apache
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 12 Feb 2021 13:01:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Connection: keep-alive
Set-Cookie: CMID=YCZ8DtXVfOeVW4P7CU-C8wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 12 Feb 2022 13:01:02 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 13 May 2021 13:01:02 GMT

GET
H2

200

/ Show response
de.tynt.com/deb/ Frame 9964
Redirect Chain

https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X

774 B
1 KB

653ms
135ms

Document
text/html

208.100.17.183
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.183 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip183.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: 9e6497b20c5beda899818a3c4918df204f51cc3385064119575dfd333d4ef4dd

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uid=CmUMLGAmfA4xU6BSA7JbAg==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy: unsafe-url
set-cookie: pids=%5B%5D;Version=1;Domain=tynt.com;Path=/;Max-Age=7776000;Secure;SameSite=None
content-type: text/html
content-length: 774
date: Fri, 12 Feb 2021 13:01:02 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

server: nginx/1.16.1
date: Fri, 12 Feb 2021 13:01:02 GMT
content-type: text/html; charset=utf-8
content-length: 171
location: https://de.tynt.com/deb/?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
set-cookie: uid=CmUMLWAmfA5+9ZV0D+eAAg==; expires=Sat, 12-Feb-22 13:01:02 GMT; domain=tynt.com; path=/; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 80CA 2 KB
818 B 1048ms
27ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 , Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/usersync/quantumdex
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 400
Bad Request sync.html Show response
s.adtelligent.com/ Frame 8A72 63 B
334 B 242ms
66ms Document
text/plain 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=590678
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d , United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash: b7c43fd75a6ed3a267427a714feebb9a1e4ba350dc540ffb2cddb472ac27bc25

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Server: VertaMedia 1.0
Date: Fri, 12 Feb 2021 13:00:59 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 63
Access-Control-Allow-Origin: https://sync.quantumdex.io
Access-Control-Allow-Credentials: true
Connection: Keep-Alive

GET
H/1.1 200
OK Cookie set uc.html Show response
sync.go.sonobi.com/ Frame 27F4 884 B
2 KB 355ms
41ms Document
text/html 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

33794dae287f0a3169e1adbcff74d4e53e20b7d37364c007fd65082b7c1c0004

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/usersync/quantumdex
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://sync.quantumdex.io/usersync/quantumdex

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
X-Xss-Protection: 0
Set-Cookie: __uqc=1; expires=Fri, 12 Feb 2021 15:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uis=d368fb0b-d243-40a1-9428-b5edc0d3e6fc; expires=Sun, 14 Mar 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_bw=1; expires=Sat, 13 Feb 2021 01:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_td=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_pp=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_mm=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_zt=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_rx=1; expires=Sat, 27 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None __uir_eb=1; expires=Thu, 25 Feb 2021 13:01:00 GMT; domain=.go.sonobi.com; path=/; secure; SameSite=None HAPLB5S=s579|YCZ8E; path=/; domain=.go.sonobi.com
Content-Encoding: gzip
Server: sonobi-go

GET
H2

200

sync
x.bidswitch.net/ Frame F364
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=sonobi&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&user_id=hBxmDoVPZFyfGzdcg0p5CoIYMAifSWJb1EnT1LPH

43 B
145 B

24ms
24ms

Image
image/gif

35.157.13.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&user_id=hBxmDoVPZFyfGzdcg0p5CoIYMAifSWJb1EnT1LPH
Requested by: Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.13.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 13:01:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=sonobi&gdpr=1&user_id=hBxmDoVPZFyfGzdcg0p5CoIYMAifSWJb1EnT1LPH
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame F364
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

49 B
931 B

406ms
41ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame F364
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=9b485b85-8409-4db0-8480-608ea42756f7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=b3gyWGVCWDJkNmEzUnpiRDduM240QQ&gdpr=&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=b3gyWGVCWDJkNmEzUnpiRDduM240QQ&gdpr=&gdpr_consent=&google_tc=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEN0v7FLhBT_phzBKr4my59Q&google_cver=1

49 B
678 B

109ms
108ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEN0v7FLhBT_phzBKr4my59Q&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-75d6d6d469-cr7h4
expires: -1

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEN0v7FLhBT_phzBKr4my59Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame F364
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=fc636026-7c14-4300-932c-b3344ed82293

49 B
509 B

40ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=fc636026-7c14-4300-932c-b3344ed82293

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:40 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x25
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=fc636026-7c14-4300-932c-b3344ed82293
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:39 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame F364
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=2159827868505102373

49 B
509 B

3159ms
38ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=2159827868505102373

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=2159827868505102373
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame F364
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=346369624
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=346369624
https://sync.1rx.io/usersync/tradedesk/92ccbb93-6f15-40c8-b95c-57fbaf68a01c
https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-b4f347ce-2c83-477d-9f00-3c7...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

49 B
509 B

78ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: Tengine
ETag: RXb4f347ce2c83477d9f003c7833531332003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003
Connection: keep-alive
Content-Type: text/html

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame F364
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=OWI0ODViODUtODQwOS00ZGIwLTg0ODAtNjA4ZWE0Mjc1NmY3
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

49 B
921 B

395ms
41ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame A5EC
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dsonobi%26bsw_param%3...
https://x.bidswitch.net/sync?dsp_id=354&user_id=f962e4537bc94dfbb471dd23849f241e&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1&gdpr=&consent=&gdpr_pd=
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172

49 B
927 B

421ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172
date: Fri, 12 Feb 2021 13:01:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame A5EC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

49 B
931 B

447ms
41ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame A5EC
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=9d146026-7c14-4b00-8253-f1c601ddb95e

49 B
513 B

39ms
38ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=9d146026-7c14-4b00-8253-f1c601ddb95e

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:40 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=9d146026-7c14-4b00-8253-f1c601ddb95e
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:39 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame A5EC
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=875739024104754753

49 B
509 B

3160ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=875739024104754753

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=875739024104754753
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame A5EC
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1533396110
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3
https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-b4f347ce-2c83-477d-9f00-3c7...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

49 B
509 B

45ms
43ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: Tengine
ETag: RXb4f347ce2c83477d9f003c7833531332003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-b4f347ce-2c83-477d-9f00-3c7833531332-003
Connection: keep-alive
Content-Type: text/html

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame A5EC
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=757ec5f2-f6f5-4216-9a25-8e75c8190384&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=b3lMVG9ONWhVSUswN2c4LU9sdkpjZw&gdpr=&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=b3lMVG9ONWhVSUswN2c4LU9sdkpjZw&gdpr=&gdpr_consent=&google_tc=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEJNFkIZQ32jqfZFXiV599D4&google_cver=1

49 B
678 B

108ms
108ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEJNFkIZQ32jqfZFXiV599D4&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-75d6d6d469-cr7h4
expires: -1

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEJNFkIZQ32jqfZFXiV599D4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame A5EC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NzU3ZWM1ZjItZjZmNS00MjE2LTlhMjUtOGU3NWM4MTkwMzg0
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

49 B
921 B

435ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 0ECD
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=3a132c57-409f-468d-b774-93a71e27daf1
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=3a132c57-409f-468d-b774-93a71e27daf1
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=0f544f37-59a0-44f9-8d98-61a068667ec0&ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?dsp_id=250&expires=14&user_id=0f544f37-59a0-44f9-8d98-61a068667ec0&ssp=sonobi
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=a7ef6213-efa3-4d7f-9471-29f77726672f

49 B
509 B

39ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=a7ef6213-efa3-4d7f-9471-29f77726672f

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:09 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=a7ef6213-efa3-4d7f-9471-29f77726672f
date: Fri, 12 Feb 2021 13:01:09 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 0ECD
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

49 B
927 B

500ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 0ECD
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=201c6026-7c14-4e00-8e61-719d6cadf791

49 B
513 B

39ms
38ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=201c6026-7c14-4e00-8e61-719d6cadf791

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:40 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=201c6026-7c14-4e00-8e61-719d6cadf791
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:39 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 0ECD
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985138

49 B
509 B

3161ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985138

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985138
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

RX-671a20c3-5003-4d18-a418-30e573045b85-003
sync.targeting.unrulymedia.com/csync/ Frame 0ECD
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2399002715
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3
https://sync.targeting.unrulymedia.com/csync/RX-671a20c3-5003-4d18-a418-30e573045b85-003

43 B
452 B

164ms
41ms

Image
image/gif

213.19.147.151
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-671a20c3-5003-4d18-a418-30e573045b85-003
Requested by: Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.147.151 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: Tengine
Connection: keep-alive
Content-Length: 43
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Tengine
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.targeting.unrulymedia.com/csync/RX-671a20c3-5003-4d18-a418-30e573045b85-003
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 0ECD
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=d3df948e-7ab1-4316-ace0-0de9626949c2&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=ZGlyc1ZXVEVnc2lrSUZsUWsxUnhsQQ&gdpr=&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=ZGlyc1ZXVEVnc2lrSUZsUWsxUnhsQQ&gdpr=&gdpr_consent=&google_tc=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEDkx8uXGWOkLeZQBOULaDdw&google_cver=1
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=dMu4tUN6PEuC

49 B
509 B

127ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=dMu4tUN6PEuC

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=dMu4tUN6PEuC
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-75d6d6d469-cr7h4
expires: -1

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 0ECD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZDNkZjk0OGUtN2FiMS00MzE2LWFjZTAtMGRlOTYyNjk0OWMy
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

49 B
921 B

475ms
41ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame EE90
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1&google_hm=M2ExMzJjNTctNDA5Zi00NjhkLWI3NzQtOTNhNzFlMjdkYWYx
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEFHygewV56At597d21M_uPM&google_cver=1&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3a132c57-409f-468d-b774-93a71e27daf1

49 B
931 B

428ms
41ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3a132c57-409f-468d-b774-93a71e27daf1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=3a132c57-409f-468d-b774-93a71e27daf1
date: Fri, 12 Feb 2021 13:01:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame EE90
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

49 B
931 B

528ms
41ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame EE90
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e5776026-7c14-4a00-b905-7b30e25e56bf

49 B
513 B

39ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e5776026-7c14-4a00-b905-7b30e25e56bf

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:40 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e5776026-7c14-4a00-b905-7b30e25e56bf
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:39 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame EE90
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985149

49 B
513 B

3160ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985149

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985149
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame EE90
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5120410437
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3
https://sync.targeting.unrulymedia.com/csync/RX-d0307308-6fab-4e8d-97bb-254f290e86e7-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-d0307308-6fab-4e8d-97bb-254...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d0307308-6fab-4e8d-97bb-254f290e86e7-003

49 B
509 B

77ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d0307308-6fab-4e8d-97bb-254f290e86e7-003

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: Tengine
ETag: RXd03073086fab4e8d97bb254f290e86e7003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d0307308-6fab-4e8d-97bb-254f290e86e7-003
Connection: keep-alive
Content-Type: text/html

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame EE90
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=421c3e4a-ca80-466c-971e-4326081765ce&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=ZnA2WmJfQnF0U3hkQTNUZkZ1VGVXUQ&gdpr=&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=ZnA2WmJfQnF0U3hkQTNUZkZ1VGVXUQ&gdpr=&gdpr_consent=&google_tc=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEBZAMY_wzZ36GWWbRB5Tu7M&google_cver=1

49 B
678 B

108ms
108ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEBZAMY_wzZ36GWWbRB5Tu7M&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-75d6d6d469-cr7h4
expires: -1

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEBZAMY_wzZ36GWWbRB5Tu7M&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame EE90
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=NDIxYzNlNGEtY2E4MC00NjZjLTk3MWUtNDMyNjA4MTc2NWNl
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

49 B
925 B

473ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 49AF 52 KB
17 KB 24ms
23ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7054972929616349454
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 05 Feb 2021 21:11:46 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 12 Feb 2021 13:01:01 GMT
Age: 25861
X-Served-By: cache-lga21935-LGA, cache-fra19178-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 79504, 675879
X-Timer: S1613134861.346458,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 11FC 37 KB
14 KB 93ms
32ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.adtrue.com
URL: https://cdn.adtrue.com/pb/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://shrinke.me/HOTSTARNETFLIXPREMIUM

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=53488
Expires: Sat, 13 Feb 2021 03:52:29 GMT
Date: Fri, 12 Feb 2021 13:01:01 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 27F4
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1&google_hm=M2ExMzJjNTctNDA5Zi00NjhkLWI3NzQtOTNhNzFlMjdkYWYx
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEFHygewV56At597d21M_uPM&google_cver=1&ssp=sonobi&bsw_param=3a132c57-409f-468d-b774-93a71e27daf1
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172

49 B
931 B

463ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=78d89551-15af-4efa-9280-7599dab00172
date: Fri, 12 Feb 2021 13:01:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 27F4
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

49 B
931 B

568ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=ae423bb7-adc5-4e1a-9ccf-192a1093e7bd&pubid=4d443a3ea2
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 27F4
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=512d6026-7c14-4200-a275-5ef03689ee9c

49 B
509 B

39ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=512d6026-7c14-4200-a275-5ef03689ee9c

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 12 Feb 2021 13:01:40 GMT
Server: MT3 3518 2f03077 master cdg-pixel-x7
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=512d6026-7c14-4200-a275-5ef03689ee9c
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 12 Feb 2021 13:01:39 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 27F4
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985152

49 B
513 B

3193ms
39ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985152

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592459985152
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

RX-b4f347ce-2c83-477d-9f00-3c7833531332-003
sync.targeting.unrulymedia.com/csync/ Frame 27F4
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3796205379
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3
https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003

43 B
452 B

122ms
41ms

Image
image/gif

213.19.147.151
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003
Requested by: Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.147.151 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: Tengine
Connection: keep-alive
Content-Length: 43
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:03 GMT
Server: Tengine
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.targeting.unrulymedia.com/csync/RX-b4f347ce-2c83-477d-9f00-3c7833531332-003
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 27F4
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=d368fb0b-d243-40a1-9428-b5edc0d3e6fc&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=Uk5YTnhMSWttNjh0UlNtMGFTS28tQQ&gdpr=&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=Uk5YTnhMSWttNjh0UlNtMGFTS28tQQ&gdpr=&gdpr_consent=&google_tc=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESELuk0bPJLQjzEJ_Y2Tvc9aM&google_cver=1

49 B
678 B

109ms
109ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESELuk0bPJLQjzEJ_Y2Tvc9aM&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-75d6d6d469-cr7h4
expires: -1

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:02 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESELuk0bPJLQjzEJ_Y2Tvc9aM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 27F4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=ZDM2OGZiMGItZDI0My00MGExLTk0MjgtYjVlZGMwZDNlNmZj
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

49 B
925 B

555ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Feb 2021 13:01:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Feb 2021 13:01:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEC6Rp6aLN2qVmsG23MoG-Do&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 11FC 8 KB
9 KB 31ms
31ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=91415348&p=155495&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: f26603b001bd31622647e0d46073dc3036ecab57bbd74ff031389856e41ab4d0

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 12 Feb 2021 13:01:01 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 1A3F 43 B
284 B 108ms
36ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=91415348&p=155495&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Fri, 12 Feb 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1214
date: Fri, 12 Feb 2021 13:01:00 GMT
content-length: 43

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 7430
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4736027777663284777

42 B
973 B

38ms
37ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4736027777663284777
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=91415348&p=155495&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KRTBCOOKIE_409=22966-X8joceadQMh9pVrocnQmWTiN&KRTB&23212-X8joceadQMh9pVrocnQmWTiN; PugT=1613134862; PUBMDCID=3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Fri, 12 Feb 2021 13:01:05 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_336=5844-4736027777663284777; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 14-Mar-2021 13:01:05 GMT; path=/ PugT=1613134865; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 14-Mar-2021 13:01:05 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 13-May-2021 13:01:05 GMT; path=/
X-lat: Pug23041:0:240
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4736027777663284777
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame A540
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFIcnVFN0FUUGdBQUFfYVpOSkxYUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAHruE7ATPgAAA_aZNJLXQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAHruE7ATPgAAA_aZNJLXQ&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFZ407ATPgAABBU5bJB7g&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3896177572672310745
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3896177572672310745&_bee_ppp=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGI107ATPgAABDF5bJB7g

42 B
977 B

38ms
38ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGI107ATPgAABDF5bJB7g
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=91415348&p=155495&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Fri, 12 Feb 2021 13:01:09 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_699=22727-AAGI107ATPgAABDF5bJB7g; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 14-Mar-2021 13:01:09 GMT; path=/ PugT=1613134869; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 14-Mar-2021 13:01:09 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 13-May-2021 13:01:09 GMT; path=/
X-lat: Pug23036:0:349
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Date: Fri, 12 Feb 2021 13:01:10 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGI107ATPgAABDF5bJB7g
Server: nginx
set-cookie: bito=AAGI107ATPgAABDF5bJB7g; Domain=bidr.io; expires=Mon, 14 Mar 2022 08:01:10 GMT; Path=/; SameSite=None; Secure bitoIsSecure=ok; Domain=bidr.io; expires=Mon, 14 Mar 2022 08:01:10 GMT; Path=/; SameSite=None; Secure checkForPermission=""; Domain=bidr.io; expires=Thu, 01 May 2008 00:00:00 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 3F46
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6928361484928481431

0
0

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame CF78
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=X8joceadQMh9pVrocnQmWTiN

42 B
1015 B

1064ms
37ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=X8joceadQMh9pVrocnQmWTiN
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=91415348&p=155495&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Fri, 12 Feb 2021 13:01:02 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_409=22966-X8joceadQMh9pVrocnQmWTiN&KRTB&23212-X8joceadQMh9pVrocnQmWTiN; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 14-Mar-2021 13:01:02 GMT; path=/ PugT=1613134862; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 14-Mar-2021 13:01:02 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Thu, 13-May-2021 13:01:02 GMT; path=/
X-lat: Pug23034:0:231
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

server: openresty
date: Fri, 12 Feb 2021 13:01:03 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=X8joceadQMh9pVrocnQmWTiN; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=X8joceadQMh9pVrocnQmWTiN
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1

200
OK

Cookie set us.gif Show response
sync.go.sonobi.com/ Frame 9046
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6697467128
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6697467128
https://sync.1rx.io/usersync/tradedesk/609e8c94-f0a7-458b-b0eb-91df73f322f3
https://sync.targeting.unrulymedia.com/csync/RX-671a20c3-5003-4d18-a418-30e573045b85-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-671a20c3-5003-4d18-a418-30e...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-671a20c3-5003-4d18-a418-30e573045b85-003

49 B
509 B

42ms
42ms

Document
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-671a20c3-5003-4d18-a418-30e573045b85-003

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=91415348&p=155495&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS