mariopartylegacy.com Open in urlscan Pro
104.152.168.8 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mariopartylegacy.com/
Effective URL:
https://mariopartylegacy.com/
Submission: On September 13 via manual (September 13th 2022, 10:48:07 am UTC) from US — Scanned from CA

Summary HTTP 380 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 65 IPs in 8 countries across 64 domains to perform 380 HTTP transactions. The main IP is 104.152.168.8, located in Canada and belongs to CROCWEB, CA. The main domain is mariopartylegacy.com.
TLS certificate: Issued by R3 on September 8th 2022. Valid for: 3 months.

This is the only time mariopartylegacy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 49	104.152.168.8 104.152.168.8	63068 (CROCWEB) (CROCWEB)
1	108.178.23.114 108.178.23.114	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	2607:f8b0:400... 2607:f8b0:4006:81d::2008	15169 (GOOGLE) (GOOGLE)
19	2606:2800:220... 2606:2800:220:de:468:2285:c1:4a3	15133 (EDGECAST) (EDGECAST)
3	37.19.207.34 37.19.207.34	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2607:f8b0:400... 2607:f8b0:4006:81f::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:2f8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
31	2607:f8b0:400... 2607:f8b0:4006:817::2002	15169 (GOOGLE) (GOOGLE)
1	99.84.119.113 99.84.119.113	16509 (AMAZON-02) (AMAZON-02)
6 14	68.67.179.155 68.67.179.155	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:23c... 2600:9000:23cb:1800:0:1651:6140:21	16509 (AMAZON-02) (AMAZON-02)
2	34.95.69.49 34.95.69.49	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:808::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:821::2001	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	35.209.198.18 35.209.198.18	15169 (GOOGLE) (GOOGLE)
2	23.92.190.69 23.92.190.69	10913 (INTERNAP-BLK) (INTERNAP-BLK)
5	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
4	2602:803:c002... 2602:803:c002:200::116	26667 (RUBICONPR...) (RUBICONPROJECT)
4 11	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	74.119.119.129 74.119.119.129	19750 (AS-CRITEO) (AS-CRITEO)
8	44.197.96.251 44.197.96.251	14618 (AMAZON-AES) (AMAZON-AES)
1	195.244.31.11 195.244.31.11	63140 (IGUANA-WO...) (IGUANA-WORLDWIDE)
1 4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
15	2607:f8b0:400... 2607:f8b0:4006:80c::2001	15169 (GOOGLE) (GOOGLE)
2 3	18.214.193.123 18.214.193.123	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:2800:21f... 2606:2800:21f:5b71:3e29:d001:be46:4bcc	15133 (EDGECAST) (EDGECAST)
37	2a04:4e42:1c:... 2a04:4e42:1c::159	54113 (FASTLY) (FASTLY)
2	104.244.43.131 104.244.43.131	54113 (FASTLY) (FASTLY)
4	2607:f8b0:400... 2607:f8b0:4006:821::2004	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
2	54.236.153.70 54.236.153.70	14618 (AMAZON-AES) (AMAZON-AES)
2	52.213.197.181 52.213.197.181	16509 (AMAZON-02) (AMAZON-02)
1	23.105.12.144 23.105.12.144	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
3 3	69.166.1.12 69.166.1.12	27630 (AS-XFERNET) (AS-XFERNET)
4	104.77.220.25 104.77.220.25	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.117.182.27 104.117.182.27	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	96.17.64.29 96.17.64.29	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.41.168.189 23.41.168.189	16625 (AKAMAI-AS) (AKAMAI-AS)
4	68.67.181.211 68.67.181.211	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
2	23.205.72.10 23.205.72.10	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2606:4700:10:... 2606:4700:10::6816:37ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12 36	142.250.64.66 142.250.64.66	15169 (GOOGLE) (GOOGLE)
30	2607:f8b0:400... 2607:f8b0:4006:81e::2006	15169 (GOOGLE) (GOOGLE)
1 3	104.76.104.25 104.76.104.25	16625 (AKAMAI-AS) (AKAMAI-AS)
18	108.138.128.83 108.138.128.83	16509 (AMAZON-02) (AMAZON-02)
1 1	103.243.202.190 103.243.202.190	45974 (NHN-AS-KR...) (NHN-AS-KR NHN)
1 2	100.24.140.184 100.24.140.184	14618 (AMAZON-AES) (AMAZON-AES)
2	142.250.65.226 142.250.65.226	15169 (GOOGLE) (GOOGLE)
1	23.63.77.138 23.63.77.138	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
2 2	104.45.178.220 104.45.178.220	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 4	135.148.35.200 135.148.35.200	16276 (OVH) (OVH)
2 2	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	2600:9000:220... 2600:9000:2209:a400:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	54.175.87.114 54.175.87.114	14618 (AMAZON-AES) (AMAZON-AES)
2	2620:100:a001::4 2620:100:a001::4	19750 (AS-CRITEO) (AS-CRITEO)
2 2	103.229.206.241 103.229.206.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	207.198.113.93 207.198.113.93	13768 (COGECO-PEER1) (COGECO-PEER1)
5 6	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
1	159.203.145.121 159.203.145.121	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
8	108.139.29.124 108.139.29.124	16509 (AMAZON-02) (AMAZON-02)
2 4	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
1 2	104.77.9.133 104.77.9.133	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1901:0:8... 2600:1901:0:8344::	15169 (GOOGLE) (GOOGLE)
3	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
4 5	141.95.33.111 141.95.33.111	16276 (OVH) (OVH)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
4	173.222.103.36 173.222.103.36	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	35.190.90.30 35.190.90.30	15169 (GOOGLE) (GOOGLE)
2 2	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
1 1	52.85.61.49 52.85.61.49	16509 (AMAZON-02) (AMAZON-02)
1 1	104.77.221.10 104.77.221.10	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	37.157.6.241 37.157.6.241	198622 (ADFORM) (ADFORM)
2 2	3.217.95.75 3.217.95.75	14618 (AMAZON-AES) (AMAZON-AES)
2 2	2600:1f18:1c9... 2600:1f18:1c96:4102:b9ab:f4:b89e:5480	14618 (AMAZON-AES) (AMAZON-AES)
1 1	3.225.218.147 3.225.218.147	14618 (AMAZON-AES) (AMAZON-AES)
1 2	51.222.39.185 51.222.39.185	16276 (OVH) (OVH)
2 2	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
380	65

49 104.152.168.8 (Canada) 1 redirects

ASN63068 (CROCWEB, CA)
PTR: server08.hostwhitelabel.com

mariopartylegacy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.178.23.114 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

free.xjs.lol	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::2008 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:2800:220:de:468:2285:c1:4a3 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.19.207.34 (Ashburn, United States)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-37-19-207-34.datapacket.com

hb.vntsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81f::200e (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:2f8e (United States)

ASN13335 (CLOUDFLARENET, US)

hb.vntsm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2607:f8b0:4006:817::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.119.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-119-113.ewr52.r.cloudfront.net

ats.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 68.67.179.155 (Secaucus, United States) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:23cb:1800:0:1651:6140:21 (United States)

ASN16509 (AMAZON-02, US)

d1oykxszdrgjgl.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:808::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:821::2001 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.209.198.18 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 18.198.209.35.bc.googleusercontent.com

pbs.venatusmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.92.190.69 (Katy, United States)

ASN10913 (INTERNAP-BLK, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c002:200::116 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.18.19.126 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.119.119.129 (United States)

ASN19750 (AS-CRITEO, US)
PTR: bidder.va1.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 44.197.96.251 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-96-251.compute-1.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
na-ice.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.244.31.11 (Newark, United States)

ASN63140 (IGUANA-WORLDWIDE, US)

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

venatusmedia-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2607:f8b0:4006:80c::2001 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.214.193.123 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-193-123.compute-1.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:21f:5b71:3e29:d001:be46:4bcc (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a04:4e42:1c::159 (United States)

ASN54113 (FASTLY, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.43.131 (United States)

ASN54113 (FASTLY, US)

abs-0.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:821::2004 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:80d::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.236.153.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-153-70.compute-1.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.213.197.181 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-197-181.eu-west-1.compute.amazonaws.com

track.venatusmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.105.12.144 (Los Angeles, United States)

ASN30633 (LEASEWEB-USA-WDC, US)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.166.1.12 (United States) 3 redirects

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.77.220.25 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-77-220-25.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.117.182.27 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-117-182-27.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 96.17.64.29 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a96-17-64-29.deploy.static.akamaitechnologies.com

warp.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.41.168.189 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-189.deploy.static.akamaitechnologies.com

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.181.211 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

nym1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80b::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.72.10 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-72-10.deploy.static.akamaitechnologies.com

hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:37ce (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 142.250.64.66 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2607:f8b0:4006:81e::2006 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.76.104.25 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-104-25.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 108.138.128.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-83.jfk50.r.cloudfront.net

am.contobox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
shoppable-api.contobox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.243.202.190 (Korea, Republic Of) 1 redirects

ASN45974 (NHN-AS-KR NHN, KR)

cm-exchange.toast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 100.24.140.184 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-140-184.compute-1.amazonaws.com

scotiabank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.65.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.63.77.138 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-63-77-138.deploy.static.akamaitechnologies.com

res-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.45.178.220 (Tappahannock, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 135.148.35.200 (United States) 4 redirects

ASN16276 (OVH, FR)
PTR: ns1015777.ip-135-148-35.us

c.us1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.151.100 (United States) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2209:a400:1b:5138:8a40:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.175.87.114 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-87-114.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.229.206.241 (Singapore) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.198.113.93 (Herndon, United States) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.211.178.172 (North Charleston, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.203.145.121 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 108.139.29.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-124.jfk50.r.cloudfront.net

cbmedia2.contobox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:100:a001::c (United States) 2 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.77.9.133 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-77-9-133.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8344:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 141.95.33.111 (Germany) 4 redirects

ASN16276 (OVH, FR)
PTR: ns3203177.ip-141-95-33.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 173.222.103.36 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a173-222-103-36.deploy.static.akamaitechnologies.com

images.homedepot.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.90.30 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.49 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-49.ewr53.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.77.221.10 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-77-221-10.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.241 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.217.95.75 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-95-75.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:1c96:4102:b9ab:f4:b89e:5480 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.225.218.147 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-147.compute-1.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.222.39.185 (Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ip185.ip-51-222-39.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.140 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 226 googleads.g.doubleclick.net — Cisco Umbrella Rank: 73 cm.g.doubleclick.net — Cisco Umbrella Rank: 303 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 373	274 KB
49	mariopartylegacy.com 1 redirects mariopartylegacy.com	3 MB
43	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 129 c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 174	234 KB
40	twimg.com abs.twimg.com — Cisco Umbrella Rank: 1936 pbs.twimg.com — Cisco Umbrella Rank: 675 abs-0.twimg.com — Cisco Umbrella Rank: 2525	447 KB
30	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 350	139 KB
26	contobox.com am.contobox.com — Cisco Umbrella Rank: 37704 cbmedia2.contobox.com — Cisco Umbrella Rank: 45150 shoppable-api.contobox.com — Cisco Umbrella Rank: 86473	487 KB
24	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1004 syndication.twitter.com — Cisco Umbrella Rank: 1252	811 KB
20	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 329 cdn.adnxs.com — Cisco Umbrella Rank: 1968 nym1-ib.adnxs.com — Cisco Umbrella Rank: 2212 acdn.adnxs.com — Cisco Umbrella Rank: 876	88 KB
13	media.net 1 redirects contextual.media.net — Cisco Umbrella Rank: 819 warp.media.net — Cisco Umbrella Rank: 3434 lg3.media.net — Cisco Umbrella Rank: 5204 hblg.media.net — Cisco Umbrella Rank: 2614 cs.media.net — Cisco Umbrella Rank: 2305	210 KB
12	venatusmedia.com pbs.venatusmedia.com — Cisco Umbrella Rank: 35090 track.venatusmedia.com — Cisco Umbrella Rank: 25563	6 KB
11	casalemedia.com 4 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 755 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 904	8 KB
10	criteo.com 2 redirects bidder.criteo.com — Cisco Umbrella Rank: 834 gum.criteo.com — Cisco Umbrella Rank: 458 mug.criteo.com — Cisco Umbrella Rank: 1814	9 KB
8	360yield.com ad.360yield.com — Cisco Umbrella Rank: 848 match.360yield.com — Cisco Umbrella Rank: 5953 na-ice.360yield.com — Cisco Umbrella Rank: 5606	5 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 142 www.google.com — Cisco Umbrella Rank: 19 Failed	1 KB
6	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 420	3 KB
6	rubiconproject.com 2 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 694 pixel.rubiconproject.com — Cisco Umbrella Rank: 494	5 KB
5	id5-sync.com 4 redirects id5-sync.com — Cisco Umbrella Rank: 636	7 KB
5	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1508	26 KB
4	homedepot.ca images.homedepot.ca — Cisco Umbrella Rank: 90134	29 KB
4	yahoo.com 4 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 419	1 KB
4	dyntrk.com 4 redirects c.us1.dyntrk.com — Cisco Umbrella Rank: 3029	3 KB
4	openx.net 1 redirects venatusmedia-d.openx.net — Cisco Umbrella Rank: 32682 us-u.openx.net — Cisco Umbrella Rank: 708	1 KB
3	mookie1.com 3 redirects odr.mookie1.com — Cisco Umbrella Rank: 1463	804 B
3	mathtag.com 3 redirects sync.mathtag.com — Cisco Umbrella Rank: 743 pixel.mathtag.com — Cisco Umbrella Rank: 1583	2 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 234	132 KB
3	sonobi.com 3 redirects sync.go.sonobi.com — Cisco Umbrella Rank: 1632	2 KB
3	emxdgt.com 2 redirects cs.emxdgt.com — Cisco Umbrella Rank: 1371	1 KB
3	google.ca adservice.google.ca — Cisco Umbrella Rank: 13273	1 KB
3	vntsm.com hb.vntsm.com — Cisco Umbrella Rank: 19860	313 KB
2	contextweb.com 2 redirects bh.contextweb.com — Cisco Umbrella Rank: 838	1 KB
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 1117	489 B
2	tidaltv.com 2 redirects sync.tidaltv.com — Cisco Umbrella Rank: 2044	776 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1307	1 KB
2	adform.net 2 redirects track.adform.net — Cisco Umbrella Rank: 3442	1 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 757	628 B
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1510	636 B
2	sitescout.com 2 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 951	977 B
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 782	57 KB
2	smaato.net 2 redirects s.ad.smaato.net — Cisco Umbrella Rank: 991	1 KB
2	inmobi.com 2 redirects mweb.ck.inmobi.com — Cisco Umbrella Rank: 6301	889 B
2	demdex.net 1 redirects scotiabank.demdex.net — Cisco Umbrella Rank: 55710	2 KB
2	connectad.io cdn.connectad.io — Cisco Umbrella Rank: 5297
2	akamaihd.net qsearch-a.akamaihd.net — Cisco Umbrella Rank: 2879 res-a.akamaihd.net — Cisco Umbrella Rank: 8749	25 KB
2	gumgum.com rtb.gumgum.com — Cisco Umbrella Rank: 1623	199 B
2	lijit.com ap.lijit.com — Cisco Umbrella Rank: 872	1 KB
2	4dex.io script.4dex.io — Cisco Umbrella Rank: 2417	24 KB
2	clean.gg i.clean.gg — Cisco Umbrella Rank: 2172	15 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
1	adingo.jp 1 redirects cc.adingo.jp — Cisco Umbrella Rank: 4008	418 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 775	669 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 486	547 B
1	33across.com lexicon.33across.com — Cisco Umbrella Rank: 13516	299 B
1	chocolateplatform.com cs.chocolateplatform.com — Cisco Umbrella Rank: 3857	59 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 4047	173 B
1	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 894	697 B
1	toast.com 1 redirects cm-exchange.toast.com — Cisco Umbrella Rank: 8510	416 B
1	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1864	2 KB
1	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 4860	638 B
1	cloudfront.net d1oykxszdrgjgl.cloudfront.net	42 KB
1	rlcdn.com ats.rlcdn.com — Cisco Umbrella Rank: 2028 api.rlcdn.com Failed	110 KB
1	vntsm.io hb.vntsm.io — Cisco Umbrella Rank: 26821	681 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	42 KB
1	xjs.lol free.xjs.lol — Cisco Umbrella Rank: 321726	2 KB
0	netmng.com Failed google2waycm.netmng.com Failed
380	64

	Domain	Requested by
49	mariopartylegacy.com	1 redirects mariopartylegacy.com
37	pbs.twimg.com	syndication.twitter.com
36	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
30	s0.2mdn.net	mariopartylegacy.com s0.2mdn.net
24	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com mariopartylegacy.com
19	platform.twitter.com	mariopartylegacy.com platform.twitter.com syndication.twitter.com
16	am.contobox.com	mariopartylegacy.com c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
15	tpc.googlesyndication.com	d1oykxszdrgjgl.cloudfront.net c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com mariopartylegacy.com
14	ib.adnxs.com	6 redirects hb.vntsm.com googleads.g.doubleclick.net acdn.adnxs.com
10	pbs.venatusmedia.com	hb.vntsm.com mariopartylegacy.com
8	cbmedia2.contobox.com	c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
7	securepubads.g.doubleclick.net	hb.vntsm.com securepubads.g.doubleclick.net
6	x.bidswitch.net	5 redirects
6	googleads.g.doubleclick.net	c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com mariopartylegacy.com
5	id5-sync.com	4 redirects hb.vntsm.com
5	ad.360yield.com	hb.vntsm.com
5	prebid.a-mo.net	hb.vntsm.com
5	syndication.twitter.com	platform.twitter.com syndication.twitter.com
4	images.homedepot.ca
4	gum.criteo.com	2 redirects d1oykxszdrgjgl.cloudfront.net
4	ups.analytics.yahoo.com	4 redirects
4	c.us1.dyntrk.com	4 redirects
4	nym1-ib.adnxs.com	d1oykxszdrgjgl.cloudfront.net cdn.adnxs.com
4	contextual.media.net	d1oykxszdrgjgl.cloudfront.net mariopartylegacy.com
4	www.google.com	d1oykxszdrgjgl.cloudfront.net c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
4	fastlane.rubiconproject.com	hb.vntsm.com
4	c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com	d1oykxszdrgjgl.cloudfront.net
3	odr.mookie1.com	3 redirects
3	mug.criteo.com
3	cs.media.net	1 redirects contextual.media.net
3	lg3.media.net	mariopartylegacy.com
3	www.googletagservices.com	c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
3	sync.go.sonobi.com	3 redirects
3	cs.emxdgt.com	2 redirects hb.vntsm.com
3	bidder.criteo.com	hb.vntsm.com
3	htlb.casalemedia.com	hb.vntsm.com
3	adservice.google.com	d1oykxszdrgjgl.cloudfront.net
3	adservice.google.ca	d1oykxszdrgjgl.cloudfront.net
3	hb.vntsm.com	mariopartylegacy.com hb.vntsm.com
2	bh.contextweb.com	2 redirects
2	onetag-sys.com	1 redirects c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
2	sync.tidaltv.com	2 redirects
2	pm.w55c.net	2 redirects
2	track.adform.net	2 redirects
2	na-ice.360yield.com
2	pixel.tapad.com	2 redirects
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	us-u.openx.net	1 redirects googleads.g.doubleclick.net
2	shoppable-api.contobox.com	mariopartylegacy.com
2	pixel-sync.sitescout.com	2 redirects
2	sync.mathtag.com	2 redirects
2	static.criteo.net	mariopartylegacy.com hb.vntsm.com
2	s.ad.smaato.net	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	mweb.ck.inmobi.com	2 redirects
2	googleads4.g.doubleclick.net	mariopartylegacy.com
2	scotiabank.demdex.net	1 redirects c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
2	cdn.connectad.io
2	hblg.media.net	mariopartylegacy.com
2	track.venatusmedia.com	hb.vntsm.com
2	rtb.gumgum.com	mariopartylegacy.com
2	abs-0.twimg.com	syndication.twitter.com
2	venatusmedia-d.openx.net	hb.vntsm.com
2	ap.lijit.com	hb.vntsm.com
2	script.4dex.io	hb.vntsm.com script.4dex.io
2	i.clean.gg	d1oykxszdrgjgl.cloudfront.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	cc.adingo.jp	1 redirects
1	pixel.mathtag.com	1 redirects
1	match.360yield.com
1	aa.agkn.com	1 redirects
1	match.adsrvr.org	hb.vntsm.com
1	lexicon.33across.com	hb.vntsm.com
1	cs.chocolateplatform.com	c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
1	tr.blismedia.com	c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
1	px.ads.linkedin.com	1 redirects
1	res-a.akamaihd.net	mariopartylegacy.com
1	cm-exchange.toast.com	1 redirects
1	acdn.adnxs.com	mariopartylegacy.com
1	cdn.adnxs.com	d1oykxszdrgjgl.cloudfront.net
1	warp.media.net	d1oykxszdrgjgl.cloudfront.net
1	qsearch-a.akamaihd.net	d1oykxszdrgjgl.cloudfront.net
1	prg.smartadserver.com	hb.vntsm.com
1	abs.twimg.com	platform.twitter.com
1	hb-api.omnitagjs.com	hb.vntsm.com
1	d1oykxszdrgjgl.cloudfront.net	hb.vntsm.com
1	ats.rlcdn.com	hb.vntsm.com
1	hb.vntsm.io	hb.vntsm.com
1	www.googletagmanager.com	mariopartylegacy.com
1	free.xjs.lol	mariopartylegacy.com
0	api.rlcdn.com Failed	hb.vntsm.com
0	google2waycm.netmng.com Failed	c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
380	93

This site contains links to these domains. Also see Links.

Domain
discord.gg
www.youtube.com
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
mariopartylegacy.com R3	`2022-09-08` - `2022-12-07`	3 months	crt.sh
free.xjs.lol R3	`2022-07-28` - `2022-10-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.vntsm.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-14` - `2023-04-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-09-06` - `2023-09-06`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
i.clean.gg GTS CA 1D4	`2022-08-07` - `2022-11-05`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.venatusmedia.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-14` - `2023-04-12`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.a-mo.net R3	`2022-09-05` - `2022-12-04`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-27` - `2022-11-22`	3 months	crt.sh
*.360yield.com Amazon	`2022-08-16` - `2023-09-14`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2022-05-18` - `2023-06-19`	a year	crt.sh
*.gumgum.com Amazon	`2021-10-15` - `2022-11-12`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-12-10` - `2022-12-09`	a year	crt.sh
connectad.io Cloudflare Inc ECC CA-3	`2022-04-15` - `2023-04-15`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.contobox.com Go Daddy Secure Certificate Authority - G2	`2021-11-14` - `2022-12-16`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-08-18` - `2022-11-16`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-01` - `2022-11-30`	3 months	crt.sh
cs.chocolateplatform.com ZeroSSL RSA Domain Secure Site CA	`2022-06-28` - `2022-09-26`	3 months	crt.sh
lexicon.33across.com GTS CA 1D4	`2022-08-27` - `2022-11-25`	3 months	crt.sh
*.id5-sync.com R3	`2022-08-18` - `2022-11-16`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
images.homedepot.ca Entrust Certification Authority - L1K	`2022-07-11` - `2023-08-10`	a year	crt.sh

This page contains 33 frames:

Primary Page: https://mariopartylegacy.com/
Frame ID: 646E2D30D5C7B28BEC5C31DDBD6EFE62
Requests: 79 HTTP requests in this frame

Frame: https://hb.vntsm.com/v3/live/ad-manager.min.js
Frame ID: 44568BFFDC1A6089F321164DE9F9D246
Requests: 60 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fmariopartylegacy.com
Frame ID: AC6266D80F540EA4E2D987AD6AEC6558
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.c4bdc17e77719578b594d5555bee90db.en.html
Frame ID: F1B0100CD74D70B98C3070A20551AD02
Requests: 2 HTTP requests in this frame

Frame: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Frame ID: 7839FF84D483571F419A7FBF96F0D612
Requests: 56 HTTP requests in this frame

Frame: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 31CA676A46081A99C4A62CB60A13EACF
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/umcheck?apnxid=4776604448345215037&redirect=https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$EMXUID&b64_redirect=aHR0cHM6Ly9wYnMudmVuYXR1c21lZGlhLmNvbS9zZXR1aWQ/YmlkZGVyPWVteF9kaWdpdGFsJmdkcHI9JmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0mZj1iJnVpZD0kRU1YVUlE
Frame ID: 5E60347886610E8090BC0F35EF70AE5D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A23A340AD8BAF7536B975F49051805FE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EBEF6D436B183CC537796BDAF2CBB4D4
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dgumgum%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26uid%3D
Frame ID: 0B8B5E9233D4940B5B0AA4FECC3CEBE2
Requests: 1 HTTP requests in this frame

Frame: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C4FC545E9A9DF7FEBA2C19023E9C8130
Requests: 14 HTTP requests in this frame

Frame: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 39E4D032836F5BD65E8692872C45B3F2
Requests: 12 HTTP requests in this frame

Frame: https://contextual.media.net/nmedianet.js?cid=8CU566D6F
Frame ID: 1DBFEAB897DFAC704BF0770EBF9B8F51
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNjmXhD_hV8Y9tW3wAEwAQ&v=APEucNUaYTwEdoFbtjJkPqwcN7NqNWPimWXCeg9jGayuQVAOUZvWcEagciZ2w6ktSJ_Y0g1YwFgv-U2gk_ONHlaghLIhepKJvg
Frame ID: 9E2684A35F0503568DF953D757513951
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhiYqsrPATAB&v=APEucNXvZG-cPjw1emNmYQO5E5hRRAuz8CJf3ggs4PvmMptpVtXtQ0AEI8Mejd8F9K8gRdo_RikbnF6V4lJdS-36vSJRnDFdcg
Frame ID: 6AFA10BF8BC56FDD5A477A024864B710
Requests: 5 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=10&cv=31&https=1&cid=8CUH868Z4&prvid=99%2C77%2C4%2C359%2C10000%2C9&itype=APPNEXUS_EXPERIMENT&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Frame ID: 959025F5389C9A00CB00AD39205D5B1D
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=10&cv=31&https=1&cid=8CUH868Z4&prvid=99%2C77%2C4%2C359%2C10000%2C9&itype=APPNEXUS_EXPERIMENT&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Frame ID: C7AF0EF8E691133C8ADE5EC84C774D1A
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=806&pub_id=987524
Frame ID: CF02A1479D2E14B5039A0DCA1DB49BE5
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 29D7153D7BDAB5100EAD2C55ED22F09E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 43ECAD04D2C5B51EBC84B1D6AE348374
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A892E90D1AF361ECF34967A4F1B70769
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
Frame ID: C78A6D0ACF862B83E49E5266978DC5DF
Requests: 29 HTTP requests in this frame

Frame: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 729D8BA89CBC01A0C030BC443DBC657E
Requests: 12 HTTP requests in this frame

Frame: data://truncated
Frame ID: C5A65A1C7A846EA26B7D4C8D5EB830BB
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1DF4A1C6EC537C416EA2A124E21F12D8
Requests: 3 HTTP requests in this frame

Frame: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/300x250_bg.jpg?ac=1661507723
Frame ID: 340B2B959370CD598AEA1CBDCE2F7D4A
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhjJtsrPATAB&v=APEucNX3peEtm_juRh0adjVxtQ1b0sCxQFluOUHaFZc9veado5gAKsKu1dywm2u68NMt__dYES6DjnaJjPrQKGYVUSnX82gilg
Frame ID: 41A2182CE3FE0E4C342E12DAF3F963AD
Requests: 5 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=mariopartylegacy.com
Frame ID: 358F1672205E63AE6CB7D22B48DADBAC
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dgumgum%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26uid%3D
Frame ID: 213AA1DC67EA2825D33266EC5F825DB1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2E62C5D0156B8E1921B9A42214195881
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CAD310C3FC7C78C58D52658B287EC485
Requests: 3 HTTP requests in this frame

Frame: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/728x90_bg.jpg?ac=1661507723
Frame ID: 2260BFBE42E1737C22AA5B6AB4CB51D6
Requests: 14 HTTP requests in this frame

Frame: https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=4776604448345215037brt56751663066076982594b2
Frame ID: D43C020DC274CABA5E0A43529CF070C3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mario Party Legacy - The ultimate Mario Party resource

Page URL History Show full URLs

http://mariopartylegacy.com/ HTTP 301
https://mariopartylegacy.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

380
Requests

86 %
HTTPS

30 %
IPv6

64
Domains

93
Subdomains

65
IPs

8
Countries

6348 kB
Transfer

11858 kB
Size

96
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://discord.gg/BQMuUpM
Title: Discord

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/mariopartylegacy
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCKc0OJoJ3cyJgTAMpSkG2FA
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.facebook.com/MarioPartyLegacy/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/MPLNetwork
Title: Twitter

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mariopartylegacy.com/ HTTP 301
https://mariopartylegacy.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://cs.emxdgt.com/um?ssp=pbs&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26uid%3D%24EMXUID&b64_redirect=aHR0cHM6Ly9wYnMudmVuYXR1c21lZGlhLmNvbS9zZXR1aWQ/YmlkZGVyPWVteF9kaWdpdGFsJmdkcHI9JmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0mZj1iJnVpZD0kRU1YVUlE HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcs.emxdgt.com%2Fumcheck%3Fapnxid%3D%24UID%26redirect%3Dhttps%253A%252F%252Fpbs.venatusmedia.com%252Fsetuid%253Fbidder%253Demx_digital%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526f%253Db%2526uid%253D%2524EMXUID%26b64_redirect%3DaHR0cHM6Ly9wYnMudmVuYXR1c21lZGlhLmNvbS9zZXR1aWQ%2FYmlkZGVyPWVteF9kaWdpdGFsJmdkcHI9JmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0mZj1iJnVpZD0kRU1YVUlE HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=4776604448345215037&redirect=https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$EMXUID&b64_redirect=aHR0cHM6Ly9wYnMudmVuYXR1c21lZGlhLmNvbS9zZXR1aWQ/YmlkZGVyPWVteF9kaWdpdGFsJmdkcHI9JmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0mZj1iJnVpZD0kRU1YVUlE

Request Chain 181

https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%5BUID%5D HTTP 302
https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9

Request Chain 214

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

Request Chain 215

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YyBf384x9Z912gErIW1toQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

Request Chain 216

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1

Request Chain 217

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D

Request Chain 218

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

Request Chain 219

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YyBf384x9Z912gErIW1toQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

Request Chain 220

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1

Request Chain 221

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D

Request Chain 229

https://cm.g.doubleclick.net/pixel?cs=10&google_nid=media&google_cm=1&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1

Request Chain 232

https://cm.g.doubleclick.net/pixel?cs=10&google_nid=media&google_cm=1&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1

Request Chain 238

https://cm-exchange.toast.com/bi/pixel?cm_mid=1908143852&toast_push&rest=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dnhnace%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%24%7BUID%7D HTTP 301
https://pbs.venatusmedia.com/setuid?bidder=nhnace&gdpr=0&uid=Z5HIQ4PPZOEF48090662PDOKY

Request Chain 239

https://scotiabank.demdex.net/event?d_event=imp&d_src=203093&d_creative=176722618&d_campaign=27093947&d_placement=327003517&d_site=3375178&d_aid=6105106&d_bust=3108764557 HTTP 302
https://scotiabank.demdex.net/firstevent?d_event=imp&d_src=203093&d_creative=176722618&d_campaign=27093947&d_placement=327003517&d_site=3375178&d_aid=6105106&d_bust=3108764557

Request Chain 247

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEFcOtiR8KC94Kb3RL6VnPs8&google_cver=1&google_push=AehlK4DqRkgrN4dl5bG0GmJO1F53crAOp1W3j0cvXtpDPCSoVmgPtFxBjLdks04E_zrmewmmdao5xUvR5riwuw1BPgDLCfAMrJaA2A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AehlK4DqRkgrN4dl5bG0GmJO1F53crAOp1W3j0cvXtpDPCSoVmgPtFxBjLdks04E_zrmewmmdao5xUvR5riwuw1BPgDLCfAMrJaA2A

Request Chain 249

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEPNW4ZHkTglCFI9a2ZH2SGs&google_cver=1&google_push=AehlK4AYeeNK7-v1ahSd2qJ2qZjkC59L53h1yn10wARDAsgLrAziAsq8okhCklCbs-Vj_3zyMYA0AZAoqvoMQo2qwIpTXw8IvClGow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEPNW4ZHkTglCFI9a2ZH2SGs&google_cver=1&google_push=AehlK4AYeeNK7-v1ahSd2qJ2qZjkC59L53h1yn10wARDAsgLrAziAsq8okhCklCbs-Vj_3zyMYA0AZAoqvoMQo2qwIpTXw8IvClGow

Request Chain 250

https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEGF9Hbc9AkO2p86J-haQ_y0&google_cver=1&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeWkCbkV7wAcUDlgW1fwD5EOYkOaj4YrjKXA8CV5BB6U5ODti10UAWaw HTTP 302
https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEGF9Hbc9AkO2p86J-haQ_y0&google_cver=1&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeWkCbkV7wAcUDlgW1fwD5EOYkOaj4YrjKXA8CV5BB6U5ODti10UAWaw&prevuid=06030002_63205fe061983&knw= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeWkCbkV7wAcUDlgW1fwD5EOYkOaj4YrjKXA8CV5BB6U5ODti10UAWaw&google_hm=MDYwMzAwMDFfNjMyMDVmZTA2MDY5Nw%3D%3D

Request Chain 251

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECPEmB4UPtMKe7O0l_lCZy8&google_cver=1&google_push=AehlK4Dx1SdtWZcsm_c8wXca7uaLa1w6OPKEABJE3vStEjyT7ps4dFMfK6ZFgk1j6FgtDX8GhuVoLzEIMl16Nk7O9pMcz_PiQFlEDw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDgwMkxQTE8tQy01NTRL&google_push=AehlK4Dx1SdtWZcsm_c8wXca7uaLa1w6OPKEABJE3vStEjyT7ps4dFMfK6ZFgk1j6FgtDX8GhuVoLzEIMl16Nk7O9pMcz_PiQFlEDw

Request Chain 252

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPF8HwUGMQoeFn4mCQsLopM&google_cver=1&google_push=AehlK4DPIwlGixs9KSHW-S6Zr09PWOxtNSQGBBELSsfbPwl3sWMjXMAU_4huzNw0jEwWBzMoIlL8Ps2ora639gLA8qo4pgqNjGRE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=c13cbd22&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4DPIwlGixs9KSHW-S6Zr09PWOxtNSQGBBELSsfbPwl3sWMjXMAU_4huzNw0jEwWBzMoIlL8Ps2ora639gLA8qo4pgqNjGRE

Request Chain 253

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGaXF_jCkEWzNqNbZjXErnA&google_cver=1&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-RtrRO2FIIL40DfOIZVBnglneWmesGbnaZRGPkbNrpXPL8cw HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGaXF_jCkEWzNqNbZjXErnA&google_cver=1&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-RtrRO2FIIL40DfOIZVBnglneWmesGbnaZRGPkbNrpXPL8cw&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-RtrRO2FIIL40DfOIZVBnglneWmesGbnaZRGPkbNrpXPL8cw

Request Chain 257

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAx9C-y_F3NjARIIs_lM99M&google_cver=1&google_push=AehlK4DFTlHxcgAsp8ABSgQFaTf7FWFtMeA1yS-yJtMIwUSdZs7UTHdSBBh6HNhNz-TMBgbdvnH71thcg2OynozLO5Urab3cFees HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AehlK4DFTlHxcgAsp8ABSgQFaTf7FWFtMeA1yS-yJtMIwUSdZs7UTHdSBBh6HNhNz-TMBgbdvnH71thcg2OynozLO5Urab3cFees

Request Chain 258

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEEl7IIp1FY1RREIp8qHsfGQ&google_cver=1&google_push=AehlK4DVd0zxV7qD3wm3M7ceeOI7Ihb-r7Ap9xq5VIhrxu-PJycz_AJshyKHbehsxq-vFBMwkPlgtbmSoWBwF5LwLpukf-rM5EI HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEEl7IIp1FY1RREIp8qHsfGQ&google_cver=1&google_push=AehlK4DVd0zxV7qD3wm3M7ceeOI7Ihb-r7Ap9xq5VIhrxu-PJycz_AJshyKHbehsxq-vFBMwkPlgtbmSoWBwF5LwLpukf-rM5EI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=3K77P85jSr2dwu_RIKlBUmMgX-A

Request Chain 259

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFzgnyq5HgVKLYWU6faTwqg&google_cver=1&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsTkmZ8-JQM HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFzgnyq5HgVKLYWU6faTwqg&google_cver=1&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsTkmZ8-JQM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsTkmZ8-JQM&google_hm=FOC88if_SIOwVhTwk2H3hw==

Request Chain 260

https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEDnHQpDmNs5_fpxVafMW1Uo&google_cver=1&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0RqviJEq3XQh6gd3sHcAro1zcw3q13WGfJm2tVEI2w1Thls2abClQW95 HTTP 302
https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEDnHQpDmNs5_fpxVafMW1Uo&google_cver=1&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0RqviJEq3XQh6gd3sHcAro1zcw3q13WGfJm2tVEI2w1Thls2abClQW95&prevuid=06030001_63205fe060697&knw= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0RqviJEq3XQh6gd3sHcAro1zcw3q13WGfJm2tVEI2w1Thls2abClQW95&google_hm=MDYwMzAwMDFfNjMyMDVmZTA2MDY5Nw%3D%3D

Request Chain 261

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEDdgaWRLUlH2A0aB3_-CzsM&google_cver=1&google_push=AehlK4CuAVG4SpuOOW8rlmexu0PTcMbYeaZXK6e3U9vjQR1NSMPwY4rTnJ5yrDsp-GHH9KtDvGhDdlPe_FHYXVszJMfKp5znfHTb HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=1e48e93&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4CuAVG4SpuOOW8rlmexu0PTcMbYeaZXK6e3U9vjQR1NSMPwY4rTnJ5yrDsp-GHH9KtDvGhDdlPe_FHYXVszJMfKp5znfHTb

Request Chain 314

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBLq94u5WBH-8rzY_jRRuBc&google_cver=1

Request Chain 315

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjQ1ZTcxZTMtOGU4MS0yNjllLWUzMjItMzgwMjc1NGRjMTAy

Request Chain 316

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEJdjmGMCPYBrk3gQJIqby1A&google_cver=1

Request Chain 317

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDdhNTYwNjYtMWM5Zi00MmQ0LTk5YmMtOGM5ZmQxNDM0OGJk

Request Chain 323

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmariopartylegacy.com%2F&domain=mariopartylegacy.com&cw=1&pbt=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=-gapIHxLZnR5b1pjdnl6ZmlvMi9LdVY4WVlWWFJTNFlXRWF0MDM1TktYUlA1bW8yTURBQ3hOcU1NSklEMzk3VW5NbTdpclZLRWFlVHl3ZVpQb01wcnYwOGEzVU9rb29PR3VmUlJ0RjFMSUdQSWdRdGRPUlFYMDF5T2JzQitlQzlDeCtsNWh4dTBaek0zcFAzK09sRkNHaHF2M2JZWGF5eE5JQnpwVU5vMGxJdVRJZjloRnlrOU95QTI5M2FXK0FxeG9ERVhlZ1lSYWJENFRldEg2dmpyWWVLeUpFbng0dW5DNlBhbVlXNkZIMXNFK1FQY2xUdlhKNnNYREFEOGxlUGh3UmZxfA&cppv=2

Request Chain 332

https://ups.analytics.yahoo.com/ups/58570/occ?gdpr=0&gdpr_consent=&uid=5453cbab-8739-43dd-b8ed-7befb4068dd6 HTTP 302
https://prebid.a-mo.net/setuid/yahoo?uid=y-ShhVurVE2uGvAE6eM4E1xIKrQj8EicH7cfSDbKs-~A&gdpr=0&gdpr_consent=

Request Chain 333

https://x.bidswitch.net/sync?ssp=adaptmx&user_id=5453cbab-8739-43dd-b8ed-7befb4068dd6&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=14e0bcf2-27ff-4883-b056-14f09361f787&ssp=adaptmx&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2910&partner_device_id=10596125502584628923&gdpr=0&gdpr_consent=&partner_url=https%3A%2F%2Fodr.mookie1.com%2Ft%2Fv2%3Ftagid%3DV2_948118%26src.visitorid%3D%24%7BTA_DEVICE_ID%7D%26ssp%3Dadaptmx%26gdpr_consent%3D%26gdpr%3D0 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2910&partner_device_id=10596125502584628923&gdpr=0&gdpr_consent=&partner_url=https%3A%2F%2Fodr.mookie1.com%2Ft%2Fv2%3Ftagid%3DV2_948118%26src.visitorid%3D%24%7BTA_DEVICE_ID%7D%26ssp%3Dadaptmx%26gdpr_consent%3D%26gdpr%3D0 HTTP 302
https://odr.mookie1.com/t/v2?tagid=V2_948118&src.visitorid=137c8093-711e-4365-b2af-593aee114210&ssp=adaptmx&gdpr_consent=&gdpr=0 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212302828&puid=10596125502584628923&ssp=adaptmx&gdpr=0&gdpr_consent= HTTP 302
https://odr.mookie1.com/t/v2?tagid=V2_785409&src.visitorId=212550604273004787637&ssp=adaptmx&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=419&user_id=10596125502584628923&ssp=adaptmx&gdpr=0&gdpr_consent=

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=w-IRF-twTYyoYqEa5ywXzw&google_cm&dsp_callback=0&publisher_dsp_id=340 HTTP 302
https://match.360yield.com/match?dsp_callback=0&publisher_dsp_id=340&google_gid=CAESEB5Vg33b8y0LyQHVogXuHrY&google_cver=1

Request Chain 335

https://pixel.mathtag.com/sync/img?mt_exid=276&redir=https%3A%2F%2Fad.360yield.com%2Fmatch%3Fpublisher_dsp_id%3D5%26external_user_id%3D%5BUUID%5D&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=5&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.360yield.com/match HTTP 302
https://ad.360yield.com/match?publisher_dsp_id=5&external_user_id=68486320-5fe1-4f00-a55f-beaa1f1ea52c

Request Chain 336

https://id5-sync.com/match?publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=313&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.360yield.com/match HTTP 302
https://id5-sync.com/c/124/124/2/1.gif?puid=c3e21117-eb70-4d8c-a862-a11ae72c17cf&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://ib.adnxs.com/getuid?https://id5-sync.com/c/124/2/1/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/124/2/1/2.gif?puid=4776604448345215037&gdpr=0&gdpr_consent= HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMODorRpheBjeZwx3gS5etGRkzhB4T5_QSUa2IzfA&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F124%2F3%2F0%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/124/3/0/3.gif?puid=d9d66320-5fe0-4400-875d-f0cb9f218aa1&gdpr=0&gdpr_consent= HTTP 302
https://na-ice.360yield.com/match?publisher_dsp_id=313&external_user_id=ID5-ZHMODorRpheBjeZwx3gS5etGRkzhB4T5_QSUa2IzfA&dsp_callback=0&gdpr=&gdpr_consent=

Request Chain 337

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://prebid.a-mo.net/setuid/magnite?uid=L802LPLO-C-554K&gdpr=0&us_privacy=1---

Request Chain 338

https://track.adform.net/serving/cookie/match/?party=5&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=42&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.360yield.com/match HTTP 302
https://track.adform.net/serving/cookie/match/?CC=1&party=5&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=42&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.360yield.com/match HTTP 302
https://na-ice.360yield.com/match?publisher_dsp_id=42&Expiration=1664275681&external_user_id=2029913363476918026

Request Chain 339

https://x.bidswitch.net/sync?ssp=improve&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=191&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.360yield.com/match HTTP 302
https://pm.w55c.net/ping_match.gif?st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dimprove%26bsw_param%3D14e0bcf2-27ff-4883-b056-14f09361f787 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dimprove%26bsw_param%3D14e0bcf2-27ff-4883-b056-14f09361f787 HTTP 302
https://x.bidswitch.net/sync?dsp_id=79&user_id=rC4lnmvd1Oy3st5&expires=30&ssp=improve&bsw_param=14e0bcf2-27ff-4883-b056-14f09361f787 HTTP 302
https://ad.360yield.com/match?publisher_dsp_id=191&external_user_id=14e0bcf2-27ff-4883-b056-14f09361f787

Request Chain 348

https://gum.criteo.com/sid/json?origin=publishertag&domain=mariopartylegacy.com&sn=ChromeSyncframe&so=0&topUrl=mariopartylegacy.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=s7tSSXxrQ2VDbTlqaGF4aUN5bjdkYmNEODRPMmUzaVEvSEVRLzdPNFQxMkxmZkhQUit3RFpvbW14Q1YwREFqWjlqN28vQjZoYjNCenFUaDBwc2FLUXg5bWVnL2JvZVNOTjBjTUJKbGhzUjkzcHArWW9wNmVKdUxFYzdwMzBDK0xiS281NC81aW1MSWkzTUg1b3RCN01SUDdiblBVaGgwaU53N05LazBibzcyNGFwcUVSRm4zSWFQOERBM0E2VUgwWTFUTURiS2tSVVgxbURGL016bFBJMkxxTkFQVmc3UmQyTU13YkZXOWlleTlDOHhBWG9PMEQ0L0xvSHFzNGQrOEpybFM3Vy9CcnlwMWw5NmM0TjFWVGpwSUs1cTVvQjJtbHJnQXVSUzd1QTVQa2ZSWT18&cppv=2

Request Chain 350

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEIXV4jWZXP6m5P7QgJcW21o&google_cver=1&google_push=AehlK4Ba9Ad-G5-NH5dvmlZrfeKzG_3RdknrY200UOZM6OLZcr2RilwA6yq71wNkX9TWhgGvEf_H2EqrZ4dsqPD4dKgPMx_wvZ_Osw HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEIXV4jWZXP6m5P7QgJcW21o&google_cver=1&google_push=AehlK4Ba9Ad-G5-NH5dvmlZrfeKzG_3RdknrY200UOZM6OLZcr2RilwA6yq71wNkX9TWhgGvEf_H2EqrZ4dsqPD4dKgPMx_wvZ_Osw&s_h=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=LjS06b9LTOGQRJA4GemFxA

Request Chain 351

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEBQ_OCTMH2uOTMaFFA-p4F8&google_cver=1&google_push=AehlK4DuARYaAQXUuTA0kM5fHPQ3Nfdx1DOYYugClj4mTpBlHspd_e-OCblyLTFHXOux8l1OMwtcOMJETlS-vwuosxWk9UHZl2ovjA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEBQ_OCTMH2uOTMaFFA-p4F8&google_cver=1&google_push=AehlK4DuARYaAQXUuTA0kM5fHPQ3Nfdx1DOYYugClj4mTpBlHspd_e-OCblyLTFHXOux8l1OMwtcOMJETlS-vwuosxWk9UHZl2ovjA

Request Chain 352

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAehlK4CxOHIyA0W1-jsUQB7tdv9Hb4J1ue3D9ZCrzecl7SlewApsexrTmyUPC2QT4_GCW5JHFXBtjDLwQnIhyCLDtIB_PCFIOVwkxQ%26google_hm%3D%5BUID%5D&google_gid=CAESEEQWWowRU3Rn45hsDUp1Lh4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AehlK4CxOHIyA0W1-jsUQB7tdv9Hb4J1ue3D9ZCrzecl7SlewApsexrTmyUPC2QT4_GCW5JHFXBtjDLwQnIhyCLDtIB_PCFIOVwkxQ&google_hm=a5400f57-ad0e-41a4-98df-14a6f3e49ac9

Request Chain 353

https://cs.media.net/cksync?type=g&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1&google_push=AehlK4AOczFrWAheqNj9lSTc37G86i0li6czM3CcKkbeyvTnYZmNdvdFwOT6hi0jPStVrF2qCgNTXvQL3iN3DeXl2onvGh1ny_1xyQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&mn_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&google_sc=1&google_push=AehlK4AOczFrWAheqNj9lSTc37G86i0li6czM3CcKkbeyvTnYZmNdvdFwOT6hi0jPStVrF2qCgNTXvQL3iN3DeXl2onvGh1ny_1xyQ&gdpr=&gdpr_consent=

Request Chain 354

https://cc.adingo.jp/adx/push/?google_gid=CAESEAgs1VGyb8tq23c9aECMfy0&google_cver=1&google_push=AehlK4CYWQagBiEmCkH5RZ6xqY3WomvDMQgQefaJOfwCMJhq4q5nmzgT56pf7mViJCvtk7-wE1rqiQY_-v7OM4F2yW9Gb1g8hcm1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AehlK4CYWQagBiEmCkH5RZ6xqY3WomvDMQgQefaJOfwCMJhq4q5nmzgT56pf7mViJCvtk7-wE1rqiQY_-v7OM4F2yW9Gb1g8hcm1&google_hm=db084ea598d447bbaed1bceb54b7a24b

Request Chain 355

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDAQB4rRiBlKPYLKyz-PXqM&google_cver=1&google_push=AehlK4BpxOZACdfzcWVEjv391r03quDSYtJq4K5_WxeLsPRfShIHIZClkd_OVMvFhpBz_fLwfZurgv0h26OnkuxrtAxLVZbTbMgOEg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4BpxOZACdfzcWVEjv391r03quDSYtJq4K5_WxeLsPRfShIHIZClkd_OVMvFhpBz_fLwfZurgv0h26OnkuxrtAxLVZbTbMgOEg

Request Chain 356

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBJCDWh85l6yrdVGV9cj8gc&google_cver=1&google_push=AehlK4BNetBMCpRx_E7upWt10yDe8dlFVzMmSKgZwkfORgTu1i9dCMNQW1140B6aw8WySz9jYBIKHPkHV8oTuk5KxS3Ei_sv6GIcWg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BNetBMCpRx_E7upWt10yDe8dlFVzMmSKgZwkfORgTu1i9dCMNQW1140B6aw8WySz9jYBIKHPkHV8oTuk5KxS3Ei_sv6GIcWg HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 368

https://cs.emxdgt.com/um?ssp=pbs&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ib.adnxs.com/getuid?https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$UIDbrt56751663066076982594b2 HTTP 302
https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=4776604448345215037brt56751663066076982594b2

Request Chain 375

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dpulsepoint%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%25%25VGUID%25%25 HTTP 302
https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205

Request Chain 380

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dpulsepoint%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%25%25VGUID%25%25 HTTP 302
https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205

Request Chain 381

https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%5BUID%5D HTTP 302
https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9

380 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
mariopartylegacy.com/
Redirect Chain

http://mariopartylegacy.com/
https://mariopartylegacy.com/

86 KB
15 KB

649ms
623ms

Document
text/html

104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 03e2f7f0e1794b1852dda8c1828fb4b677a9d18d76417e3a9686a1d35e66f581

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 13 Sep 2022 10:47:55 GMT
link: <https://mariopartylegacy.com/wp-json/>; rel="https://api.w.org/"
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
x-ua-compatible: IE=edge

Redirect headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 707
content-type: text/html
date: Tue, 13 Sep 2022 10:47:54 GMT
location: https://mariopartylegacy.com/
server: LiteSpeed

GET
H2 200 pub.min.js Show response
free.xjs.lol/js/ 3 KB
2 KB 105ms
32ms Script
application/javascript 108.178.23.114
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://free.xjs.lol/js/pub.min.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.178.23.114 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

99f43e50f4179af4ebf4c93668866d5a5607914fa0a5daa087354c3159d3fa03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: gzip
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
server: nginx
etag: "631b2780-5ca"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains;
content-length: 1482
expires: Wed, 14 Sep 2022 10:47:55 GMT

GET
H2 200 style.min.css
mariopartylegacy.com/wp-includes/css/dist/block-library/ 87 KB
11 KB 15ms
11ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Wed, 13 Jul 2022 00:04:29 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 10946
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 unsemantic-grid.min.css
mariopartylegacy.com/wp-content/themes/generatepress/assets/css/ 12 KB
2 KB 17ms
13ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/css/unsemantic-grid.min.css?ver=3.1.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 7ee7784d217b273bd847dcc83ca3451f76f63cc1b619805dbdb297197bb44eb8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Fri, 08 Apr 2022 06:37:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1655
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 style.min.css
mariopartylegacy.com/wp-content/themes/generatepress/assets/css/ 21 KB
5 KB 23ms
19ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/css/style.min.css?ver=3.1.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 424332ea0ecacff818cf7de57fd7968c0172f01776ff025a4d2a99540422d3f0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Fri, 08 Apr 2022 06:37:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4860
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 mobile.min.css
mariopartylegacy.com/wp-content/themes/generatepress/assets/css/ 4 KB
1005 B 24ms
20ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/css/mobile.min.css?ver=3.1.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 5b29f10d6e7c79c2f7f11b0abe16a4fb45e29673dababd29a0313d72aeaa90b5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Fri, 08 Apr 2022 06:37:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 972
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 font-icons.min.css
mariopartylegacy.com/wp-content/themes/generatepress/assets/css/components/ 3 KB
713 B 24ms
21ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/css/components/font-icons.min.css?ver=3.1.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 584b10df5af4716257aae636285c55f27e9a970412fa831dd66023efabb84b48

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Fri, 08 Apr 2022 06:37:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 680
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 font-awesome.min.css
mariopartylegacy.com/wp-content/themes/generatepress/assets/css/components/ 30 KB
6 KB 25ms
22ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/css/components/font-awesome.min.css?ver=4.7
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 7181c93962530c41049c3aff9c3a0f4b0d03685ec63d22a39e3461e5628c09af

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Fri, 08 Apr 2022 06:37:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6556
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 featured-images.min.css
mariopartylegacy.com/wp-content/plugins/gp-premium/blog/functions/css/ 3 KB
487 B 26ms
23ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=1.12.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 7e545a7e4d7f69a26daa026799b6ab7caea7cfe6aa822b0038f63c14a5f69cf1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Wed, 16 Dec 2020 18:17:46 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 431
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 offside.min.css
mariopartylegacy.com/wp-content/plugins/gp-premium/menu-plus/functions/css/ 6 KB
1 KB 26ms
24ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/plugins/gp-premium/menu-plus/functions/css/offside.min.css?ver=1.12.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 628492e9ee5248b3ae1bd504a7d60227a2e7a09b953b858784044d7d28844489

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Wed, 16 Dec 2020 18:17:47 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1392
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 icons.min.css
mariopartylegacy.com/wp-content/plugins/gp-premium/general/icons/ 273 B
172 B 27ms
24ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/plugins/gp-premium/general/icons/icons.min.css?ver=1.12.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: a84d93033cfb20c017fcdb465504883f68f8cddef078b205b04b0cd73f0d8405

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Wed, 16 Dec 2020 18:17:47 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 140
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 navigation-branding.min.css
mariopartylegacy.com/wp-content/plugins/gp-premium/menu-plus/functions/css/ 3 KB
616 B 28ms
26ms Stylesheet
text/css 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/plugins/gp-premium/menu-plus/functions/css/navigation-branding.min.css?ver=1.12.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 1cc5fba1b17b26c8975d63d581f375152c583264b4ba58a2d2eacac2d11d90ee

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Wed, 16 Dec 2020 18:17:47 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 583
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 jquery.min.js Show response
mariopartylegacy.com/wp-includes/js/jquery/ 87 KB
30 KB 29ms
27ms Script
application/javascript 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Tue, 27 Jul 2021 21:47:29 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 30273
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
mariopartylegacy.com/wp-includes/js/jquery/ 11 KB
4 KB 33ms
31ms Script
application/javascript 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Wed, 09 Dec 2020 23:16:15 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3995
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
42 KB 150ms
49ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-84394370-1

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ee93a9591c2ae5d76e3f175cc4ef925c44475c309c6b576a251a5f19e7f07bba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42132
x-xss-protection: 0
last-modified: Tue, 13 Sep 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 13 Sep 2022 10:47:55 GMT

GET
H3 200 wp-emoji-release.min.js Show response
mariopartylegacy.com/wp-includes/js/ 18 KB
5 KB 20ms
13ms Script
application/javascript 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Fri, 03 Jun 2022 00:38:50 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4619
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 cropped-mariopartylegacylogo.png
mariopartylegacy.com/wp-content/uploads/2019/12/ 90 KB
90 KB 21ms
14ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2019/12/cropped-mariopartylegacylogo.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: d297edda9cc0ac8d1ea9ae162e30430673ac07b4d8a536051b27ab2d96037c27

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Sat, 21 Dec 2019 10:16:26 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 92081
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartylegacythin.png
mariopartylegacy.com/wp-content/uploads/2021/02/ 26 KB
26 KB 42ms
35ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2021/02/mariopartylegacythin.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: c6f6d25594bb36ece49a086f833453906f388a3aec9a2e8568ba183807fc390b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Sat, 06 Feb 2021 19:44:13 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 26624
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty1.png
mariopartylegacy.com/wp-content/themes/icons/ 20 KB
20 KB 43ms
36ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty1.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 84e5902420c80249fae4e0c136ae1c78b9f977210e528d676a0cbd1f276a12e3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 20578
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty2.png
mariopartylegacy.com/wp-content/themes/icons/ 5 KB
5 KB 45ms
38ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty2.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 6624cfdb330a4273c33b550e5ae7440a7ef259e3c074b7b89bd27739bddfeb75

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5103
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty3.png
mariopartylegacy.com/wp-content/themes/icons/ 5 KB
5 KB 48ms
41ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty3.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 4016e5c000f30547fe4c066aa2afad9f2ca5db3d6717b4d0990fecfd1a301507

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:35 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5269
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty4.png
mariopartylegacy.com/wp-content/themes/icons/ 5 KB
5 KB 50ms
43ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty4.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 095ce7913e543fa079a0e91c892304486f466f5d3c8ea49d50501a1d08ddd72d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:35 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5255
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty5.png
mariopartylegacy.com/wp-content/themes/icons/ 5 KB
5 KB 52ms
44ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty5.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: c0f68a9595fd8ff81f5a765be4da5aa5ce13cbbb8d5f40e25a270bd86978c35b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:35 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5288
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty6.png
mariopartylegacy.com/wp-content/themes/icons/ 5 KB
5 KB 57ms
49ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty6.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 61c34b945902ab85a4d8134bcbef2309558cef9b344777023e3acfac754ad430

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:35 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5177
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty7.png
mariopartylegacy.com/wp-content/themes/icons/ 5 KB
5 KB 59ms
52ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty7.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 5e939f7f2ddb20f90b0d03ff858ab310c3573e20abf16dd1f62609d0c06f9789

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:35 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5482
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty8.png
mariopartylegacy.com/wp-content/themes/icons/ 5 KB
5 KB 60ms
53ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty8.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 9755be0c168d11892adcf65aaa09cd3c671a262d4512e393bf542730a6a38aa8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:36 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5105
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty9.png
mariopartylegacy.com/wp-content/themes/icons/ 2 KB
2 KB 60ms
53ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty9.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 0edaf21554e0889aed8de9ec9e662e8247f3fad31fd795914a8822681bea1913

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:36 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2361
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 marioparty10.png
mariopartylegacy.com/wp-content/themes/icons/ 21 KB
21 KB 60ms
54ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/marioparty10.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: b884d92a693c2e1689e630dad72d23cb3775d4d9abc1c591f0a9439fa4b0d24f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:36 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 21608
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartyadvance.png
mariopartylegacy.com/wp-content/themes/icons/ 7 KB
7 KB 61ms
54ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/mariopartyadvance.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 92f1c3973f0fdeed0f764028a1415b11372c3ce61d8c08bdcebde53d66f93cff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:36 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6662
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartyds.png
mariopartylegacy.com/wp-content/themes/icons/ 7 KB
7 KB 61ms
55ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/mariopartyds.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: ded6a344cab6b04f35d5974166b765ea329aa309368373d916658c000e2e1cef

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:37 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6948
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartyislandtour.png
mariopartylegacy.com/wp-content/themes/icons/ 6 KB
6 KB 62ms
56ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/mariopartyislandtour.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: f74f09e9fd96d0445dcd5c4ebf50055bd5d782f5ad346174a7d4f389adca17c6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:37 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6192
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartystarrush.png
mariopartylegacy.com/wp-content/themes/icons/ 23 KB
23 KB 64ms
58ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/mariopartystarrush.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 04e335d4d6e4403b6be6ab4c8b75b2a59c060e00f8b36a2e8626b4de3ff3da3b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:37 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 23064
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartytop.png
mariopartylegacy.com/wp-content/themes/icons/ 62 KB
62 KB 67ms
61ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/mariopartytop.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: fe4f915ffcb03078459bc08bceb07b6a3158278caa6f4a86c1a01aa229e05e7a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:38 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 63245
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartysuper.png
mariopartylegacy.com/wp-content/themes/icons/ 7 KB
7 KB 79ms
73ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/mariopartysuper.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 4cb32ec64c172379f3b33674d6ad45d1c5bb38601e17b9ee43597ba17a5c5350

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 26 May 2020 18:18:37 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7636
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariopartysuperstars.png
mariopartylegacy.com/wp-content/themes/icons/ 6 KB
7 KB 89ms
83ms Image
image/png 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/themes/icons/mariopartysuperstars.png
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 5b32009d78e3905b5795e394e00cb3fb5afbb912622323c581bbb856dfb560d5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 15 Jun 2021 18:03:15 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6616
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mario-kart-8-deluxe-booster-dlc-wave-2-thumbnail.jpg
mariopartylegacy.com/wp-content/uploads/2022/07/ 764 KB
764 KB 94ms
88ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2022/07/mario-kart-8-deluxe-booster-dlc-wave-2-thumbnail.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 8a68f733a4c556d63f4075e483fa51939f0a6de4675336226c1a15077ee92c71

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Thu, 28 Jul 2022 16:13:57 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 782319
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 116ms
19ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0A) /
Resource Hash: 8f4fc0f336126492b535be2e0b29fbb538a3079547d19a81368aec9268a54f26

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:55 GMT
Content-Encoding: gzip
Age: 1172
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 29220
x-tw-cdn: VZ
Last-Modified: Wed, 31 Aug 2022 20:41:50 GMT
Server: ECS (nyb/1D0A)
Etag: "f116c7e6b28e2aebeb60ade5bdc8e2b4+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H3 200 offside.min.js Show response
mariopartylegacy.com/wp-content/plugins/gp-premium/menu-plus/functions/js/ 6 KB
2 KB 11ms
11ms Script
application/javascript 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js?ver=1.12.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 9ab6ba1e7e051b464b2a5855abc359ba0f4cde98edc2335e2648bbfe5a35cf38

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Wed, 16 Dec 2020 18:17:47 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1919
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 jquery.cookie.min.js Show response
mariopartylegacy.com/wp-content/plugins/wplegalpages/admin/js/ 1 KB
666 B 12ms
11ms Script
application/javascript 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/plugins/wplegalpages/admin/js/jquery.cookie.min.js?ver=2.9.0
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Tue, 26 Jul 2022 21:52:37 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 622
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 menu.min.js Show response
mariopartylegacy.com/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 19ms
11ms Script
application/javascript 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.1.3
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 775a02c37772954d38fe41b802b94a0ee37dccb98a03827cdef3eddd2abc13d1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
last-modified: Fri, 08 Apr 2022 06:37:19 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1509
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 wprt-script.js Show response
mariopartylegacy.com/wp-content/plugins/wp-responsive-table/assets/frontend/js/ 173 B
216 B 20ms
12ms Script
application/javascript 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/plugins/wp-responsive-table/assets/frontend/js/wprt-script.js?ver=1.2.6
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 6e8060b67a9bc601a234fad07a2ffdf1ba56bab8d4fe01fcdece885bce46f0aa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Thu, 06 May 2021 20:41:08 GMT
server: LiteSpeed
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 173
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H2 200 ad-manager.min.js Show response
hb.vntsm.com/v3/live/ Frame 4456 1022 KB
308 KB 161ms
28ms Script
application/javascript 37.19.207.34
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-37-19-207-34.datapacket.com
Software: BunnyCDN-ASB-925 /
Resource Hash: 60402023b661bea571a650b514c4e3c1c9de527892fef7b3cbc81e2b140d5499

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: br
cdn-edgestorageid: 925
access-control-allow-origin: *
cdn-cachedat: 09/13/2022 08:43:37
cdn-pullzone: 131999
cdn-requestpullsuccess: True
server: BunnyCDN-ASB-925
access-control-allow-headers: cdn-requestcountrycode,Content-Type,x-bl,ref_url
last-modified: Tue, 06 Sep 2022 13:38:20 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"f43c2cd161874688b3ec6174ceb11e92"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
cdn-cache: HIT
x-bl: 0
cache-control: public, max-age=86400
cdn-uid: 5d6cd18c-1b61-4922-947b-91a6b9ea7b00
cdn-requestid: 84ae789156d94b1e8eea982cd017610e
cdn-requestcountrycode: CA
cdn-status: 200
access-control-expose-headers: x-geo-subdivision,X-Geo,cdn-requestcountrycode,Content-Type,x-bl

GET
H3 200 headerback9.jpg
mariopartylegacy.com/wp-content/uploads/2019/12/ 13 KB
13 KB 95ms
90ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2019/12/headerback9.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 732e093b7af9eb20bbae0d854548911684db64a17d4b69f0e31b81a928adb359

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Sat, 21 Dec 2019 10:38:59 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 12975
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 headerback.jpg
mariopartylegacy.com/wp-content/uploads/2019/12/ 109 KB
109 KB 91ms
90ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2019/12/headerback.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 7cd06ebcc99017e3dac76cf98fb6bb6e987be09d24173d6dd9859852e88f82b7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Sat, 21 Dec 2019 09:32:40 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 111579
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 headerback6.jpg
mariopartylegacy.com/wp-content/uploads/2019/12/ 106 KB
106 KB 12ms
12ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2019/12/headerback6.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 76be95cf10e2dc894e3960e5a50d616b9fd9b3a874fc0cfba65d43c3b94e83dd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Sat, 21 Dec 2019 10:39:27 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 108385
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 generatepress.woff2
mariopartylegacy.com/wp-content/themes/generatepress/assets/fonts/ 1 KB
1 KB 13ms
12ms Font
font/woff2 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/fonts/generatepress.woff2
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/css/components/font-icons.min.css?ver=3.1.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd

Request headers

Referer: https://mariopartylegacy.com/wp-content/themes/generatepress/assets/css/components/font-icons.min.css?ver=3.1.3
Origin: https://mariopartylegacy.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Fri, 08 Apr 2022 06:37:19 GMT
server: LiteSpeed
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1264
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mario-strikers-battle-league-guide-walkthrough-cheats-secrets-slide-2.jpg
mariopartylegacy.com/wp-content/uploads/2022/07/ 266 KB
266 KB 76ms
52ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2022/07/mario-strikers-battle-league-guide-walkthrough-cheats-secrets-slide-2.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 92b19b5113efbbaf8335fe55e8aff7d74a625a2964ff63f55593100e30bd3a0b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Wed, 20 Jul 2022 03:36:44 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 271897
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mario-kart-64-unlockables-guide-slide.jpg
mariopartylegacy.com/wp-content/uploads/2022/05/ 204 KB
204 KB 71ms
47ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2022/05/mario-kart-64-unlockables-guide-slide.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 906917064249257d133929d88cd256cc0f0a85bfebea2ffe13ee28e749dc2230

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Sun, 29 May 2022 10:01:19 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 208881
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mario-strikers-battle-league-guide-walkthrough-cheats-secrets-slide.jpg
mariopartylegacy.com/wp-content/uploads/2022/05/ 285 KB
285 KB 56ms
31ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2022/05/mario-strikers-battle-league-guide-walkthrough-cheats-secrets-slide.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 5f0d0dc37da096042a77e53ce42fdcc6152a6e606f453ab038cedd7dc088ddb5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 24 May 2022 21:38:16 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 292012
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mario-golf-64-guide-walkthrough-cheats-secrets-slide.jpg
mariopartylegacy.com/wp-content/uploads/2022/04/ 196 KB
196 KB 21ms
16ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2022/04/mario-golf-64-guide-walkthrough-cheats-secrets-slide.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 63440413f9b013a54631b329d428a96694a8e82c1c67a5f924e29ade9ffc45e0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Mon, 11 Apr 2022 21:38:55 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 200759
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariokartboosterslide.jpg
mariopartylegacy.com/wp-content/uploads/2022/02/ 244 KB
244 KB 37ms
32ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2022/02/mariokartboosterslide.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: d84628fdcbd80df1ec891a2d39af7837c748eaa2d7369fedd3e39cb902b04573

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 22 Feb 2022 20:35:25 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 249840
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H3 200 mariostrikersslide.jpg
mariopartylegacy.com/wp-content/uploads/2022/02/ 217 KB
218 KB 19ms
15ms Image
image/jpeg 104.152.168.8
CROCWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mariopartylegacy.com/wp-content/uploads/2022/02/mariostrikersslide.jpg
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.152.168.8 , Canada, ASN63068 (CROCWEB, CA),
Reverse DNS: server08.hostwhitelabel.com
Software: LiteSpeed /
Resource Hash: 0812fe1eca87b53058cf954b36e8b6c12fb15da281f92386acf6f0d800a2acbc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 22 Feb 2022 20:32:30 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 222671
expires: Tue, 20 Sep 2022 10:47:55 GMT

GET
H/1.1 200
OK widget_iframe.c4bdc17e77719578b594d5555bee90db.html Show response
platform.twitter.com/widgets/ Frame AC62 320 KB
104 KB 18ms
18ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fmariopartylegacy.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D2C) /
Resource Hash: 8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1087479
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105445
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 10:47:55 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 31 Aug 2022 20:40:57 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D2C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 68ms
20ms Script
text/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-84394370-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1344
date: Tue, 13 Sep 2022 10:25:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 13 Sep 2022 12:25:32 GMT

OPTIONS
H2 200 58e3a82446e0fb000143f01b.enc
hb.vntsm.com/v2/live/ Frame 0
0 68ms
22ms Preflight
application/octet-stream 37.19.207.34
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.vntsm.com/v2/live/58e3a82446e0fb000143f01b.enc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-37-19-207-34.datapacket.com
Software: BunnyCDN-ASB-925 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ref_url
Access-Control-Request-Method: GET
Origin: https://mariopartylegacy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers: cdn-requestcountrycode,Content-Type,x-bl,ref_url
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: x-geo-subdivision,X-Geo,cdn-requestcountrycode,Content-Type,x-bl
cache-control: public, max-age=86400
cdn-cache: HIT
cdn-pullzone: 131999
cdn-requestcountrycode: CA
cdn-requestid: e2c2934e551b154de9f4b79612eea777
cdn-uid: 5d6cd18c-1b61-4922-947b-91a6b9ea7b00
content-type: application/octet-stream
date: Tue, 13 Sep 2022 10:47:56 GMT
server: BunnyCDN-ASB-925
x-bl: 0

GET
H2 200 content.html Show response
hb.vntsm.io/ Frame 4456 32 B
681 B 97ms
29ms Fetch
text/html 2606:4700:10::6816:2f8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.vntsm.io/content.html
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2f8e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce8368e5b8e9f2f066acc6284578c00021aea742c4c7c7ec2836c232a5f8b1f8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
cf-cache-status: HIT
age: 179
cf-ray: 74a04ebf9db17156-YUL
content-length: 32
x-amz-id-2: ZBmAtyiutEsfMTMUPlxYLJojZmhE4FI6A8BbNG3DwG/FUItU6OMKYiQ2Z3OhICnh4FrtL1jxdDA8or8YMyLhMw==
last-modified: Thu, 14 Oct 2021 10:47:47 GMT
server: cloudflare
etag: "2f58b9ff601fd509249a9e7628a21c33"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: CMYYTCXXV6K4HCTD
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin, origin, Origin
cache-control: max-age=14400
accept-ranges: bytes
content-type: text/html

GET
H2 200 58e3a82446e0fb000143f01b.enc Show response
hb.vntsm.com/v2/live/ Frame 4456 29 KB
5 KB 141ms
140ms XHR
text/plain 37.19.207.34
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.vntsm.com/v2/live/58e3a82446e0fb000143f01b.enc
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-37-19-207-34.datapacket.com
Software: BunnyCDN-ASB-925 /
Resource Hash: e921680b363787cc6f8a38f1e9c47c7c61962501539df2b374fb3d356086d880

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
ref_url: aHR0cHM6Ly9tYXJpb3BhcnR5bGVnYWN5LmNvbS8=

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: br
cdn-edgestorageid: 925
access-control-allow-origin: *
access-control-expose-headers: x-geo-subdivision,X-Geo,cdn-requestcountrycode,Content-Type,x-bl
cdn-cachedat: 09/13/2022 09:48:31
cdn-pullzone: 131999
server: BunnyCDN-ASB-925
access-control-allow-headers: cdn-requestcountrycode,Content-Type,x-bl,ref_url
last-modified: Wed, 10 Aug 2022 10:06:13 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"6ba443306e1c40962ad26cc2f2876ada"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: text/plain
cdn-cache: HIT
x-bl: 0
cache-control: public, max-age=86400
cdn-uid: 5d6cd18c-1b61-4922-947b-91a6b9ea7b00
cdn-requestid: fef215bf55fd160b10c678a300ce7cd0
access-control-allow-credentials: true
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 settings Show response
syndication.twitter.com/ Frame AC62 710 B
588 B 123ms
40ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=3f8ee04b82520eb508750f8b46a414d5927f3980

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.c4bdc17e77719578b594d5555bee90db.html?origin=https%3A%2F%2Fmariopartylegacy.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

aca4ff92368d1e601edc0cb3590be251d5af55460e57f9a61b3d8caffcd27f17

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-response-time: 7
date: Tue, 13 Sep 2022 10:47:55 GMT
content-encoding: gzip
last-modified: Tue, 13 Sep 2022 10:47:56 GMT
server: tsa_b
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 9fdb4eeca8224f6a2c4f130d7cffc42dce493530293914b34f035d87c60d6cc3
content-length: 308

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 77ms
33ms XHR
text/plain 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=389646202&t=pageview&_s=1&dl=https%3A%2F%2Fmariopartylegacy.com%2F&ul=en-us&de=UTF-8&dt=Mario%20Party%20Legacy%20-%20The%20ultimate%20Mario%20Party%20resource&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=184684755&gjid=985688910&cid=1350949069.1663066076&tid=UA-84394370-1&_gid=2068343256.1663066076&_r=1&gtm=2ou9c0&z=184460042

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK button.c6c95b9789db97ea1e9742d215fff751.js Show response
platform.twitter.com/js/ 7 KB
3 KB 19ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.c6c95b9789db97ea1e9742d215fff751.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0A) /
Resource Hash: 98b3ff3a8543eaee1f9946fde06f31cd9bb98f9e57cd431e0234db57c221334e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1087480
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 2361
x-tw-cdn: VZ
Last-Modified: Wed, 31 Aug 2022 20:40:49 GMT
Server: ECS (nyb/1D0A)
Etag: "3b5d132d3d3780b86a6d19d169faef45+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK horizon_timeline.4836f7a62ef55f5880337b3b6602854f.js Show response
platform.twitter.com/js/ 8 KB
3 KB 40ms
20ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_timeline.4836f7a62ef55f5880337b3b6602854f.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D05) /
Resource Hash: 880f96a0b1f6eb62e94842f79f2248bbda2c453c885d319a03a1892f3014964f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1087481
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 2685
x-tw-cdn: VZ
Last-Modified: Wed, 31 Aug 2022 20:40:49 GMT
Server: ECS (nyb/1D05)
Etag: "34e2e8018518a39f9995c88495115818+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
88 B 45ms
44ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1663066076223%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%221bfeb5c3714e8%3A1661975971032%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=3f8ee04b82520eb508750f8b46a414d5927f3980

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-response-time: 10
date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 13 Sep 2022 10:47:56 GMT
server: tsa_b
vary: Origin
content-type: image/gif
cache-control: must-revalidate, max-age=600
x-connection-hash: 9fdb4eeca8224f6a2c4f130d7cffc42dce493530293914b34f035d87c60d6cc3
strict-transport-security: max-age=631138519
content-length: 43

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 84 KB
29 KB 120ms
59ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8410d3b0967b358ea8a5674c454166c57643e79e398fddfd24d16dfea2a5cde5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28691
x-xss-protection: 0
server: sffe
etag: "1332 / 871 of 1000 / last-modified: 1663064878"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 13 Sep 2022 10:47:56 GMT

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 109 KB
110 KB 62ms
20ms Script
application/x-javascript 99.84.119.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.119.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-119-113.ewr52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 03:37:48 GMT
via: 1.1 9c1dd3a19b345bbdabc718a69ac89c3c.cloudfront.net (CloudFront)
age: 25809
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:598424ed-c6de-48e8-8068-45662e39c3ce
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 58acf9e97c03c481f490be71338f7f57
content-length: 112112
last-modified: Tue, 17 May 2022 11:35:33 GMT
server: AmazonS3
etag: "148e21f812b555a13b2a9c6b616141f4"
x-amz-meta-codebuild-content-sha256: 57180e34d853b9e6be67670dae22a049fb237e6bca37c60f7ba138272a8487cc
cache-control: must-revalidate,public,max-age=86400
x-amz-version-id: qhkEQKrW4Gg_gxbK41emvSsDXWYdvDMl
x-amz-cf-pop: EWR52-C3
accept-ranges: bytes
content-type: application/x-javascript
x-amz-cf-id: W96QRiaB22dzI9mh1tUiMKTJ5JJZuBcktfC22Jl-CL5d-lN07mNVSQ==

GET
H/1.1 200
OK follow_button.c4bdc17e77719578b594d5555bee90db.en.html Show response
platform.twitter.com/widgets/ Frame F1B0 41 KB
15 KB 20ms
18ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.c4bdc17e77719578b594d5555bee90db.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0A) /
Resource Hash: 7f5f7101bfd48378049f22dfcafa3247adf8f2611602f7ba99307d6f536c4625

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1087477
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 15128
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 10:47:56 GMT
Etag: "46de5ccd76e042d17afc07a6223ee852+gzip"
Last-Modified: Wed, 31 Aug 2022 20:40:50 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D0A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
79 B 66ms
64ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22MPLNetwork%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22l%3Awithcount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1663066076289%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%221bfeb5c3714e8%3A1661975971032%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=3f8ee04b82520eb508750f8b46a414d5927f3980

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-response-time: 11
date: Tue, 13 Sep 2022 10:47:55 GMT
last-modified: Tue, 13 Sep 2022 10:47:56 GMT
server: tsa_b
vary: Origin
content-type: image/gif
cache-control: must-revalidate, max-age=600
x-connection-hash: 9fdb4eeca8224f6a2c4f130d7cffc42dce493530293914b34f035d87c60d6cc3
strict-transport-security: max-age=631138519
content-length: 43

GET
H/1.1 200
OK prebid
ib.adnxs.com/ut/v3/ Frame 4456 57 B
0 81ms
17ms Fetch
application/json 68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:56 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: ca09d2d8-db99-461c-92f7-65b86a3021ce
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 57
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 MPLNetwork Show response
syndication.twitter.com/srv/timeline-profile/screen-name/ Frame 7839 117 KB
14 KB 379ms
376ms Document
text/html 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

343ebdef497ae0b54fe36b5d73a8d90337a648141b5dfe8a028b9cdc33c3796f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: must-revalidate, max-age=60
content-encoding: gzip
content-length: 13889
content-type: text/html; charset=utf-8
date: Tue, 13 Sep 2022 10:47:56 GMT
etag: "1d3be-r4I2q+G5I4SBwwD+ongZOkDR2dM"
server: tsa_b
strict-transport-security: max-age=631138519
x-connection-hash: 9fdb4eeca8224f6a2c4f130d7cffc42dce493530293914b34f035d87c60d6cc3
x-response-time: 305
x-xss-protection: 0

GET
H2 200 script.js Show response
d1oykxszdrgjgl.cloudfront.net/ 120 KB
42 KB 73ms
20ms Script
application/javascript 2600:9000:23cb:1800:0:1651:6140:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1oykxszdrgjgl.cloudfront.net/script.js
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:1800:0:1651:6140:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3a3ffdda003bc7bc7d8fdc426b862833319f89115310cd535042b2fc4b664e43

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:43:37 GMT
content-encoding: gzip
last-modified: Mon, 12 Sep 2022 17:31:03 GMT
server: AmazonS3
age: 260
etag: W/"34048f096fcf735858f34298ddb8d4ad"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 694c2ab22098fd212b8d6808ee6c5aaa.cloudfront.net (CloudFront)
cache-control: max-age=600,public,must-revalidate
x-amz-cf-pop: JFK50-P1
x-amz-cf-id: cBzkdZTC1j7b5OGvxTSdXPCJyfc1o-dTRai458DM2CPMgMhOA8J50w==

GET
DATA 200
OK truncated
/ Frame F1B0 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 pubads_impl_2022090801.js Show response
securepubads.g.doubleclick.net/gpt/ 382 KB
130 KB 59ms
19ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dba21b69260b204a0ea685b1388df50b9c490e8db990610b08499aef93a72f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 16:01:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67590
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133090
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 08:35:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 12 Sep 2023 16:01:26 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 111 B
112 B 77ms
34ms XHR
application/json 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=mariopartylegacy.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8292e076c85520d9770a2739a10f142c0471931cf0107d528626fa9bc998a0d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87
x-xss-protection: 0
expires: Tue, 13 Sep 2022 10:47:56 GMT

POST
H3 200 1a Show response
i.clean.gg/ 0
15 B 50ms
27ms XHR
application/octet-stream 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 63ms
27ms Preflight
text/plain 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mariopartylegacy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 13 Sep 2022 10:47:56 GMT
server: nginx/1.21.6
via: 1.1 google

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
792 B 122ms
39ms Script
application/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=mariopartylegacy.com

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 88ms
37ms Script
application/javascript 2607:f8b0:4006:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mariopartylegacy.com

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 360ms
359ms XHR
text/plain 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2837811250882824&correlator=2295835820499971&eid=31068500%2C31068929&output=ldjh&gdfp_req=1&vrg=2022090801&ptt=17&impl=fifs&tfua=0&tfcd=0&iu_parts=21726375739%3A22756711119%2CVM_58e3a82446e0fb000143f01b&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x250&ifi=1&adks=1634366647&sfv=1-0-38&fsapi=false&prev_scp=hb_pb%3D0.11%26hb_adid%3D58e3a83746e0fb000143f024-1000%26hb_iv%3D1%26sv%3D1%26re_ve%3Dbf953f91-v6.28.0_fr%26pg_ld_id%3Dc17ecbba25d6672abefeacf0651c599b%26mo%3Dscan%26ac_id%3D58e3a7fb46e0fb0001b2d13e%26si_id%3D58e3a82446e0fb000143f01b%26pl_id%3D58e3a83746e0fb000143f024%26co%3DCA%26co_sd%3D%26is_mo%3Dfalse%26br_nm%3Dchrome%26de_ty%3Ddesktop%26os_nm%3Dwindows%26is_ta%3Dtrue%26is_vi%3Dtrue%26is_if%3Dtrue%26pa_ty%3Dshare%26fi%3D0%26pa_fl%3D0%26lo_in%3D1%26gd_en%3Dfalse%26hb_bt%3D2022-08-10%252010%253A06%253A11%26ta_si%3D728x90%26rt_sh%3D0.6%26di_sh%3D0.6%26aw_cm%3D-32%26np_md%3Dfalse%26cm_st%3Dnotapply%26cm_es%3Dunknown%26cm_ds%3Dunknown%26ab_md%3Dfalse%26v_c%3D%26ss_id%3Df9595c8e50ca3fe4b9c16c4f57146145%26to_sp%3D1&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1663066076653&lmt=1663066076&dlt=1663066075470&idt=1117&adxs=436&adys=306&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmariopartylegacy.com%2F&frm=20&vis=1&psz=970x-1&msz=728x-1&fws=4&ohw=1600&rtgs=1&max_w=970&max_h=250&min_w=728&min_h=90&ga_vid=1350949069.1663066076&ga_sid=1663066077&ga_hid=389646202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97e76d358eb3575e3ebaf7b919a5d0fb801ac267df002882a4ee90fddfb2f9d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9302
x-xss-protection: 0
google-lineitem-id: 4753389744
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138238778460
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 95ms
42ms XHR
application/json 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022090801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

540454962825aed8f17a0552980aed58a8d040e50ce761447da221d054812904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11285
x-xss-protection: 0

GET
H2 200 container.html Show response
c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 31CA 6 KB
4 KB 131ms
34ms Document
text/html 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:47:56 GMT
expires: Wed, 13 Sep 2023 10:47:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame 4456 483 B
870 B 59ms
18ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 326789
x-amz-request-id: txaf6e2c1c2f9f41df87375-00631b6357
x-amz-id-2: txaf6e2c1c2f9f41df87375-00631b6357
last-modified: Fri, 09 Sep 2022 16:00:45 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucuUsoiLzt3nWbRisBGXy2il8VBUfLzIM2mrw%2Bw9ZivG3wuW3sIijTB78u9z339JYp9LQxpOxENl7h%2BySkZsE9BMpkPA2jCIp7oJg5Uc%2Bi%2BR76mM97Cpj4zl82XHT1gjvLWAAvC1CfQqFLD0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1662739245697142
cf-ray: 74a04ec388e44bcb-YUL

POST
H2 200 cookie_sync Show response
pbs.venatusmedia.com/ Frame 4456 4 KB
944 B 168ms
39ms XHR
application/json 35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs.venatusmedia.com/cookie_sync
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: 1cf56f38cef3acc0ca544006317d5c99e086f503b6c38b89e96dc7ff9d46b153

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
pbs: nam
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 710
via: 1.1 google
expires: 0

POST
H2 200 auction Show response
pbs.venatusmedia.com/openrtb2/ Frame 4456 406 B
394 B 164ms
41ms XHR
application/json 35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs.venatusmedia.com/openrtb2/auction
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: c27a0f2694d067e38175c95eb364a7c565fc1d326930a14272f4ff9ff698a20a

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
x-prebid: pbs-java/1.79.0
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
pbs: nam
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
via: 1.1 google
expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 4456 24 B
525 B 75ms
22ms XHR
application/json 23.92.190.69
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.28.0
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.92.190.69 Katy, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: /
Resource Hash: 70e55e1491cf289e12baf4a42cb0bf12d296fef7bc18f975b7e7b3b6860c4c80

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mariopartylegacy.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ewr1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame 4456 486 B
830 B 256ms
175ms XHR
application/json 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e1d0287283928af07afff92aba4c963f5d0b86ee2ff05011d8846eaced1cde57

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
server: envoy
vary: origin, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 148
content-length: 260

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 4456 310 B
1 KB 165ms
27ms XHR
application/json 2602:803:c002:200::116
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13762&site_id=160038&zone_id=767292&size_id=19&alt_size_ids=43%2C44%2C117&rp_schain=1.0,1!venatus.com,58e3a82446e0fb000143f01b,1,,,&eid_pubcid.org=513a2b71-8dcf-453d-8e0d-00d6e9da84e3%5E1&rf=https%3A%2F%2Fmariopartylegacy.com%2F&tk_flint=pbjs_lite_v6.28.0&x_source.tid=05a64797-e4c5-406a-aedf-89ce2b6fed1f&l_pb_bid_id=10fcdc78d624bba&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.20999079105994722
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7ee4ef45ec190a70a56f43b8a5bc3697c28eba81a9b6f6baef83b08741d32ba3

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:56 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 310
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 4456 283 B
1 KB 195ms
28ms XHR
application/json 2602:803:c002:200::116
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13762&site_id=160038&zone_id=767292&size_id=15&rp_schain=1.0,1!venatus.com,58e3a82446e0fb000143f01b,1,,,&eid_pubcid.org=513a2b71-8dcf-453d-8e0d-00d6e9da84e3%5E1&rf=https%3A%2F%2Fmariopartylegacy.com%2F&tk_flint=pbjs_lite_v6.28.0&x_source.tid=c9a04c4c-b588-4009-9a04-b0153b6f0251&l_pb_bid_id=11780be4c461571&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.724407268604754
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d5763082f22f1b266ad9526c5ef3f30390b24e5848be77bbfa386c277b14d98a

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:56 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 283
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 4456 37 B
571 B 131ms
61ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=171567&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221221098d4bbca65%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A3%2C%22msi%22%3A3%2C%22mfu%22%3A0%2C%22bu%22%3A2%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A2%2C%22ren%22%3Afalse%2C%22version%22%3A%226.28.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221389524da0a0114%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22320x50%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22320x100%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22300x100%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22300x50%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2214555ebffa0a563%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22venatus.com%22%2C%22sid%22%3A%2258e3a82446e0fb000143f01b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22513a2b71-8dcf-453d-8e0d-00d6e9da84e3%22%7D%5D%7D%5D%7D%7D
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3436d3c4df3c679dc1fb73efbadd55f05b62959168e0129128e491656702adca

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GllQgJj%2F6WOYDC2jMjoojYwN%2Bh22nwHROqP8MVqKhgh2MKkRZDcIDwNtoqxvpp6Zco%2BXCNc6lT9VPtYRPtca14tzb9mDrA4xkACmEl%2BkpALMUqrVu5hL2zbA6BUzjSXnWST4kwX"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 74a04ec40b97a1da-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4456 16 KB
9 KB 302ms
263ms XHR
application/json 68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

83ba999d199db8be6582ac081da2eb0c2a05396b92fc35333e12437026a2a621

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 13 Sep 2022 10:47:57 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 369e553c-625e-422b-84e0-5d4e4030f46c
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 4456 18 B
318 B 143ms
25ms XHR
application/json 74.119.119.129
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.28.0&cb=14427717419

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.129 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

bidder.va1.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

POST
H2 204 pb Show response
ad.360yield.com/ Frame 4456 0
370 B 210ms
92ms XHR
text/plain 44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://mariopartylegacy.com
date: Tue, 13 Sep 2022 10:47:56 GMT
access-control-allow-credentials: true
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST pb
ad.360yield.com/ Frame 4456 0
0

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ Frame 4456 180 B
638 B 86ms
27ms XHR
application/json 195.244.31.11
IGUANA-WORLDWIDE

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fmariopartylegacy.com%2F&SafeFrame=true&CanonicalUrl=https%3A%2F%2Fmariopartylegacy.com%2F&PublisherDomain=https%3A%2F%2Fmariopartylegacy.com

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

195.244.31.11 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),

Reverse DNS

Software

ayl-lb-usa02 /

Resource Hash

5dcb21a8683035807bbaaa32c7d4d771dd884d148ca5db8ea2746310784b5afa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
x-content-type-options: nosniff
p3p: CP="CAO PSA OUR"
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
content-length: 180
pragma: no-cache
server: ayl-lb-usa02
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

GET
H2 200 arj Show response
venatusmedia-d.openx.net/w/1.0/ Frame 4456 173 B
594 B 170ms
113ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://venatusmedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fmariopartylegacy.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c9a04c4c-b588-4009-9a04-b0153b6f0251&nocache=1663066076732&pubcid=9b9d9d70-ee71-47cd-ac14-aa53db883c9f&schain=1.0%2C1!venatus.com%2C58e3a82446e0fb000143f01b%2C1%2C%2C%2C&aus=300x250&divids=1003-58e3a84046e0fb000143f026-1&aucs=&auid=538731336
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: db32f49acd2a4475497b35146476dbb4088170567de999e9c1d6875d884be376

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mariopartylegacy.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK runtime-c5040a30986fc1d092cc.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 4 KB
3 KB 32ms
32ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D18) /
Resource Hash: 5de6e83c84280798e52931aae72c3e30c0afc4dfc385b5e9352a67846096abc5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 2103
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:42 GMT
Server: ECS (nyb/1D18)
Etag: "e3bac7bbcce0b4c5a7d1d12f33d62321+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK modules.c7def0268c66f6a548ed.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 286 KB
94 KB 35ms
24ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/modules.c7def0268c66f6a548ed.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D08) /
Resource Hash: cdc46119f82b8cc0c4fa0ad51203da3154d0aee0e887aaf26a46988e5f359070

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1087481
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 95749
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:21 GMT
Server: ECS (nyb/1D08)
Etag: "51acddf0dbfab928b183f36c1ee67619+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK main-e9db78f5e7b3d83edd5e.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 90 B
657 B 58ms
20ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D24) /
Resource Hash: 80534a6e1ec41d37acec8be383f8d1112dbbeea31dd51ead47463095c13bff3a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (nyb/1D24)
Age: 1087481
Etag: "8e33207e7b788da9abde5b6d33da0b00"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 90

GET
H/1.1 200
OK _app-6b59be76f6e3292c4dd6.js Show response
platform.twitter.com/_next/static/chunks/pages/ Frame 7839 1 KB
1 KB 77ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/_app-6b59be76f6e3292c4dd6.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D19) /
Resource Hash: 0b646f6a0117000d7a12cb08668222c21cd3ae0194b31cb4a12a60547171e380

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 668
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:41 GMT
Server: ECS (nyb/1D19)
Etag: "be3e428d416daa9027cecf70b5f26bf9+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK %5BscreenName%5D-568c81a96d7917ec4ebb.js Show response
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/ Frame 7839 13 KB
2 KB 84ms
20ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-568c81a96d7917ec4ebb.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1DD2) /
Resource Hash: 4b6bd6798b332659706f4e6160d766e6aeb6f994363807c825dacbe82c613604

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 1258
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:42 GMT
Server: ECS (nyb/1DD2)
Etag: "91226f111c965b9d32e61425d0e4a158+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK _buildManifest.js Show response
platform.twitter.com/_next/static/fJUFW1qGayM-Fl0txyHpE/ Frame 7839 1 KB
1014 B 89ms
17ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/fJUFW1qGayM-Fl0txyHpE/_buildManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1A) /
Resource Hash: c60ab75be523fbf7e9a4ca0f6012921d7c3f61a6e3b85ee284e597d471c461ed

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 416
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:41 GMT
Server: ECS (nyb/1D1A)
Etag: "1f6a6abc61cbf7717855800fa8295867+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK _ssgManifest.js Show response
platform.twitter.com/_next/static/fJUFW1qGayM-Fl0txyHpE/ Frame 7839 76 B
643 B 56ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/fJUFW1qGayM-Fl0txyHpE/_ssgManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D2C) /
Resource Hash: 653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Thu, 01 Sep 2022 19:07:41 GMT
Server: ECS (nyb/1D2C)
Age: 1006674
Etag: "abee47769bf307639ace4945f9cfd4ff"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 76

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 118ms
49ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Sep 2022 10:47:56 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame 4456 72 KB
23 KB 56ms
21ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65910d9ad85211ab3195d9d6947901ca337e779f404344bc7209b5809d70e18c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 324359
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: txdf72e48594e14b7684973-00631b65eb
x-amz-id-2: txdf72e48594e14b7684973-00631b65eb
last-modified: Fri, 09 Sep 2022 16:00:45 GMT
server: cloudflare
etag: W/"831813ee9b2fc0d248741417a0e3b488"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQRAN0bdWvV0CVWjGwUiGX%2BAaXsJ0fC1VmitiUxmz%2BCfhP2YxqhpLOSzgUzdZX%2B653nlNTasuqStdEa1Pom1U9avK5jFvNWkQokdxdvV3oYrFz5DYrIQzLnK%2BhxNWP6zpwlbegUgoaC2k4ml"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1662739245061580
cf-ray: 74a04ec4294b7142-YUL
access-control-allow-headers: Authorization

GET
H/1.1 200
OK 2.691622e4391d1973cb65.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 23 KB
8 KB 19ms
19ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D11) /
Resource Hash: 2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1087481
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 7674
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:20 GMT
Server: ECS (nyb/1D11)
Etag: "942b5b928a24465d1906b4716131d896+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 13.1400171dc985d5f47aaf.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 37 KB
12 KB 18ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/13.1400171dc985d5f47aaf.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0D) /
Resource Hash: 1dfec866aa3a6679f2692fe6aa7ff41ae4d676e287239ced6409c05a4d715f68

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 11940
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:42 GMT
Server: ECS (nyb/1D0D)
Etag: "15b5ec14cb278c05621cea19cb44555b+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H2

500

umcheck Show response
cs.emxdgt.com/ Frame 5E60
Redirect Chain

https://cs.emxdgt.com/um?ssp=pbs&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26ui...
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcs.emxdgt.com%2Fumcheck%3Fapnxid%3D%24UID%26redirect%3Dhttps%253A%252F%252Fpbs.venatusmedia.com%252Fsetuid%253Fbidder%253Demx_digital%2526gdpr%...
https://cs.emxdgt.com/umcheck?apnxid=4776604448345215037&redirect=https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$EMXUID&b64_redirect=aHR0cHM6Ly9wYnM...

511 B
568 B

5811ms
5810ms

Document
text/html

18.214.193.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/umcheck?apnxid=4776604448345215037&redirect=https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$EMXUID&b64_redirect=aHR0cHM6Ly9wYnMudmVuYXR1c21lZGlhLmNvbS9zZXR1aWQ/YmlkZGVyPWVteF9kaWdpdGFsJmdkcHI9JmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0mZj1iJnVpZD0kRU1YVUlE
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.214.193.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-193-123.compute-1.amazonaws.com
Software: /
Resource Hash: 8c3d3c6c0c12b0ebe7d355c3d337e9b5f2115bbfeb99fce7804e391a006cde54

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 511
content-type: text/html
date: Tue, 13 Sep 2022 10:48:02 GMT

Redirect headers

AN-X-Request-Uuid: 4765a144-f5be-433d-a2e6-3b8a8f530141
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 10:47:57 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://cs.emxdgt.com/umcheck?apnxid=4776604448345215037&redirect=https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$EMXUID&b64_redirect=aHR0cHM6Ly9wYnMudmVuYXR1c21lZGlhLmNvbS9zZXR1aWQ/YmlkZGVyPWVteF9kaWdpdGFsJmdkcHI9JmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0mZj1iJnVpZD0kRU1YVUlE
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H/1.1 200
OK 0.8f205dbb7b06b224e307.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 595 KB
183 KB 18ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/0.8f205dbb7b06b224e307.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D04) /
Resource Hash: dfde5485c4fc9e9acca625d86fbeb240c9bd3ab78a395721aae49aa97b091c93

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1087481
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 186671
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:22 GMT
Server: ECS (nyb/1D04)
Etag: "11f6449263029b9f59f18afa52cc99ed+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 1.d77d8092171c9a9ccc4c.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 1 MB
290 KB 20ms
19ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/1.d77d8092171c9a9ccc4c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D07) /
Resource Hash: 5631fc48e76457a804176c23175cd0bfbecec9f01e126e952a38fd72b764e5ed

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 296589
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:42 GMT
Server: ECS (nyb/1D07)
Etag: "d951ba70c2a27d88a8b99a82c9a7361b+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 4.096fc3966cc81b0f4642.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 2 KB
2 KB 19ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/4.096fc3966cc81b0f4642.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0F) /
Resource Hash: cf0bea09a1804cee4bc3effc8b920594928f674754be42ad17692ea6fe45cbbe

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:56 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 1249
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:42 GMT
Server: ECS (nyb/1D0F)
Etag: "74fc8570e9c4ef27736b0fd8e9534b6f+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A23A 13 KB
5 KB 63ms
19ms Document
text/html 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 61036
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 17:50:40 GMT
expires: Tue, 12 Sep 2023 17:50:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET aframe
www.google.com/recaptcha/api2/ 0
0

GET
H3 200 PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js Show response
pagead2.googlesyndication.com/bg/ Frame A23A 36 KB
16 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ec80ab4268df9789b6af0dde736283e282147fcb8dd88ca5e3acd70882036e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 14:40:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158857
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15954
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Sep 2023 14:40:19 GMT

GET
H/1.1 200
OK ondemand.Dropdown.5730e0a49ea6a6dde3b4.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 6 KB
3 KB 18ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/ondemand.Dropdown.5730e0a49ea6a6dde3b4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D25) /
Resource Hash: df0d77bff49f6ce8fcedd36c2bac801d98c148546ba6faaaaa25302a7f862faf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:57 GMT
Content-Encoding: gzip
Age: 1006674
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 2597
x-tw-cdn: VZ
Last-Modified: Thu, 01 Sep 2022 19:07:42 GMT
Server: ECS (nyb/1D25)
Etag: "deb1205c6e01f2720f75bbd978f5925b+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK vendors~ondemand.LottieWeb.84a69543ec64b75cae2a.js Show response
platform.twitter.com/_next/static/chunks/ Frame 7839 148 KB
42 KB 18ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/vendors~ondemand.LottieWeb.84a69543ec64b75cae2a.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-c5040a30986fc1d092cc.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D0D) /
Resource Hash: 222fa391f26a0b6f4b5d8459ada308e078e6d2e69707766e247692a6f45676c8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:57 GMT
Content-Encoding: gzip
Age: 1087482
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 41941
x-tw-cdn: VZ
Last-Modified: Wed, 17 Aug 2022 17:37:21 GMT
Server: ECS (nyb/1D0D)
Etag: "72929dff5e574c1b877555fd36c7683a+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H2 200 like.3.json Show response
abs.twimg.com/sticky/animations/ Frame 7839 19 KB
2 KB 87ms
18ms Fetch
application/json 2606:2800:21f:5b71:3e29:d001:be46:4bcc
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://abs.twimg.com/sticky/animations/like.3.json

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/1.d77d8092171c9a9ccc4c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:21f:5b71:3e29:d001:be46:4bcc , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyb/46EA) /

Resource Hash

7d2cdcfb9a06ae6226f06b3cb14c4a53fa0f94ec5048dfb469d6834f6fb4e124

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1114580
x-ton-expected-size: 19835
x-cache: HIT
vary: Accept-Encoding
content-length: 1627
x-response-time: 9
surrogate-key: twitter-assets
last-modified: Tue, 15 Feb 2022 21:43:54 GMT
server: ECAcc (nyb/46EA)
etag: "b9munHAdxNyPtNl2GaO2bw=="
strict-transport-security: max-age=631138519
content-type: application/json
access-control-allow-origin: *
x-connection-hash: b2416fb8c94532ef46b2069f2a8d4ab6aa32507f9132cb6f6efe61940801c5b3
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Wed, 13 Sep 2023 10:47:57 GMT

GET
H2 200 FchSf9gacAc7_zg.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 7839 34 KB
34 KB 155ms
96ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/FchSf9gacAc7_zg.jpg

Requested by

Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5ae46e7d4cede0d4a7f1612768008668b0cfb2e6d17a8d63e2d9f2cf34b80bbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Tue, 13 Sep 2022 07:51:47 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, MISS
server-timing: x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 35052
x-served-by: cache-fty21362-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcMfivPaIAA1EJn.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 7839 31 KB
31 KB 87ms
34ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/FcMfivPaIAA1EJn.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4b4f5b60d49a29fea94c6c61db57d0e6b54b6bedfb051f7aaddbf4f1735123dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Fri, 09 Sep 2022 06:56:44 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 31304
x-served-by: cache-fty21363-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcCWVoSagAEJ87V.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 7839 27 KB
27 KB 84ms
32ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/FcCWVoSagAEJ87V.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2bee0d563edebc31a6e69fb17bf224b00e73b4278cd0d480a7666e1fb7afd27c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Wed, 07 Sep 2022 07:40:19 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 27214
x-served-by: cache-fty13724-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fb3iFCIaIAEShXH.jpg
pbs.twimg.com/media/ Frame 7839 131 KB
132 KB 166ms
117ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fb3iFCIaIAEShXH.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

22c7e0e314fa1ee6e628b537d92e672b2768b61544cf2532eb69fcfe711adf9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 05 Sep 2022 05:15:47 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 134560
x-served-by: cache-fty13729-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbqeUVsaMAIjW2X.jpg
pbs.twimg.com/tweet_video_thumb/ Frame 7839 57 KB
57 KB 116ms
69ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/FbqeUVsaMAIjW2X.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0ecaf4e8ec6cea3892eb9c2bbb9ef4ab6fb5b5616beec753625c4013abdf4fca

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Fri, 02 Sep 2022 16:24:18 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 57914
x-served-by: cache-fty21336-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 2604.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 7839 999 B
894 B 63ms
15ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/2604.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2df380cb1ad10e7b3eb3e60c8cf95aa66a097ef6a4f231cdffdaf981fbcdb367

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 538
etag: "sSh/Yi7kDYv8XACLF28Opw=="
x-served-by: cache-fty21383-FTY, cache-yul12826-YUL
last-modified: Wed, 21 Feb 2018 22:32:26 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Wed, 08 Jun 2022 10:38:33 GMT

GET
H2 200 1f3be.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 7839 857 B
585 B 64ms
16ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f3be.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

efacee7759e431f77426efc9ff019bca09c1dd1e6af5d30643ac766874f85571

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 444
etag: "B6q22JLzXVKZMhltvSAQHw=="
x-served-by: cache-fty21336-FTY, cache-yul12826-YUL
last-modified: Wed, 21 Feb 2018 22:30:51 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Wed, 08 Jun 2022 10:39:25 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 7839 43 B
122 B 41ms
41ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1663066077595%2C%22event_namespace%22%3A%7B%22action%22%3A%22results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%221bfeb5c3714e8%3A1661975971032%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MPLNetwork%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%2254fb0dd%3A1662057638149%22%2C%22widget_data_source%22%3A%22screen-name%3AMPLNetwork%22%7D&session_id=3f8ee04b82520eb508750f8b46a414d5927f3980

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/srv/timeline-profile/screen-name/MPLNetwork?dnt=false&embedId=twitter-widget-1&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=440px&origin=https%3A%2F%2Fmariopartylegacy.com%2F&sessionId=3f8ee04b82520eb508750f8b46a414d5927f3980&showHeader=true&showReplies=false&siteScreenName=MPLNetwork&transparent=false&widgetsVersion=1bfeb5c3714e8%3A1661975971032
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-response-time: 7
date: Tue, 13 Sep 2022 10:47:57 GMT
last-modified: Tue, 13 Sep 2022 10:47:57 GMT
server: tsa_b
vary: Origin
content-type: image/gif
cache-control: must-revalidate, max-age=600
x-connection-hash: 9fdb4eeca8224f6a2c4f130d7cffc42dce493530293914b34f035d87c60d6cc3
strict-transport-security: max-age=631138519
content-length: 43

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EBEF 783 B
535 B 98ms
40ms Document
text/html 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e9be626283432b18e9f062d0956034a56920d78b80f8f7bd1838282b9a44052e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mjgd90PmVHL-Mgk64nhYvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-mjgd90PmVHL-Mgk64nhYvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:47:57 GMT
expires: Tue, 13 Sep 2022 10:47:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
122 B 88ms
41ms Script
application/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=mariopartylegacy.com

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 82ms
40ms Script
application/javascript 2607:f8b0:4006:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mariopartylegacy.com

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 78ms
78ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_paw&pvsid=2837811250882824&vrg=2022090801&nw_id=21726375739%5C%2C22756711119&nslots=2&eid=31068500%2C31068929&pub_url=https%3A%2F%2Fmariopartylegacy.com%2F&sig=0&req=0&req_cnt=3&dm=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
10 KB 487ms
487ms XHR
text/plain 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2837811250882824&correlator=497538831777423&eid=31068500%2C31068929&output=ldjh&gdfp_req=1&vrg=2022090801&ptt=17&impl=fifs&tfua=0&tfcd=0&iu_parts=21726375739%3A22756711119%2CVM_58e3a82446e0fb000143f01b&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C320x50%7C300x100%7C320x100&ifi=2&adks=1211667048&sfv=1-0-38&fsapi=false&prev_scp=hb_pb%3D0.01%26hb_adid%3D609525109ddea76a9b42dab2-1001%26hb_iv%3D1%26sv%3D1%26re_ve%3Dbf953f91-v6.28.0_fr%26pg_ld_id%3Dc17ecbba25d6672abefeacf0651c599b%26mo%3Dscan%26ac_id%3D58e3a7fb46e0fb0001b2d13e%26si_id%3D58e3a82446e0fb000143f01b%26pl_id%3D609525109ddea76a9b42dab2%26co%3DCA%26co_sd%3D%26is_mo%3Dfalse%26br_nm%3Dchrome%26de_ty%3Ddesktop%26os_nm%3Dwindows%26is_ta%3Dtrue%26is_vi%3Dtrue%26is_if%3Dtrue%26pa_ty%3Dshare%26fi%3D0%26pa_fl%3D0%26lo_in%3D1%26gd_en%3Dfalse%26hb_bt%3D2022-08-10%252010%253A06%253A11%26ta_si%3D300x50%26rt_sh%3D0.6%26di_sh%3D0.6%26aw_cm%3D-32%26np_md%3Dfalse%26cm_st%3Dnotapply%26cm_es%3Dunknown%26cm_ds%3Dunknown%26ab_md%3Dfalse%26v_c%3D%26ss_id%3Df9595c8e50ca3fe4b9c16c4f57146145%26bf_br%3D21700000%26af_im%3D21700000&eri=1&sc=1&cookie=ID%3Dddae48b5fd03b39c-222083b6ed7e0045%3AT%3D1663066076%3AS%3DALNI_MaNXXpCuxbsNLdihWHs6i9fXlZ_hA&gpic=UID%3D00000969f5a3f0af%3AT%3D1663066076%3ART%3D1663066076%3AS%3DALNI_MZepan3u8wnV0Ormw1DgKfjszp67g&abxe=1&dt=1663066077771&lmt=1663066077&dlt=1663066075470&idt=1117&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmariopartylegacy.com%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=132&ohw=1600&rtgs=1&max_w=320&max_h=100&min_w=300&min_h=50&ga_vid=1350949069.1663066076&ga_sid=1663066077&ga_hid=389646202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b09ee6851a73c9478432b5c40896cee45d41ec6e384488e0491651a076e759ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9773
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
11 KB 503ms
503ms XHR
text/plain 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2837811250882824&correlator=3989460655495423&eid=31068500%2C31068929&output=ldjh&gdfp_req=1&vrg=2022090801&ptt=17&impl=fifs&tfua=0&tfcd=0&iu_parts=21726375739%3A22756711119%2CVM_58e3a82446e0fb000143f01b&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=3&adks=3997522798&sfv=1-0-38&fsapi=false&prev_scp=hb_pb%3D0.03%26hb_adid%3D58e3a84046e0fb000143f026-1003%26hb_iv%3D1%26sv%3D1%26re_ve%3Dbf953f91-v6.28.0_fr%26pg_ld_id%3Dc17ecbba25d6672abefeacf0651c599b%26mo%3Dscan%26ac_id%3D58e3a7fb46e0fb0001b2d13e%26si_id%3D58e3a82446e0fb000143f01b%26pl_id%3D58e3a84046e0fb000143f026%26co%3DCA%26co_sd%3D%26is_mo%3Dfalse%26br_nm%3Dchrome%26de_ty%3Ddesktop%26os_nm%3Dwindows%26is_ta%3Dtrue%26is_vi%3Dtrue%26is_if%3Dtrue%26pa_ty%3Dshare%26fi%3D0%26pa_fl%3D0%26lo_in%3D1%26gd_en%3Dfalse%26hb_bt%3D2022-08-10%252010%253A06%253A11%26ta_si%3D300x250%26rt_sh%3D0.6%26di_sh%3D0.6%26aw_cm%3D-32%26np_md%3Dfalse%26cm_st%3Dnotapply%26cm_es%3Dunknown%26cm_ds%3Dunknown%26ab_md%3Dfalse%26v_c%3D%26ss_id%3Df9595c8e50ca3fe4b9c16c4f57146145%26bf_br%3D21700000%26af_im%3D21700000&eri=1&sc=1&cookie=ID%3Dddae48b5fd03b39c-222083b6ed7e0045%3AT%3D1663066076%3AS%3DALNI_MaNXXpCuxbsNLdihWHs6i9fXlZ_hA&gpic=UID%3D00000969f5a3f0af%3AT%3D1663066076%3ART%3D1663066076%3AS%3DALNI_MZepan3u8wnV0Ormw1DgKfjszp67g&abxe=1&dt=1663066077774&lmt=1663066077&dlt=1663066075470&idt=1117&adxs=1100&adys=580&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmariopartylegacy.com%2F&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=4&ohw=1600&rtgs=1&max_w=300&max_h=250&min_w=300&min_h=250&ga_vid=1350949069.1663066076&ga_sid=1663066077&ga_hid=389646202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ac02891b27823988aa0fb9191d5b2ab916dd49cce09ca4ee8bbad196474bcbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11236
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 xa94iR5U_normal.jpg
pbs.twimg.com/profile_images/1557916820362760192/ Frame 7839 2 KB
2 KB 24ms
23ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1557916820362760192/xa94iR5U_normal.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2ec2fb171e1620562e36b696354c0aeb30f901ac6d5797a01b2301c8645de308

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Fri, 12 Aug 2022 02:26:09 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 2339
x-served-by: cache-fty21366-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 HLvzAmah
pbs.twimg.com/card_img/1568201945109651456/ Frame 7839 9 KB
9 KB 26ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1568201945109651456/HLvzAmah?format=jpg&name=240x240

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7f2e03bf800e4297ceb63600c207a9595883640324446f7d65c1f7c419acc08d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Fri, 09 Sep 2022 11:35:34 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 9500
x-served-by: cache-fty21350-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcfTLRIaIAES7LU
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 25ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcfTLRIaIAES7LU?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1a8ed29607237e532764ff6ff46fdd97520c33ae6e445ada898e9697a0d4fee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 12 Sep 2022 22:35:29 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5727
x-served-by: cache-fty21365-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcfSxWIaAAAQlvD
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 24ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcfSxWIaAAAQlvD?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ce0920f0283bfe19cf6fb57b0b6882fc4888e615cdd245905746feaf2d3fb125

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 12 Sep 2022 22:33:43 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 6149
x-served-by: cache-fty21323-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcfSx3YaAAApP_V
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 51ms
48ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcfSx3YaAAApP_V?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

753c0217daba8e42bd03b3103f7e8a02d43b376b3f7a24a6c14b336c1aaa8cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 12 Sep 2022 22:33:45 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, MISS
server-timing: x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5708
x-served-by: cache-fty21354-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcfSyXjagAET_nR
pbs.twimg.com/media/ Frame 7839 4 KB
5 KB 26ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcfSyXjagAET_nR?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

126310ace7911a6aec004ee06ab5e5c48833069fc52ba79987981ecb94f87a9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 12 Sep 2022 22:33:48 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 4544
x-served-by: cache-fty21358-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FccM8q2akAAV4Hn
pbs.twimg.com/media/ Frame 7839 5 KB
5 KB 25ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FccM8q2akAAV4Hn?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

734403944e03e15bb0153ebf848c55f61d540effdcf81c3a3bfffaf6a6b90f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 12 Sep 2022 08:09:25 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: MISS, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5054
x-served-by: cache-fty21358-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcXV-hHaMAEVNNc
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 25ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcXV-hHaMAEVNNc?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

608661a180f2b843b19611a5fd02f50276ee47440c0c92fbd35789b23adfefcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Sun, 11 Sep 2022 09:30:46 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 6485
x-served-by: cache-fty21373-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcSAAv1aMAAWZ3y
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 25ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcSAAv1aMAAWZ3y?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5977fa8ea52d584fe87cb70a27beb1fc610dd953b988fd27159195cfe9a06e2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Sat, 10 Sep 2022 08:36:42 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 6422
x-served-by: cache-fty21353-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcHibu3akAEYmQI
pbs.twimg.com/media/ Frame 7839 4 KB
4 KB 24ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcHibu3akAEYmQI?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a24b94f31d9fee028cfd9fc7e810b25145d052efabcbc3514f31b263f9b9b2a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 08 Sep 2022 07:51:16 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 4032
x-served-by: cache-fty21325-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcHf1HRakAE8gS9
pbs.twimg.com/media/ Frame 7839 5 KB
5 KB 23ms
23ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcHf1HRakAE8gS9?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

874f243a9f1e59b8b2de69554fd07e91828c2708457b3eaf47cc2569dcd88829

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 08 Sep 2022 07:39:53 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 4909
x-served-by: cache-fty21348-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcHf1rwaIAY4xg-
pbs.twimg.com/media/ Frame 7839 4 KB
4 KB 24ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcHf1rwaIAY4xg-?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

03167c69766462ad487d85155b442c971b0c5494224b9a71d9de3fe67f8ca59c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 08 Sep 2022 07:39:56 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 4324
x-served-by: cache-fty21363-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FcHf2ObacAErREK
pbs.twimg.com/media/ Frame 7839 5 KB
5 KB 31ms
31ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FcHf2ObacAErREK?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

faee2c502fefa21e57d3ee2db23497df78a27354c19051d2361b8758e8747127

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 08 Sep 2022 07:39:58 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5124
x-served-by: cache-fty13727-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fb9JkudagAEJZZs
pbs.twimg.com/media/ Frame 7839 5 KB
5 KB 26ms
26ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fb9JkudagAEJZZs?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

59d5152b5cc36484345d5030139f42726c7b9e533bc5ec15ce8c21dfeb9fcd2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Tue, 06 Sep 2022 07:26:27 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5266
x-served-by: cache-fty21380-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fb3-c8wakAEeJY0
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 25ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fb3-c8wakAEeJY0?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4ff2b434a7c54ace6f1487f3575062abe7219c1a4fd68a4e5a34de0e111ad312

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 05 Sep 2022 07:19:45 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5782
x-served-by: cache-fty21357-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fb3-IR1akAAniH9
pbs.twimg.com/media/ Frame 7839 8 KB
8 KB 28ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fb3-IR1akAAniH9?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b708635fbfc8d797c342a9b4400924ca767cba109a8ab50abfbb09aaf5681f71

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 05 Sep 2022 07:18:21 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 7961
x-served-by: cache-fty13721-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fb3-JNlaUAAJuaz
pbs.twimg.com/media/ Frame 7839 5 KB
5 KB 27ms
26ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fb3-JNlaUAAJuaz?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7a65f39e0a424d169ce7466d7d39b651328191bfab375d57ff37b0f603fcd329

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 05 Sep 2022 07:18:25 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 4616
x-served-by: cache-fty21382-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fb3-J9FaIAIJuLl
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 25ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fb3-J9FaIAIJuLl?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

239888860762071d6992c5467b0f63afcdf9d945de4db1238df82fd632ece2b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 05 Sep 2022 07:18:28 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5744
x-served-by: cache-fty21355-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbyuEGQagAAGR_u
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 26ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbyuEGQagAAGR_u?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0ac22294a879393741a8b64c7fca06ee5f5bc7f65c62ae06d7924080376249c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Sun, 04 Sep 2022 06:50:03 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5749
x-served-by: cache-fty21351-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fbthf-vaUAAteK0
pbs.twimg.com/media/ Frame 7839 4 KB
4 KB 24ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fbthf-vaUAAteK0?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0cef42f8742099cecb69425cc702bcb2438a6b3fdcb1e8957e3fac9dbea8d0e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Sat, 03 Sep 2022 06:37:04 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 3605
x-served-by: cache-fty21354-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbthHVjacAAh82t
pbs.twimg.com/media/ Frame 7839 5 KB
5 KB 25ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbthHVjacAAh82t?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

de9675c824d446ca7217ce6cb4b588285c47953a6f38d3cc265a9896fbaa026e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Sat, 03 Sep 2022 06:35:23 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5463
x-served-by: cache-fty21346-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbqVrAqaQAAOECF
pbs.twimg.com/media/ Frame 7839 7 KB
7 KB 23ms
23ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbqVrAqaQAAOECF?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ce4a43fb7c3dc8758414c539bb65c273e18bc965174a7192ab70ae882fc551bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Fri, 02 Sep 2022 15:46:31 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 7125
x-served-by: cache-fty13723-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbjUnIJaQAAgNLT
pbs.twimg.com/media/ Frame 7839 5 KB
5 KB 33ms
32ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbjUnIJaQAAgNLT?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

706eff92aac2e99f9d483c82182dcb83456e8ec6712cd801aab3e72546b12e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 01 Sep 2022 07:04:33 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 5027
x-served-by: cache-fty21350-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbjT9Q6aIAEIiDK
pbs.twimg.com/media/ Frame 7839 7 KB
7 KB 32ms
32ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbjT9Q6aIAEIiDK?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a49e862fdeb4e76d59f5eff667f0f01593a32289abe3fc8fb4bf31c9b019cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 01 Sep 2022 07:01:41 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 6681
x-served-by: cache-fty21336-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbjT-DcaQAA5mNH
pbs.twimg.com/media/ Frame 7839 3 KB
4 KB 25ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbjT-DcaQAA5mNH?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0233d3c9020f448a33edeea538ba1424b7a61a3b9433b1273daceea88bbe2e00

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 01 Sep 2022 07:01:45 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 3536
x-served-by: cache-fty13729-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbeiAOJaQAYk3r4
pbs.twimg.com/media/ Frame 7839 3 KB
3 KB 26ms
26ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbeiAOJaQAYk3r4?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0a98976de9a16af304959c0e2cda0e24b0f6b8dfdcd5e623cc2ff8603d9b2f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Wed, 31 Aug 2022 08:44:57 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 2924
x-served-by: cache-fty21381-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fbeh0g7acAAA8sR
pbs.twimg.com/media/ Frame 7839 4 KB
4 KB 26ms
25ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fbeh0g7acAAA8sR?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

264cd082d571d4bf306dbf6a4eff8552a976e7bfd23e7f6b350841a8defd5d2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Wed, 31 Aug 2022 08:44:09 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 3720
x-served-by: cache-fty21345-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fbeh1BAaIAAv4P2
pbs.twimg.com/media/ Frame 7839 3 KB
3 KB 25ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fbeh1BAaIAAv4P2?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

743b4f16b44469f295fc49a34f43206275fc582805041c359dd7c75d838781e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Wed, 31 Aug 2022 08:44:11 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 3293
x-served-by: cache-fty13722-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 Fbeh1oAaMAEK_uy
pbs.twimg.com/media/ Frame 7839 4 KB
4 KB 24ms
23ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/Fbeh1oAaMAEK_uy?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9c7f084bb47763e7b83c776d449461b57fcf5752688e5d95cca6cceac065cd9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Wed, 31 Aug 2022 08:44:14 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 4185
x-served-by: cache-fty21381-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbZDVOmakAANxbR
pbs.twimg.com/media/ Frame 7839 6 KB
6 KB 25ms
24ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbZDVOmakAANxbR?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4c74bf286c261bf175c4d922f9e1b53ed0a7e4dee5b47bdcfbc999069693a563

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Tue, 30 Aug 2022 07:12:51 GMT
date: Tue, 13 Sep 2022 10:47:57 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 6009
x-served-by: cache-fty21366-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 FbURN9raUAAtH48
pbs.twimg.com/media/ Frame 7839 4 KB
4 KB 52ms
51ms Image
image/jpeg 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/FbURN9raUAAtH48?format=jpg&name=120x120

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ffba6a19531714af6bc3fb4b4863676e4c916050f1c2b6c9836c50969795b282

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Mon, 29 Aug 2022 08:55:25 GMT
date: Tue, 13 Sep 2022 10:47:58 GMT
x-tw-cdn: FT
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 4520
x-served-by: cache-fty13723-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 8L4aqn51_mini.png
pbs.twimg.com/profile_images/1499219027906142208/ Frame 7839 2 KB
2 KB 24ms
23ms Image
image/png 2a04:4e42:1c::159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1499219027906142208/8L4aqn51_mini.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1c::159 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ed685cec29cdd76d6984eef3c3c7505e4d35062be9c22b8eef47d2d2d71b6281

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
x-content-type-options: nosniff
last-modified: Thu, 03 Mar 2022 03:02:05 GMT
date: Tue, 13 Sep 2022 10:47:58 GMT
x-tw-cdn: FT
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-cache: HIT, HIT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
content-length: 2039
x-served-by: cache-fty13722-FTY, cache-bos4647-BOS, cache-tw-ZZZ1

GET
H2 200 prbds2s Show response
rtb.gumgum.com/usync/ Frame 0B8B 0
100 B 103ms
26ms Document
text/plain 54.236.153.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dgumgum%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26uid%3D
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.153.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-153-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 0
date: Tue, 13 Sep 2022 10:47:58 GMT
etag: "0d41d8cd98f00b204e9800998ecf8427e"
server: nginx
timing-allow-origin: *

POST
H2 200 track_enc Show response
track.venatusmedia.com/dual/ Frame 4456 16 B
168 B 330ms
101ms XHR
application/json 52.213.197.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.venatusmedia.com/dual/track_enc
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.197.181 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-197-181.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://mariopartylegacy.com
date: Tue, 13 Sep 2022 10:47:58 GMT
access-control-allow-credentials: true
content-length: 16
vary: Origin
content-type: application/json

POST
H2 200 auction Show response
pbs.venatusmedia.com/openrtb2/ Frame 4456 406 B
376 B 78ms
39ms XHR
application/json 35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs.venatusmedia.com/openrtb2/auction
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: db874201ae76f49c827617b4216afb6d7ecf663afc30ece8033e19ef181e3ea4

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: gzip
x-prebid: pbs-java/1.79.0
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
pbs: nam
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 307
via: 1.1 google
expires: 0

GET
H3 200 arj Show response
venatusmedia-d.openx.net/w/1.0/ Frame 4456 174 B
187 B 185ms
171ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://venatusmedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fmariopartylegacy.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=5fcc58a1-6345-468d-8c67-d5373f301dec%2C5fcc58a1-6345-468d-8c67-d5373f301dec&nocache=1663066078135&pubcid=9b9d9d70-ee71-47cd-ac14-aa53db883c9f&schain=1.0%2C1!venatus.com%2C58e3a82446e0fb000143f01b%2C1%2C%2C%2C&aus=728x90%2C970x250%7C728x90%2C970x250&divids=1000-58e3a83746e0fb000143f024-1%2C1000-58e3a83746e0fb000143f024-1&aucs=%2C&auid=538731338%2C538731339
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e35abf5f076db7c3505bef249dbe3d290aab4573ceb7df4bc06c3245c52d6f03

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mariopartylegacy.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 4456 302 B
763 B 34ms
33ms XHR
application/json 2602:803:c002:200::116
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13762&site_id=160038&zone_id=767292&size_id=2&alt_size_ids=57&rp_schain=1.0,1!venatus.com,58e3a82446e0fb000143f01b,1,,,&eid_pubcid.org=513a2b71-8dcf-453d-8e0d-00d6e9da84e3%5E1&rf=https%3A%2F%2Fmariopartylegacy.com%2F&tk_flint=pbjs_lite_v6.28.0&x_source.tid=5fcc58a1-6345-468d-8c67-d5373f301dec&l_pb_bid_id=40562e79c163009&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6633331827292757
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 09c4cb7e9d5c200caa3851c606ff2be03de38d9cadab7cf1096149a84e5ddadf

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:58 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 302
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4456 17 KB
9 KB 177ms
177ms XHR
application/json 68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

7f3f9aa1f474e91c3a9123ed1c6a5330ac9793ed3bbf583b94a731dd3dfe9403

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 13 Sep 2022 10:47:58 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 01ded48f-08b8-4eb4-9b8f-69ae55e718e0
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 4456 18 B
317 B 27ms
27ms XHR
application/json 74.119.119.129
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.28.0&cb=69192017822

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.129 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

bidder.va1.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:47:57 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 4456 834 B
2 KB 660ms
125ms XHR
application/json 23.105.12.144
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.105.12.144 Los Angeles, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 96498a12a2e2f062be8ad2251c561bfa2d103f80923a4ea0af82d707c5239089

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H2 200 pb Show response
ad.360yield.com/ Frame 4456 1 KB
645 B 121ms
120ms XHR
application/json 44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: 4b39977b867ee443704b6436fb856593c33e24c5a9c07b7cb35792a198f5adbe

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://mariopartylegacy.com
date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: gzip
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 409
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame 4456 37 B
543 B 78ms
51ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=171567&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22499bb75287987be%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.28.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22509aa460c471f47%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22venatus.com%22%2C%22sid%22%3A%2258e3a82446e0fb000143f01b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22513a2b71-8dcf-453d-8e0d-00d6e9da84e3%22%7D%5D%7D%5D%7D%7D
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b624864fd63d3b6324cbfe4e72fc7f2bd17a3abada38fe16f1a46e78f0d3eb1

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NoYYxI8iFHDgGQSBdS1MaH0aZatF3doeI3ZC89VArZRH8z0ab7poxScLYGFhMzotm9Fw0v0Elu7HpoSpdNfGTCEm%2BYm25Dktbz27EB%2B6ODeD9H3A%2Bp4MLhSaMBEf%2FqpaGC7FE5kH"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 74a04eccaaa7a252-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame 4456 23 KB
12 KB 179ms
178ms XHR
application/json 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: 5dc05f9d5b2fa276fdfb735dd0c9b8cc3899bd4642bedda59615a908f374c982

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:47:57 GMT
content-encoding: gzip
server: envoy
vary: origin, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 154
content-length: 12465

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 4456 24 B
525 B 22ms
22ms XHR
application/json 23.92.190.69
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.28.0
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.92.190.69 Katy, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: /
Resource Hash: c12714fe1fba7f07ba74c777c318e90b4ef7b54c28207d35b36ce0fc87cc0957

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 13 Sep 2022 10:47:58 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mariopartylegacy.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ewr1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H3 200 container.html Show response
c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C4FC 6 KB
3 KB 72ms
20ms Document
text/html 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:47:56 GMT
expires: Wed, 13 Sep 2023 10:47:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 39E4 6 KB
3 KB 33ms
21ms Document
text/html 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:47:56 GMT
expires: Wed, 13 Sep 2023 10:47:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 auction Show response
pbs.venatusmedia.com/openrtb2/ Frame 4456 406 B
371 B 39ms
39ms XHR
application/json 35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs.venatusmedia.com/openrtb2/auction
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: 64a3d735b9af4456b3406c752981e19ac84d52cb4a20bab9aa41eafde8939e66

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: gzip
x-prebid: pbs-java/1.79.0
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
pbs: nam
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
via: 1.1 google
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 4456 302 B
763 B 27ms
26ms XHR
application/json 2602:803:c002:200::116
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13762&site_id=160038&zone_id=767292&size_id=2&alt_size_ids=55&rp_schain=1.0,1!venatus.com,58e3a82446e0fb000143f01b,1,,,&eid_pubcid.org=513a2b71-8dcf-453d-8e0d-00d6e9da84e3%5E1&rf=https%3A%2F%2Fmariopartylegacy.com%2F&tk_flint=pbjs_lite_v6.28.0&x_source.tid=86c684d0-ef5d-42ad-95b4-309d0095528c&l_pb_bid_id=623612f850d58a7&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2207791427380308
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 52ca0718791373d71720ce8447eda9f65de1c9d3b34bd17a861fc274a12b4d0b

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:58 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 302
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame 4456 37 B
506 B 62ms
59ms XHR
application/json 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=171567&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%226379ed7fb5404a2%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.28.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fmariopartylegacy.com%2F%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22642565aed5341da%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22171567%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22venatus.com%22%2C%22sid%22%3A%2258e3a82446e0fb000143f01b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22513a2b71-8dcf-453d-8e0d-00d6e9da84e3%22%7D%5D%7D%5D%7D%7D
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65300d3b75c15467cc0bbc95c87180bf1388ad0923711da99b360d8b24a1a2e

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqzvnlTbV%2BMNYZWYS2e8McYualSRbFx1eyLiFrNP1rM%2BpC4qIznid0pHk3vF5wOpRVrSbkcvKAgAxiXf%2FbAD3%2FfmMUo5i5clBzi8lfCCajMeXsglVR8QHLheLkZubKa5ilWNiaB3"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 74a04ed07f5ea252-YYZ
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 4456 18 B
317 B 28ms
24ms XHR
application/json 74.119.119.129
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.28.0&cb=55172332388

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.129 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

bidder.va1.vip.prod.criteo.com

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 44

POST
H2 200 pb Show response
ad.360yield.com/ Frame 4456 996 B
1 KB 52ms
50ms XHR
application/json 44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.360yield.com/pb
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: 3372c435acb306919c0975372f87e9c0fd852b413a95701c2e0c9461827611af

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://mariopartylegacy.com
date: Tue, 13 Sep 2022 10:47:58 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 996
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H2 200 c Show response
prebid.a-mo.net/a/ Frame 4456 23 KB
12 KB 210ms
207ms XHR
application/json 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: cb193b3c2f1dfcceb57b746e5efb6e333a443f1faaf692e3c0d4c0d1c98e6aba

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:47:58 GMT
content-encoding: gzip
server: envoy
vary: origin, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 183
content-length: 12393

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4456 21 KB
11 KB 196ms
195ms XHR
application/json 68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

47b0b8311de649cf1b7e1dc1b5bde74e63602fed5ac8a640bf6d616cc2db72d3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 13 Sep 2022 10:47:58 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: fa6e3ecf-d53f-40a8-b75c-b286922a1ab3
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EBEF 0
0 78ms
77ms Image
text/html 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022090801&jk=2837811250882824&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2

200

setuid
pbs.venatusmedia.com/ Frame 4456
Redirect Chain

https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%5BUID%5D
https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9

86 B
422 B

39ms
39ms

Image
image/png

35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9
Protocol: H2
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
via: 1.1 google
content-type: image/png
pbs: nam
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:58 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-64
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame 1DBF 272 KB
100 KB 204ms
129ms Script
text/javascript 104.77.220.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU566D6F

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.77.220.25 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-77-220-25.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

343737036659ab2da60dba8711484b9457e7fde594b917c0cb0c54823d90e71f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
x-mnt-h: 22-dhh3
content-encoding: gzip
server: Apache
etag: "b2e62614465a0292fdefcae9f96948e6"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Tue, 13 Sep 2022 10:47:59 GMT
strict-transport-security: max-age=31536000
x-mnt-w: 8-9
expires: Tue, 13 Sep 2022 10:52:59 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame 1DBF 35 B
296 B 72ms
19ms Image
image/gif 104.117.182.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=prod&bdr_typ=1&ss_d1=0&ogerpm=0.0500&ss_d2=0&stid=11175552&other_prv=4&jar_err=&current_day=2.0&adtyp=0&req_id=5153780903008301439&bd_m3=0.0000&bidfp=0.0000&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&predicted_wr=10.9189&exp=&fdbk_id=&second_bidder=*&search_res=27&floor_bucket=0.00&gpid_format=&seat=BID_API&size=970x250&f_seg=Music_and_Party_Video_Games&prdp=0.0365&ogcbdp=0.0500&dfpbd=0.0365&server=1&ogerpm_wd_bkt=0-1&model_version=202209130641_generic_others_1-cid_0&viewability=0.3300&dmm_r=0.0000&cut=27&dmm_l=0.0000&as_cache=1&tcyerpm=&sc=QC&send_erpm=true&dmm_m9=0.0000&sd=0&hb_exp=&seg=Music_and_Party_Video_Games%2Csegment_broad_games%2Csegment_ic_video_gaming%2CVideo_Game_Genres%2CVideo_Gaming&dmm_m4=0.0000&erpm_bucket=0.05&ugd_ver=&requrl=mariopartylegacy.com%2F&bidrestime=1663066078236&cc=CA&strg=harmony&ss=&current_hour=10&time_stamp=2022-09-13+10%3A47%3A58&model_key=generic_others_1-cid_0&rvshhon=&mul_ratio=0.0000&bdp=0.0500&ct=Montr%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BDal&akey=&mnckfl=0&bdp_bucket=0.05&algo=unison19&dc=east_sc&splid=11175552&dn=mariopartylegacy.com&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F105.0.5195.102+Safari%2F537.36&buyer_id=&bdp_wider_bucket=1&acid=905c32d12f6f4fcf8c2299720fd66022&infl=&o_ver=NT+10.0&br_ver=105.0.5195.102&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m5=0.0000&ver=8.14.0&totalTimeBucket=2&visibility=0&totalTime=2460959&dmm_m1=2022-09-13+10%3A47%3A58.237706980&e_rpm=0.0000&dmm_m22=0.0500&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&bdmm_m12=0.0000&cid=8CUH868Z4&bcrid=352177047&rawbid=0.0500&seat_id=BID_API&sub_bidder=196&pst=EMS&pbshr=100.0000&dmm_d10=&o_id=101&clisp=rtb-appnexus-57dd7c57cf-vk5nx.SC&dfp_bucket=0.0&adblk=&itype=appnexus_experiment&pvid_seat=4_BID_API&cliIP=2503514549&advurl=related.360topics.com%2F&level_base=0&crid=341475548&sat=1&br_id=265&cut_bkt=25&gpid=&iwb=1&second_bid=0.000000&sc_pvid=4&capd=0&other_bids=0.05
Requested by: Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.117.182.27 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-117-182-27.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:58 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Tue, 13 Sep 2022 10:47:58 GMT

GET
H2 200 adperformance.js Show response
warp.media.net/rtb/resource/ Frame 1DBF 61 KB
62 KB 93ms
19ms Script
application/javascript 96.17.64.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.17.64.29 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-17-64-29.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=604800
server: nginx
date: Tue, 13 Sep 2022 10:47:58 GMT
content-type: application/javascript;charset=ISO-8859-1
cache-control: max-age=72001
access-control-allow-credentials: true
content-length: 62892
expires: Wed, 14 Sep 2022 06:47:59 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/227/ Frame 1DBF 85 KB
29 KB 127ms
28ms Script
application/x-javascript 23.41.168.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/227/trk.js
Requested by: Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-189.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e8962d65caa8b6f0dc72b61fbb38446161265efab5e41ca343cedfafd139a4e1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:47:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 08:56:29 GMT
Server: AkamaiNetStorage
ETag: "6a0cd0532ee3ee4311615d1638090572:1661936189.164265"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29299
Expires: Wed, 13 Sep 2023 10:47:59 GMT

GET
H/1.1 200
OK it
nym1-ib.adnxs.com/ Frame 1DBF 0
817 B 69ms
20ms Image
text/html 68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fmariopartylegacy.com%252F&e=wqT_3QLcBPBMXAIAAAMA1gAFAQjev4GZBhCvgsjAuZaH3hMYvaCrgYOO-qRCKjYJi2zn-6nxoj8RgIKLFTWYnj8ZAAAAwPUo_D8hgIKLFTWYnj8pi2wJJNAxAAAAQOF6lD8wgI2qBTimBkDqXEjgA1CXl_enAVjvg01gAGiFHXjFzQWAAQGKAQNVU0SSAQEG9GkBmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAh_gAu6QAeoCHWh0dHBzOi8vbWFyaW9wYXJ0eWxlZ2FjeS5jb20vgAMAiAMBkAMAmAMXoAMBqgNBEhg1MTUzNzgwOTAzMDA4MzAxNDM5X3NiaWQaEzE0MjIwNDMxNDAwMTgyNzQ2MDciCTM1MjE3NzA0NyoFTTExNzPAA6wCyAMA2AOdyS_gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODGoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEl5f3pwGIBQGYBQCgBf_igbDOjfrCR8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBfWkCfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0Ab54wLaBhYKEAAAAAAAAAAAAAAJP1gQABgA4AYB8gYCCACABwGIBwCgBwG6BwGoUAAYACAAMAA4tARAAMgHxc0F0gcNCQk2AAAFOAjaBwYBcHAYAOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=3abfeb2c0856460d2e5e34c226f4658be5e55201

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.181.211 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:58 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8cfe76a0-e569-4360-9468-e512f8e255ab
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 track_enc Show response
track.venatusmedia.com/dual/ Frame 4456 16 B
167 B 102ms
101ms XHR
application/json 52.213.197.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.venatusmedia.com/dual/track_enc
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.197.181 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-197-181.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://mariopartylegacy.com
date: Tue, 13 Sep 2022 10:47:59 GMT
access-control-allow-credentials: true
content-length: 16
vary: Origin
content-type: application/json

GET
H3 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
122 B 40ms
39ms Script
application/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=mariopartylegacy.com

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 40ms
40ms Script
application/javascript 2607:f8b0:4006:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mariopartylegacy.com

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 86ms
85ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_paw&pvsid=2837811250882824&vrg=2022090801&nw_id=21726375739%5C%2C22756711119&nslots=3&eid=31068500%2C31068929&pub_url=https%3A%2F%2Fmariopartylegacy.com%2F&sig=1&req=1&req_cnt=4&dm=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
11 KB 539ms
538ms XHR
text/plain 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2837811250882824&correlator=1264036464683535&eid=31068500%2C31068929&output=ldjh&gdfp_req=1&vrg=2022090801&ptt=17&impl=fifs&tfua=0&tfcd=0&iu_parts=21726375739%3A22756711119%2CVM_58e3a82446e0fb000143f01b&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90&ifi=4&adks=3875135371&sfv=1-0-38&fsapi=false&prev_scp=hb_pb%3D0.03%26hb_adid%3D609524789ddea76a9b42daab-1004%26hb_iv%3D1%26sv%3D1%26re_ve%3Dbf953f91-v6.28.0_fr%26pg_ld_id%3Dc17ecbba25d6672abefeacf0651c599b%26mo%3Dscan%26ac_id%3D58e3a7fb46e0fb0001b2d13e%26si_id%3D58e3a82446e0fb000143f01b%26pl_id%3D609524789ddea76a9b42daab%26co%3DCA%26co_sd%3D%26is_mo%3Dfalse%26br_nm%3Dchrome%26de_ty%3Ddesktop%26os_nm%3Dwindows%26is_ta%3Dtrue%26is_vi%3Dtrue%26is_if%3Dtrue%26pa_ty%3Dshare%26fi%3D0%26pa_fl%3D0%26lo_in%3D1%26gd_en%3Dfalse%26hb_bt%3D2022-08-10%252010%253A06%253A11%26ta_si%3D728x90%26rt_sh%3D0.6%26di_sh%3D0.6%26aw_cm%3D-32%26np_md%3Dfalse%26cm_st%3Dnotapply%26cm_es%3Dunknown%26cm_ds%3Dunknown%26ab_md%3Dfalse%26v_c%3D%26ss_id%3Df9595c8e50ca3fe4b9c16c4f57146145%26st_ty%3Dhorb%26bf_br%3D21700000%26af_im%3D21700000&eri=1&sc=1&cookie=ID%3Dddae48b5fd03b39c%3AT%3D1663066076%3AS%3DALNI_MbcWFFAik3XueuvM0ez-Ki1DX951g&gpic=UID%3D00000969f5a3f0af%3AT%3D1663066076%3ART%3D1663066076%3AS%3DALNI_MZepan3u8wnV0Ormw1DgKfjszp67g&abxe=1&dt=1663066079429&lmt=1663066079&dlt=1663066075470&idt=1117&adxs=436&adys=1156&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fmariopartylegacy.com%2F&frm=20&vis=1&psz=1600x-1&msz=728x-1&fws=516&ohw=1600&rtgs=1&max_w=970&max_h=90&min_w=728&min_h=90&ga_vid=1350949069.1663066076&ga_sid=1663066077&ga_hid=389646202&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d962165bf404b1e8e70127b6975399727f671fdd7e90ed8c1b5f12a6c768e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11290
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9E26 624 B
340 B 106ms
47ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNjmXhD_hV8Y9tW3wAEwAQ&v=APEucNUaYTwEdoFbtjJkPqwcN7NqNWPimWXCeg9jGayuQVAOUZvWcEagciZ2w6ktSJ_Y0g1YwFgv-U2gk_ONHlaghLIhepKJvg

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:47:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C4FC 83 KB
34 KB 117ms
64ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CGZI0X8UrjpxaLM2b1w2tyKvI9iJYegwh9lG11O_aBpXs_Xa35GVr3mQkm7Fn4TZ1_EPL_z4BkKknposWWoSUsg_wJNg&cry=1&dbm_d=AKAmf-CP7-RtKDbEWV-GuRkxbLzEbWAYQvNZgcqaKYrc0a1DIHo2IS_32gQ7m9NGNnTqKzSS896XPECAk3JfSMDgRIDPH7rHbDaJQaGCZ-cBAzIPn3w9sjACel3jNzyC-Y5Sa6RMPyMjDj-A68yItfhWtp2N1O2HkH4rnH7Sn7z5SITuu4C6W6mj0_JV-HKUckZoavLozMbTzEOLomywCOmNMD9zMWG3tn-Ql7TsY7GebAYxwCpox4ca2FBdypAh40pfgkysvREhgn08fBH2ejS3c8jY9VhORzLNZeOPjjNvKF-8gSzpyyVt2BDv1wYS8VgIEwn9nzPr64574H5cFiJWSi3g-lhJLnJLAsIBKA5a9De1PIpz4TIQIC1yBugGFERU-7YvIuECbzj3apqAxU01YI1ZPirmCjrXdyce-u_m20KzzAMSx_f58q7BzfhaY3LVHVowiqKAvWLH-eLTRSLnr60MYs0xMY-LAR2KYYkh31ECQsF89oZ3rgN5HLLLVuqvqbijU4pefmAT_asKmkT6muOUiZ-89me1hlRDa-YPPiUfTW4upBrYIeAaYd3AbFgX0TEeRvwvzomVr3NG_7YzvHpnmyT6-nMHIsj9CkYBVIOf6xEmteblCX6zb5HgrYOLxHzxli5x4nSnsXXo4lqCL1UvzJ8LAk2s7q-t0EE6VGlj5o_cscD-KWwJGIF487GOrwiUs8rCGw6gsggO755PT4HRzHLPfCoy-5Ma2NaGmxee6ZEZJGlhf5ky-ZkAL4KEV7mTr9NMdE2Ry2JMLLU7C9N7gR7LPAbxJAYKnGt2ujs7Ypt_pEUIMmpQt0WlWw_oYwJvORmrnMzoIouSTNivMemxRfQCeTWr4KS50bsoFNvqJ8kFQZ2mqhm5O8X-uBwT58M22xAAo0jb-Z9LS9TBkmmch7U61ytSZmyC-unQ_APdfQrOCCihLngKOu59x0kP22pdUE_eq3uUt1luR0gnDbpoiacEXT3YCGM7IqlQiMgPz9_rPH0XNgCd4TKd1ygrqGEjtsA9b2vccpktWfXvYwNJPh2YJXifAw0Dw8RcZA3dy2eK7xUiFvpjMQHNkG4wii0rUbYG1Nr-jqQ2kfGF-V6EZbZukgKV-mBIFS6b0hltAEWrg6_tvha2t-de-ugF_r45qvmZSbKBMHXKwQwVNSXwTXVBbtrRKrKtITTlMsul2Cr0e-hxhVTdT4aDqrF3Qrfc2nvX6cJSg40qT9mFElJpcmPl_llTtNYlSVWg8zP5xEdoN2AL-FqeDNiB0fCOib5WwdetCOqc8y0A2UeHHtzawNE3ZTRPs0QZwiLttkx7KA1jxuVOkD-lJJlSORz-VXyt0DXy9DnbG-Wizq9BmlI-vngtHf19HaaBmDIJBPkFM0GU4Fq4zCWtT378eLp0l9jDBW7tYPtGjeVtbrndpUaKeV7IAwtPXBtW4M26SNl2NHbHW5nqg1wTg4HZEYVLWQvehdiGgToAxZvOqxHIHro6IRuO9EaHMNo62twPo1vwTb_f9A4ZdhzXAKUqRQVbKSb4pm4TDDcmHsAJ9fioUu8x5-zK1d1te1P5zUGfpYfloSkXbOYbY1jmIkevCQJCZFCUp4KnnhUWZD10b81Oh7zHJi3kfRVGqBgg-wJo-9Xph6Njh-ktIqZR7nhKWbYtD6okTDphip2252ildOMzLITTy_3moIO_G0xtQ_3z7pOsn9QHBVflGi4lBAV_fGV4JbIYWqS4khA3e2lQ5fST4_u2n7baH6G3Wlj6VHM7KG4NynAtXFHqnSuAeyAIXyPz6jLn49ho44WK8LxN_8IjcM7E8ee3_WNTKfF5EQOvFQFQNwAS0ZIELiS3jl9aOT6gr4J0PMEQeWwrzIEWK-qjIreIbBP2wp4DY3yFDR7nDgKdOW8w3FcrfSRF1_PdushprgFgjBmXDHzluPj_bb7EgXkyiz6AMiC5FyjfW6GD7UKWzQksgQGD4g7kPogXO1fq1M0yo0YTUerCykagaTZkb2URdXiJ9_6KBJU7aNKn9APRtHE3FMyATHRljY3dSEicK2v0KSXgyx2wE-9SbeXru5fPMHoVtA5vF0RZQpGr7Tra6ou7j5YqSEJciCxssGVt70HgxawFk1w-Wng9JRBfPvGXtR8vI3ylmcnmtT8zebPOQbEZ78uSH0-XXY1arfN41Eyyy4t8Vw4hwZ2Wle7w5CmHcDcPpZ3Wct19lASxqywLyziPtadFRG2czRgGPpMmp3gLrO8l6K9ijntYgTuAR2RzGt3nwEBS9hSnWGlsPOaKdXUWdBGny53tPxmFaV0R_putSWAsJ1NLgnp8H7nTFPyBXiXomS_-dznEhjoJaaRzG-2eJ2UrpiF0_sFDdBR-MmwcWEw8icVEWfDhrePLZnDVl8Dq_grIMJ70rK8VtUXzV1p03A1UpODxjVBM8Vd3o52n_tozGGJjOQum_-DNK4VG4dvF-0irE8rQBZzhcMK7p4NHhcDSWZpzt5YsP23eD9PWMxuuJ1km71-iv1W9AZ17fA7qBlpgCun3k1mje-b9TFr0b5iVRBfFgKL-FGJ3KKGUsxWfKWMBKG5jLVZdN30IgGe7u_USNbZQ0dPlOKuiaKrMdyYu7vdjmR_lu5UmaHw4CjIwLM0_5szhRJyGA5FWDZKXRQjd2UeiSLtEwGc0no50pdXycAJAPrMn7pLuk4FQBK65Lb0ihZr6zY6NBdbZugSg3gEfaYvOycy84H_CTj-8UR2MRqDrGchd8OgvjTC9eu9dfKoNZ3fZ7Xq-CyZIcrL89By1rfzpWtLRX_kjFK9KvLCtQ1Jb2KuOplBDR_9eQzFN4AGImXq6AYFwB_vJHSjBhZaBnEs6zzbQTaxueCbYjiSp-F8_hWU7tiftnhGfrLlRzLuwQaexZFv_GvDwt_6o9pwb1eDvABfzHsVgFyJTG5eevxeWHlyfC7kv-yEE4mR9s0zYdayZ2XkSVdrpxn0mO6IpEeJR1VBpiiHx2gHR72oWi63UEcJjuGLbrfosyw-YyvcVLhx9tCazGMpRp8nJ19nAOzHkOsAGqztJ7J8MWGHLLC2BJjv13cYN-iVwQoqWt4i7R7QMM2mOcOBI92pzyDPX2afd_T0waFK0S5ECqqqKVlMSFWxX7TJSQTYDZJ9z_nFmpEapzOYSkDPmxAlah_0oQw6rkffK8QLT_Y4BRu2XAv0kBDP4RkuDmhs-gN8mjGOV9Wi-f9mXIacBOSvBZEh9fvLJQD6y6wq_cLkrxRibnO6XzpOGEQbTrXIPN33bU9aTvLi0fB1RbLpOPDCNMYrvaH17onGqEnSI5hid-TBT3g8o1mrKJDNohKZheYZq6ju15KLfjCKUCwIL-1wI_K4YNHblvvbVS2GSwdpe2Onm1Je4uysBBTGmylsS-_xR1OJqfAEe9jOM6nMkjoi5BVeMg_fF-9dDWlM-8wIQjVWNcEXVV50veCqdNu2Gp5sWdLIAA-GRJwYgs-rSP2VQOruuBogjHZ3nQ3b-wdoaC78&cid=CAASJeRo36jbiAlJLhxNLZTT1aKJ1aM2f6ji-P_7Mygt1qWHVAJn_v4&rfl=1%2Chttps%253A%252F%252Fmariopartylegacy.com%252F%240

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7cca3bfd3c150a4f69e6a2fddb6699f1ffd274436c93a35184674ed16f08550e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35036
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C4FC 42 B
63 B 80ms
78ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AGboR99zt9CxQNem0XcfzKkRq_UBwAwC080pk54RYMvPOGxNwQJNE043TIbxsx4e9RwCxbZlaq1cM-tAVixOV7BlHvu27xwPgWxLgLR31t6qQ7VIk

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/ Frame C4FC 3 KB
1 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/window_focus_fy2021.js

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:38:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 598
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:38:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C4FC 142 KB
44 KB 112ms
39ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf5477f7c95dbc72d95dc48406365be84b2c1a2e3d6298d83e39d829e13e770b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44876
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662981969255015"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Sep 2022 10:47:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/ Frame C4FC 17 KB
7 KB 23ms
21ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:44:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C4FC 0
0 42ms
41ms Image
text/html 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS5R8G9vaFxI7VE3R423AQE22JjFfsXY2vcxe-CfxXCW_PqTq6PK-sdsCv6TEDQ4eSrWWXf6nSozrTjqJU5DyiP4KqS8g
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:821::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6AFA 624 B
733 B 63ms
46ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhiYqsrPATAB&v=APEucNXvZG-cPjw1emNmYQO5E5hRRAuz8CJf3ggs4PvmMptpVtXtQ0AEI8Mejd8F9K8gRdo_RikbnF6V4lJdS-36vSJRnDFdcg

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:47:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 39E4 28 KB
17 KB 84ms
70ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C1RyyXo9YzIoLS14YW3gkKDUIYviN3-4SxZZgRTOG4HHA_iGTmat8hBKESuaWQFQxDx-KNSsvA7B2696n9yLF_ZHL9mte-6VSR3UXCAINQaOFT5dhOS9oyDTBH1nkFqcAQb1mq2S_D0m-_GFTE_evZzg_B6g&dbm_d=AKAmf-CL8QWdsj0Ow9pn9Z2qcJsuu5SPlGrESNJDo_m75cYnMdDz4J5vjsJ_6KzOGkHg1_rOy8t6R2bS5dAMOitdshZdcFGKFIdVVbjJYrNHT80Z36HSB9MQo0bWmDzjjkYwqz1JKhlR89J2rsd6-alJU14g_p5QZ3dTqp4y95sJNLyJQVQcMcszs-ni9ti8UWhiAfbPBmO521D1YHCUyF2OBpipb0v94ueOB2ZoztDlbhhDPQIOfvAkMpPUB9hnEbWm7cEopbkI3GxCzTkeal8JESjwudjN0lIF6CAvRAeqHeR_6YSHUL1vVdvcQ9Lbguykp5JwtyN3TQqP2Jzm6I19asWbScTMB2lmyHEVvBdSIRx5SbFk2Lj-viq82PCnGtEoYBtafuys-_5KccGhTV44khtY8npGfWXQZeeMWL6m5CgQOEvHLka2ELvKT3N6l1dcljwvbEN2YOls6PauYUAkGwXhQU2asT8pKNpuAXpbjkALwhv4BgM7EcXMYhAXXe9z4olTpikrGpCgqoewqgOURFIIdqOzVNNiHwipqzzKytL_4MV3rLfxnJY40TrsP1d-KCFXm0eX9TEGzhExGUJLht0QvLhBnlI0XxLyeGRvczZziFPSTyOImeij5QIjP7Mh143SuXkpZ4BXoGXqNcNFYHD75PUf74WIpGntt2LMgrRd4jwrcmPGH9nWeL2CBoFDV4olciXAtfMnZFL2FD5_AUkSeZMf_-Kq2yFVbcOuQ2Y4wKLdw2q5N3b4V09wYRcXSnlSZnjcmRsW-T6VX0J6h_ibObSurAM8ev50t9TwjEqXPdF-iX-yHp41XV6clMDNvnus8OycILDnj_Km6XGOa7Dh98mSslvpFC9TwegopAYUiy-5bVe5eBeX-XcG19NrN4r9_IB6VFjRkDEkoV88DHjI2aXY22fYw4Sh2rK-S6z5QgmjecNkH0ufJTY4EwJ0xZ7a7XW_IUjcuCUryjKTF-QXv9l-KutSUatU81KKGd6vBCwo0JsiPNteHOA5cX-aqIXrZSENBCy-8TtVYoriBGsONbZJ886sAhOKn3I1KKr1XVzR-DO-thqdP-G5kycRb9ppPtJLim9_ctVuPyzgxKQyTm3hfye13cvNfS9Ln-m8LLgm3BDZLiZ0z0qpkBuDG-4oVzBwUcvzAnvNJ3FjKooY4uxeBCKylZDQtigHgup5BfjRQH3BfqguHt5goNRdg-ZnxmZd48FjsjxMb86CRRv3RFhBoPiUDF9RDtI7CDEs-grqbizyCKgxZ42HHrhbyOkdNF0Nvqfuxvub-ne4VqdjFSh3UkWjFG8pcmqtsnVb2Y3hF32ClCpJwITQDYOMA1gOZj4FkY6NXa8jbxnqotFo9fFe9YEZmSr4jwQasiuvVjM0Y748jlsNP6jLsRrmm9IvSGumDM-YnJtcGpsZXVu2ImS5oHB14gwQsLapKW0Lhe1Q2532Euh08iyHh2uv5NPST9fkwZ8HY21HD-kMAPDThgbQiICu5FJef-CwVmTyuZlakRNBmJrxGOnOFL-PkfnkmdYgidcvrCv11CIbkISaWEEJ0YGkWbDrc43YgY-SKAYmuUdNVcwwnSkvmqxiUYqbtFRXzN8ZDV4lekIsPa5x9Fvb3_7IsogwT7Qb3wXKtwZEDUZ8YmMKJzH6kWeF9SmmI6x1yO1J65Mnk7YuRpjv7kor9t34HwqQ4nD7Cs-MWQPSmP5csgbrMVxHgHLWRT4wv7FfytbwNIGukbENfvDkEdm-h-yUWd6SpQvQ3V-H3mV6eq_3s2onnvfhkZWquvHH-pP-UHa3AwMrrtLWtfUJGv3k2g7u7EMIvm6LEVUu0oKDQERQx2RCvm8ll5dPj2z2G4WSZ_jHTxxg_zaqxYYEA2xR3_LknsMcJjEXbwm0K4cZtSWJchJUpcK_XIWR7TbhlQGngxShSp2iNNz-0ajlfNwNcc0luBTcfyFfBQ6vtJb5pJzs-pUjqjR7ijIzGp18rAQXLc-nCvv77zP-4fNmQA8E3NCOpeVdSFjHmT-cLFIWRHR0f3KTT2fsLmhwSuOUfUYNykPOIrubSaC7oQ6TuSHguTuh7hBhqGgXeGYbb4ejplDlMOHQ2wqE_AC18UfPnOQl6WsJL9SH3TCuM0Hh9bdXOSHINiP_HO3UPXdPMICWjCxYcBQ8w8lIpITDGi6mVnpIDAFzYLqxkco_bQcm9G6Qr4OrEHP4VSVknk6pEZp8t5xGV6aJTYDyhYASLKA9G0WwPf2KcepJbBvYOLO24pwreqvd9S_Oro_dVe4MG0CUUSvJ1l8sfO_0NluW4LtbC57jg8uOm5NWfarG61y5_7sHWUZVIs4yseXCanmu0FDC6WA58cFUYIwr1UHWdIkUkDBPdBc8ITe99a2mAiepX-QnqSMVny2pjBvt-bwYx76DsJx-ZOcJhYziiTUzEPnXuqHWkV7lsG3gEt1FuIxYFJM-U3d63e-ffWQgu10B6Qhfy7ZwzlzwH3wPwyudJ9XG3FkoojjGLjiK1RjCefneFX0nbnak90QZLlDNk0N1GB7WOiPDdNolQ1j7KSmgc_JCv77XyAHumDFqv5daANW8JR3oJ9dU8hS1-7CdRp8l1dr3dnBJVNzMrKDunExgZG6Ac7HTyVzPRCZfd9o7rjAnsQX_PX5_zGRfDWhnJAp01GVJIKX6_dzFXJ70eBTzcour0-HujpF2TlYDuNfWRrSeD0M74wBjksqsh96ChJqqCS2BdvEiLbFjx-FDZP6iKm3_SaF0dPi3438911yJC-dRY2eFYAvImU8qCKuECxJ4EoSr7gGWyvXSGoDJMxYZxplRfNvoC8K9H0G4v3M0ePrNl90IybSzNYdNXJdoluKATjH2EYi5VE3CSxGKIVXv2iAQPPpFlARvmRqp3Gz88m-W1jdN0IGnk78zVf_S49v3ypwmSzSVhnl4_KOU5ZQJ4H4kl4Hb_e1DHZAa9AMRXr41qsrc2GP9LeOnad-5pkXRfXreStT09ePbQFx_EyNVXvQjtXWFcx6qLmccR2qXlSErvNCd2-70Kf64RcLUdvgCdE3BJueub2SElnmn2my4TXfpZhgnuA_3TVHDheH_IQKXcDEntxi6rvY5vuPZ86Yg4sYKm-Js12P4S2f6c9DSAvUoiCcFBPD0SIGpdTrSBsIeBixBoUeG2QkLhICw1k1cA68hN50oLLXHPGIFXT34lqj8K207RTLwEbuh-IEwv6zTbCYbdFtrjdZNNIjJkW8WRBtz5ziu42IYSL2-z5iSMe5rEbx3M2z7sEIKPO_WKQ59Z0ocWSZ2MEZr-KOfCsGbFU1BEoNnLV-EZ8wDL34rQuNGCQLH8-xyy-7amTLb4m5jmv32q1ojaLuHPXU-apK3uSowHIo-fMUAnqTiEmoNInennPFNFp4pzZUMsyEqV02A0Qn8aQ&cid=CAASJeRoBbBcf0Bs7BRJjk2qup8yJ0UQBewpSE9lX-PHT7l4n7Ll2ZE&rfl=1%2Chttps%253A%252F%252Fmariopartylegacy.com%252F%240

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8278a6160501fc10d91a073cd3f18200c0857917f0d7e1d311a8361d43b162a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16982
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 39E4 42 B
63 B 86ms
77ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DW57A4Hf5V3A5NAx3Z7dkaqk1u4mN3qhRtWHWsmAGBuihKL95eErwl4XPRFlM2ErzFT_y8zu0DkdEZrUWUiijKNxKtMobAnUeLYtrDruEBZw4A_28

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/ Frame 39E4 3 KB
1 KB 29ms
20ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/window_focus_fy2021.js

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:38:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 598
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:38:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 39E4 142 KB
44 KB 101ms
70ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf5477f7c95dbc72d95dc48406365be84b2c1a2e3d6298d83e39d829e13e770b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44876
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662981969255015"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Sep 2022 10:47:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/ Frame 39E4 17 KB
7 KB 28ms
22ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 219
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:44:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 39E4 0
0 44ms
37ms Image
text/html 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT2LNZr6DZHv1pTIeclSFTNJMx-N8RyRv5bZG_6hqlUMD9FYLxSnmLVT56KivtnAlBxk9t92iyz3IHnvQdbqaJLweA5Vg
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:821::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 smtr Show response
contextual.media.net/ Frame 1DBF 87 KB
27 KB 248ms
245ms Script
text/javascript 104.77.220.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU566D6F&cpcd=oD5UZMB_XRq3ZNq_0VU_Rw%3D%3D&crid=633954873&size=970x250&cc=CA&chnm=HARMONY&pid=8POITAN38&tpid=T213342&https=1&vif=1&requrl=https%3A%2F%2Fmariopartylegacy.com&nse=5&vi=1663066079866979151&lw=1&ugd=4&adt1=8CUH868Z4&adt2=341475548&bcpf=B48fOnRrolnfOur84%2Fe444xq&bdrId=4&ntv=0&matchstring=hr%3D0%7Cbcat%3D13%7Ccsh%3D1&katpre=1&katbid=-102&pgid=p01358694656t202209131047&goent=1&nb=1&cadomain=tzR-hLcl-L-HShN42-uufdV3aTJmADGXGdtTl7u2al8%3D&allsc=QC

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.77.220.25 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-77-220-25.deploy.static.akamaitechnologies.com

Software

Resource Hash

fb0a73227804ebe3e40397940dc84025062f49abac44fcb13ed6627220315a3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/javascript
expires: Tue, 13 Sep 2022 10:47:59 GMT
cache-control: max-age=0, no-cache, no-store
x-sc-h: 21-hmxh
strict-transport-security: max-age=31536000
timing-allow-origin: *
content-length: 27518
x-sc-w: 21-4g72

GET
H2 200 bping.php
lg3.media.net/ Frame 1DBF 15 B
15 B 51ms
20ms Image
text/html 96.17.64.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=528&&vgd_cdv=794&gdpr=0&prid=8PRVCXX19&cid=8CU566D6F&crid=633954873&vi=1663066079866979151&ugd=4&lf=6&cc=CA&sc=QC&lper=100&wsip=2886781035&r=1663066079553&requrl=https%3A%2F%2Fmariopartylegacy.com&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=16276&vgd_rakh=1663066078144179762&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_hb_audit_1=8CUH868Z4&vgd_hb_audit_2=341475548&vgd_pgid=p01358694656t202209131047&vgd_pgids=1&vgd_uspa=0&hvsid=00001663066079549025035145493268&gdpr=0&vgd_end=1

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.17.64.29 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-17-64-29.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=21600
server: Apache
date: Tue, 13 Sep 2022 10:47:59 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=84302
content-length: 15

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 9590 26 KB
9 KB 127ms
127ms Document
text/html 104.77.220.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=10&cv=31&https=1&cid=8CUH868Z4&prvid=99%2C77%2C4%2C359%2C10000%2C9&itype=APPNEXUS_EXPERIMENT&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.77.220.25 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-77-220-25.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1ac3021d1a1f1ff8b3f3e53d107f7fb5b22058764474233733bbc7aa144a1348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9353
content-type: text/html; charset=UTF-8
date: Tue, 13 Sep 2022 10:47:59 GMT
expires: Thu, 15 Sep 2022 10:47:59 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 clog
hblg.media.net/ Frame 1DBF 35 B
199 B 102ms
29ms Image
image/gif 23.205.72.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/clog?logid=awlog&pixel_len_bucket=4644&lmt_enf=true&req_mtype%3C%3E=0&mx_bsProfileRa=0&mx_nsz=2&spSource=0&insl=0&ifst=0&vid=5153780903008301439&s_city=new+york&ugd=4&bcat%3C%3E=IAB17-18%23%23IAB9-9%23%23IAB25-2%23%23IAB17-18%23%23IAB17-18%23%23IAB17-18&exp=ssProfile%3D0%7Csfl%3Dfalse%7Cmd_rp%3D1%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D2%7Cfl_rl%3D1%7Cdbr%3D1%7Ctpi%3D1&app=0&ctr=-1.0&mx_TAF=2&device_id=4&ae=false&mx_UCC=2&prspt=headerBid&mx_bss_algos%3C%3E=0&usp_status=0&seat=BID_API&og_cbdp=0.050&size=970x250&mx_TAS=1&mx_gpid_sent=false&xtmax=175&mx_crsw_bckt=-B2&commit_id=30d7cc7e&scrid=352177047&itypeid=21&mx_SPRIG=1&viewability=33&renderer=0&be=0&rtime=47.0&adj0=0.0&tmax=200&s_ip=68.67.180.120&adj2=0.0&adj1=0.0&adtypes=0&mx_aabpc=0&reqid=5153780903008301439&sc=QC&mowxReqId=905c32d12f6f4fcf8c2299720fd66022_1&ifdp=0&requrl=https%3A%2F%2Fmariopartylegacy.com&bidrestime=1663066078236&pv_adtype=0&cc=CA&strg=HARMONY&cxtSgmt=Music_and_Party_Video_Games&pcrid=8CU566D6F-633954873-38-27&coppa_enf=true&devmodel=Unknown&bdp=0.050&ct=Montr%C3%83%C2%A9al&spIsReq=3&s=1&abs=0%7C0%7Cxtmax%3D175%7CHARMONY%7Cbrr%3D1&mx_epbc=8CU566D6F&dnt_enf=false&mx_ssBucket=0&vls=0&asn=16276&mang=1&fleet=appnexus&mx_isLossNtf=false&advUrl=https%3A%2F%2Frelated.360topics.com&dn=mariopartylegacy.com&pgcatiab2=697&dt=O&acid=905c32d12f6f4fcf8c2299720fd66022&actltime=53&act=headerBid&iframingState=0&mx_lr_seg_deal=0&exclattr=1%7C17%7C9%7C10%7C14&dfpBd=0.037&sckfl=1&dmm_erpm=true&mx_lr=0&coppa_applied=N&mview=1&smbrid=806&bfs=103&rfc=-1&prvApiId=8CU566D6F&epcexp=false&pubid=pub-appnexus-exp&mx_bsProfile=0&cid=8CUH868Z4&bcrid=352177047&omul=1.0&res_mtype=0&apPrfs%3C%3E=13%23%2361&pgcatiab=IAB9&suid=4776604448345215037&chnl=HARMONY&pst=0&reqsize=970x250&adpos=0&itype=APPNEXUS_EXPERIMENT&mx_g_one_uid_sent=None&user_data_cnt=0&spCst=0&mx_sid=8CUH868Z4&tgtval=pub-appnexus-exp&__expireat=1663066678489&dnt_status=N&reftype=0&viewability_vendor=EXCHANGE&prvAccId=633954873&ckfl=0&pgcatsprig=936&lper=1&mx_tgs=728x90%7C970x250&dummy_vsid=false&cbdp=0.037&pvdTmax=143&ltime=53.0&epc=633954873&prvReqId=181061006285_1526002283_34147554841&zip=H3G+0A1&exid=31&spFst=0&mx_GCID=0&cliIPType=v4&pexid=APPNEXUS_EXPERIMENT-987524&ybnca_erpm=0.05&brsrclk=0&sbdrid=196&mx_bsBucketRa=0&rtttime=63&apTags%3C%3E=75&mx_PC=1&wsip=mowx-lite-59ccbdff6f-9w7vr&currsrc_date=2022-09-12+00%3A00%3A00&mx_divid=11175552&geoll=false&omid=0&debug_ts=2022-09-13+10%3A47%3A58&mx_ssProfile=0&devbrand=Unknown&mx_SC=0&reftime=15000&pbidflr=0.000&spbf=0&currsrc=API&fpusp=false&mnrfc=-1&moau=true&ocurr=USD&stagid=11175552&snm=SUCCESS&mx_IAB2=1&usp_enf=0&bidflr=0.000&coppa_status=N&incentive_type=0&skadidfl=0&pid=8PR113JGC&spTo=3&ecp=1.76&pvid=4&mx_mrpp_key=bidapi-gcp-sc&schain_cmpl=1&is_ortb=true&mx_aurl_hc=0&ucrid_ver=2&mx_maq_call=false&mx_uid_sent=0&mx_sbp=-10.0&mnrf=0&slotVisibility=0&dbf=1&gdpr=0&dmm_ogerpm=false&csip=rtb-appnexus-57dd7c57cf-vk5nx.SC&mx_bsBucket=0&mx_aurt=0&mx_crsw_exp=desktopTop1&spIvt=3&dsid=11175552&ptype=23&media=0&acsn=1&dtc=east_sc&mx_aqcpl_crid=4&ogbdp=0.05&tpbTkn=false&fpuReq=1&vcmplrt=-1.0&crid=341475548&geo_source=2&sat=1&mnet_ckfl=0&mp_seg%3C%3E=44730%23%2344718%23%2344713%23%237786%23%2344758%23%2317233%23%237774%23%237769&dfpDiv=11175552&opbidflr=0.000&impId=1422043140018274607&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.05~vw_exc%3D0.33~vis_sd%3D304~dc2%3D1~bat%3D0%2C0%2C0~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2022091217~iurl_b%3D29850.75~url_tkc%3D0~std%3D11175552~last%3D~vis_url_b%3D0.24~ip%3D2JquuV~fbb%3D0~vis_url_l%3D20~riipua%3D0%2C0~et%3D29~rc%3D1~risuid%3D0%2C0~rps_sd%3D2022091218~vis_b%3D184.63~url_b%3D0.03~url_tvi%3D0~ecp_eer%3D35.2~url_l%3D20~gcat%3D500492~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.05~bm%3D1~sid%3D633954873~sd%3D0~uid%3Dh8LZg4xIGcsGWiyb8~btd%3D242834539907409583200357934931901047506158008077899797018949674864309203927848980480~d2p_l%3D30~3pcf%3D1000~uim%3D0~og_msh%3D0.01~dmm_strg%3Dharmony~d2p_b%3D0.95~ogd2p_b%3D0.9~vurl_b%3D0.06~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D33.44~vurl_l%3D20~CI%3D2733~nts%3D2~tb%3D-1~ct%3Dmontreal~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D15.76~isif%3D0~lc%3D1~bid%3D0.05~dc%3D8~vl2r_b%3D7.83~ivurl_l%3D20~supply_tag_id%3D11175552%7Eviewability%3D0.326475%7Ecbdp%3D0.037%7Edmm%3Dharmony%7Esuid%3D4776604448345215037%7Esgmt%3DMusic_and_Party_Video_Games%7Einsl%3D0%7Edtc%3Deast_sc%7Edalg%3Dunison19%7Ehtml%3D1%7Esobp%3D%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.000%7Eogbid%3D0.050%7Eitype_id%3D21%7Eseller_tag_id%3D11175552%7EcarrierId%3D0%7Edcut%3D25%7Edogb%3D0-1~ibc%3D1~mxe%3DdesktopTop1~mxbn%3D-B2~ddt%3D-1~nsz%3D2~tgs%3D728x90%7C970x250~bsb%3D0~bsp%3D0~tmx%3D143&utime=1322&sf=0&cpr=0.4440503664344295

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-10.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: max-age=3600
date: Tue, 13 Sep 2022 10:47:59 GMT
server: Apache
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=21600
content-length: 35
expires: Tue, 13 Sep 2022 16:47:59 GMT

GET
H2 200 connectmyusers.php
cdn.connectad.io/ Frame 4456 0
0 179ms
134ms Image
text/html 2606:4700:10::6816:37ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.connectad.io/connectmyusers.php?gdpr=&consent=&us_privacy=&cb=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dconnectad%26gdpr%3D%26gdpr_consent%3D%26%26us_privacy%3D%26f%3Di%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame C7AF 26 KB
9 KB 96ms
84ms Document
text/html 104.77.220.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.77.220.25 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-77-220-25.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1ac3021d1a1f1ff8b3f3e53d107f7fb5b22058764474233733bbc7aa144a1348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9353
content-type: text/html; charset=UTF-8
date: Tue, 13 Sep 2022 10:47:59 GMT
expires: Thu, 15 Sep 2022 10:47:59 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame CF02 52 KB
17 KB 114ms
36ms Document
text/html 23.41.168.189
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=806&pub_id=987524
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-189.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 13 Sep 2022 10:47:59 GMT
ETag: "623de86a-cf34"
Expires: Wed, 14 Sep 2022 10:48:01 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Unused62: 8096267
Vary: Accept-Encoding

GET
H/1.1 200
OK rd_log Show response
nym1-ib.adnxs.com/ Frame 1DBF 0
817 B 27ms
18ms Script
text/html 68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fmariopartylegacy.com%2F&e=wqT_3QLpBPBMaQIAAAMA1gAFAQjev4GZBhCvgsjAuZaH3hMYvaCrgYOO-qRCKjYJi2zn-6nxoj8RgIKLFTWYnj8ZAAAAwPUo_D8hgIKLFTWYnj8pi2wJJNAxAAAAQOF6lD8wgI2qBTimBkDqXEjgA1CXl_enAVjvg01gAGiFHXjFzQWAAQGKAQNVU0SSAQEG9NwBmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAh_gAu6QAeoCHWh0dHBzOi8vbWFyaW9wYXJ0eWxlZ2FjeS5jb20vgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDnckv4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjE0OS41Ni4xNTMuMTgxqAQAsgQPCAAQARjYBSBaKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBJeX96cBiAUBmAUAoAX_4oGwzo36wkfABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB6gUNCghpbi1mb2N1cxIBMeoFDAoHaW4tdmlldxIBMeoFEAoLaXMtdmlld2FibGUSATHqBQ8KCmxvb3AtaW5kZXgSATHqBQcKAmhwEgEx8AX1pAn6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG-eMC2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBugcPCAAQABgAIAAwADi0BEAAyAfFzQXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB8T_B4oIAhAAlQgAAIA_mAgB&s=22d7436f77649023e2e31fc83a20cc0a7559709e&bdref=https%3A%2F%2Fmariopartylegacy.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fmariopartylegacy.com%2F,https%3A%2F%2Fmariopartylegacy.com%2F&

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.181.211 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:59 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 48a24e54-4f1e-44be-a277-d0f75afc9b30
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 6AFA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

43 B
886 B

86ms
58ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhiYqsrPATAB&v=APEucNXvZG-cPjw1emNmYQO5E5hRRAuz8CJf3ggs4PvmMptpVtXtQ0AEI8Mejd8F9K8gRdo_RikbnF6V4lJdS-36vSJRnDFdcg
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 74a04ed6eb4c3ff1-YYZ
pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rzkYDmEG4SLYwMyM4%2BDT9gTEf6cHGSTOIG3vmI%2BaTyuFvHHiLLT%2F8v1d%2BNVMrHkkzbevNT6l39X7aSUKAe%2BFWqEmcabCqbcY6jcf37c9Le%2B0oywOqxCPL%2FESHqQoiXVM%2FvAvolLrtXRUTw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 6AFA
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YyBf384x9Z912gErIW1toQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

43 B
842 B

68ms
67ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhiYqsrPATAB&v=APEucNXvZG-cPjw1emNmYQO5E5hRRAuz8CJf3ggs4PvmMptpVtXtQ0AEI8Mejd8F9K8gRdo_RikbnF6V4lJdS-36vSJRnDFdcg
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 74a04ed96cf23ff1-YYZ
pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jovNCPp83m4QHNLY3cbZZ%2BtDO5zoBOIDTsw8914%2FbpdDOSxPrSO4BdLhr9d8auXQGA8qO21txTqUPRW8%2FNb3IB5Yn5TjHcdJuHD5kHFvjrIto01PJwfMo5DOMekj2a5WczLxCiu%2FunIFuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6AFA
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1

43 B
1018 B

20ms
20ms

Image
image/gif

68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhiYqsrPATAB&v=APEucNXvZG-cPjw1emNmYQO5E5hRRAuz8CJf3ggs4PvmMptpVtXtQ0AEI8Mejd8F9K8gRdo_RikbnF6V4lJdS-36vSJRnDFdcg

Protocol

HTTP/1.1

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:59 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: dd552590-fd2d-4dc7-af28-b47fd0163044
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6AFA
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D

170 B
188 B

82ms
38ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D

Requested by

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:59 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8eb10287-e45f-4d08-b8c7-1a43489e2828
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9E26
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

43 B
841 B

91ms
65ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNjmXhD_hV8Y9tW3wAEwAQ&v=APEucNUaYTwEdoFbtjJkPqwcN7NqNWPimWXCeg9jGayuQVAOUZvWcEagciZ2w6ktSJ_Y0g1YwFgv-U2gk_ONHlaghLIhepKJvg
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 74a04ed6eb4d3ff1-YYZ
pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAd7M5n2uQerB4YztkBR5F%2F%2FJ8FlkNiw3FGdriRUgW64vHcBGoAXcAeXpa7d4aC1F74t8GzWpmkdYSYwI0ki8BNGnBc9E%2F4ZOQDASGGLL2eJye7j3mDs1rV3ZvBMDRSrLaKoUh8khMdyZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9E26
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YyBf384x9Z912gErIW1toQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1

43 B
844 B

52ms
52ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNjmXhD_hV8Y9tW3wAEwAQ&v=APEucNUaYTwEdoFbtjJkPqwcN7NqNWPimWXCeg9jGayuQVAOUZvWcEagciZ2w6ktSJ_Y0g1YwFgv-U2gk_ONHlaghLIhepKJvg
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 74a04ed96cf33ff1-YYZ
pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ee5K7wu%2F4%2FJstg84f45nqXhUrO7klCe4Fl81sVdZremv72OD4vQCrU7BpgHIHFkXYhxtasdQZWSPCnW8LYqxUJ1X3%2FhkPhhHqITagn8sND7X7V30m2I%2FQUZ8OqfEqRtwLLh%2FvxheAUSTkw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL1XBE8yfeiBru7iBJMCXSM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9E26
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1

43 B
1018 B

19ms
18ms

Image
image/gif

68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNjmXhD_hV8Y9tW3wAEwAQ&v=APEucNUaYTwEdoFbtjJkPqwcN7NqNWPimWXCeg9jGayuQVAOUZvWcEagciZ2w6ktSJ_Y0g1YwFgv-U2gk_ONHlaghLIhepKJvg

Protocol

HTTP/1.1

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:59 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 055cf45f-390d-47e1-bf1a-ccc0b7b99a9f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELWOwEeeBVwB11yixYZhkrA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9E26
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D

170 B
188 B

43ms
37ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D

Requested by

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:59 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8b23eb35-2b8a-49bb-b5d4-fe742fd8012a
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3NjYwNDQ0ODM0NTIxNTAzNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame C4FC 106 KB
38 KB 99ms
22ms Script
text/javascript 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 01:29:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Sep 2022 01:29:51 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/elements/html/ Frame C4FC 8 KB
3 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/elements/html/omrhp.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:32:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 934
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:32:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/ Frame C4FC 30 KB
12 KB 30ms
26ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/abg_lite.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efa230a3973395419cb2746d720c89db14d28401636f48514642360656c172ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11782
x-xss-protection: 0
server: cafe
etag: 11425859616848618248
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:44:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/ Frame 39E4 30 KB
12 KB 27ms
26ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/abg_lite.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efa230a3973395419cb2746d720c89db14d28401636f48514642360656c172ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11782
x-xss-protection: 0
server: cafe
etag: 11425859616848618248
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:44:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 39E4 41 KB
15 KB 35ms
34ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 17:45:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61356
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 17:45:23 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A23A 0
10 B 24ms
23ms Image
text/plain 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?wOyWmw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:47:59 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame 1DBF 0
844 B 40ms
40ms Ping
text/html 68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fmariopartylegacy.com%2F&e=wqT_3QLcBPBMXAIAAAMA1gAFAQjev4GZBhCvgsjAuZaH3hMYvaCrgYOO-qRCKjYJi2zn-6nxoj8RgIKLFTWYnj8ZAAAAwPUo_D8hgIKLFTWYnj8pi2wJJNAxAAAAQOF6lD8wgI2qBTimBkDqXEjgA1CXl_enAVjvg01gAGiFHXjFzQWAAQGKAQNVU0SSAQEG9GkBmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAh_gAu6QAeoCHWh0dHBzOi8vbWFyaW9wYXJ0eWxlZ2FjeS5jb20vgAMAiAMBkAMAmAMXoAMBqgNBEhg1MTUzNzgwOTAzMDA4MzAxNDM5X3NiaWQaEzE0MjIwNDMxNDAwMTgyNzQ2MDciCTM1MjE3NzA0NyoFTTExNzPAA6wCyAMA2AOdyS_gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODGoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEl5f3pwGIBQGYBQCgBf_igbDOjfrCR8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBfWkCfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0Ab54wLaBhYKEAAAAAAAAAAAAAAJP1gQABgA4AYB8gYCCACABwGIBwCgBwG6BwGoUAAYACAAMAA4tARAAMgHxc0F0gcNCQk2AAAFOAjaBwYBcHAYAOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=3abfeb2c0856460d2e5e34c226f4658be5e55201&type=nv&nvt=5&jm=1003&sid=9087995241484847867&vd=ct~0|rr~0&sv=227&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=11175552&sw=1600&sh=1200&pw=1600&ph=4875&ww=1600&wh=1200&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/227/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.181.211 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:59 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: f8dded07-22c8-4d43-9470-37c29c15a0cd
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame 9590
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=10&google_nid=media&google_cm=1&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1

45 B
611 B

245ms
56ms

Image
image/gif

104.76.104.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=10&cv=31&https=1&cid=8CUH868Z4&prvid=99%2C77%2C4%2C359%2C10000%2C9&itype=APPNEXUS_EXPERIMENT&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 104.76.104.25 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-104-25.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:48:00 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 45
X-MNET-HL2: E
Expires: Tue, 13 Sep 2022 10:48:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 302
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C4FC 41 KB
15 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 17:45:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61356
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 17:45:23 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 29D7 1 KB
752 B 20ms
18ms Document
text/html 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 61356
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 17:45:23 GMT
etag: 48472445140208031
expires: Tue, 13 Sep 2022 17:45:23 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

cksync
cs.media.net/ Frame C7AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=10&google_nid=media&google_cm=1&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1

45 B
611 B

221ms
49ms

Image
image/gif

104.76.104.25
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=10&cv=31&https=1&cid=8CUH868Z4&prvid=99%2C77%2C4%2C359%2C10000%2C9&itype=APPNEXUS_EXPERIMENT&purpose1=1&gdprconsent=1&gdpr=0&coppa=0&usp_status=0&usp_consent=1
Protocol: HTTP/1.1
Server: 104.76.104.25 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-104-25.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:48:00 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 45
X-MNET-HL2: E
Expires: Tue, 13 Sep 2022 10:48:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cs.media.net/cksync?type=g&cs=10&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 302
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getcode.js Show response
am.contobox.com/v3/frontend/creatives/ Frame 39E4 334 KB
87 KB 131ms
77ms Script
text/javascript 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/v3/frontend/creatives/getcode.js?ph_id=cbox_ph_4439717&zone_id=129985&nomraid=false&lid=%7B%22a%22%3A%22DBM%22%2C%22c%22%3A%2215906490985%22%2C%22e%22%3A%221%22%2C%22s%22%3A%2236559527451%22%2C%22d%22%3A%22%22%2C%22n%22%3A%22435328280%22%7D&sourceUrl=https%253A%252F%252Fmariopartylegacy.com%252F&ifr=1&isSF=nosf&clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCrR6H3V8gY5m2M4_enwT8tYCoBoXo7pZsoKC5r4sQq_S4gfkdEAEgg5vTaWD96KKB8AOgAcbLlMACyAEJqQLIFXgX99OpPqgDAaoEhAJP0JZSOd6XUa_SfPHcbkki_cP5eYDOD3Vqg3MUoYCQTUoZEQxSmCaoXQI7XIeKz67nEfvygo-LsljNLAbvGA2kBnpvkfddsbCo0QEFtbP4SHT3icz69Z3JvurJTVHeKKKa9s-GS8JW0Xb4nDCPdXjFoM-I5kUIXQ1ManoHTXwzSHkETLwcKaIGNHm5gOQqpZlt49M21VgoS2QizHEXxFf6JowUCk6itJvDeo3sdCdPXbxdw37GRkOcoWQxFRzaAnMMek9HQVtmK1PGacT0qq8-Kw3K07kzwwGqWY_974jWR_PNjU5SJ7shmnc_KUe2SDuF6FcdsnUGV6IJO5-nsr_VbzU228AEhfiD5eYD4AQDkAYBoAZNgAeitOu_AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCA8IgGEQARgdMgKKAjoCgEDyCBthZHgtc3Vic3luLTEwMDQzNTI0NDYxNTAxMTCACgOYCwHICwGADAGwE4i7sRDQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAASJeRoBbBcf0Bs7BRJjk2qup8yJ0UQBewpSE9lX-PHT7l4n7Ll2ZE%2526sig%253DAOD64_0ynZqgZrHMxUYf18q_MHf-9pWQGQ%2526client%253Dca-pub-5781531207509232%2526dbm_c%253DAKAmf-BoTx9BSsgzvHS744nrktvgF54ayU8LSms2pmCQbqHl15p858y8wpE5zD7raIBqeQXP5Z9Hcl917nbfOFc6ruKqG9ericSN0DSrYb7GSWZ0D6Y-iBvVfNvCAi3X2ZT_OzpBe0EggPoeSwy5SFRFsUFBmUTZyA%2526dbm_d%253DAKAmf-CxVpwyaVdj_XCh5fsPXA9j-HRBcxPjhxhQaF0GO2JCi2ncH_Q7hvVYBpogHWiqlX5jPPtBwuQZMn75aArisgAkLElN6tM7v1oBtOsjSyTPtdZ-_LjkOH0x2SjJC0WQZ8568ndJmGjEFY5zrArSxmXQSuu_nO7NMDLTTfZyUXAU_Sea0ST35nxaYy4hYY3rB6qGy2Jkd67Sf1jo4QrL596EPjEmyU4U3vf43jNhiwEqV0Ek7SHP0_I0JbWpBlsvecmWzsn2eiTvODPXnM8pEBOJVt7lsmMYyozkvXLPPXByq9oWvJUNm_AYYxoPs2VmQgw-2Q8NAtk1NuzhRLJPkvfMliVP6gbJqVdPKnmdmuhuW55cLMXWGIiSXbzmZeh7mV48L1CiDz31IkhPgfgzd2AD7BAgX18z0FYLXBMPQ_ypkAID5XClaihgI-LcbsEFHvN83XA43hMjUJeU5333NpbbSMb3SKw58pbezWw-G6KfCZ9W2LeGz665XWVrs5UAWJoGwFx15mb1NCqy0J5JcWp7SObMRbmcb_KW4-52_N7XuNFi-kQ%2526adurl%253D&fromurl=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=https%3A%2F%2Fmariopartylegacy.com%2F&dyno_tag_params=%7B%7D
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: 1025796e98f8a3035216dc8af4175a21b80c2d702b79278a362184970b4f2d95

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
content-encoding: gzip
x-amz-cf-id: Jio2m49Gr1GgSWAQtBx0JM69cIk5J004-rX4h2_q93IQ-FmUz4pf-w==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 43EC 1 KB
752 B 19ms
18ms Document
text/html 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 61356
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 17:45:23 GMT
etag: 48472445140208031
expires: Tue, 13 Sep 2022 17:45:23 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 39E4 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86224186f3264331472cc1d6e7e018baaa23e9b9f26eace14d0f1b7892a92ad6

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A892 22 KB
8 KB 24ms
23ms Document
text/html 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 61355
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 17:45:24 GMT
expires: Tue, 12 Sep 2023 17:45:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame CF02 0
745 B 42ms
40ms Script
text/html 68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=806&pub_id=987524&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=806&pub_id=987524

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:47:59 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 23863c3e-c175-4607-9fd0-bb4f6deecc8c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
pbs.venatusmedia.com/ Frame 4456
Redirect Chain

https://cm-exchange.toast.com/bi/pixel?cm_mid=1908143852&toast_push&rest=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dnhnace%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%2...
https://pbs.venatusmedia.com/setuid?bidder=nhnace&gdpr=0&uid=Z5HIQ4PPZOEF48090662PDOKY

86 B
504 B

50ms
37ms

Image
image/png

35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pbs.venatusmedia.com/setuid?bidder=nhnace&gdpr=0&uid=Z5HIQ4PPZOEF48090662PDOKY
Protocol: H2
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 google
content-type: image/png
pbs: nam
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

Redirect headers

Location: https://pbs.venatusmedia.com/setuid?bidder=nhnace&gdpr=0&uid=Z5HIQ4PPZOEF48090662PDOKY
Date: Tue, 13 Sep 2022 10:48:00 GMT
Server: nginx
Connection: close
Content-Length: 0
P3P: CP="NON DSP LAW CURa ADMa DEVa OUR BUS IND COM NAV INT"

GET
H/1.1

200
OK

firstevent Show response
scotiabank.demdex.net/ Frame C4FC
Redirect Chain

https://scotiabank.demdex.net/event?d_event=imp&d_src=203093&d_creative=176722618&d_campaign=27093947&d_placement=327003517&d_site=3375178&d_aid=6105106&d_bust=3108764557
https://scotiabank.demdex.net/firstevent?d_event=imp&d_src=203093&d_creative=176722618&d_campaign=27093947&d_placement=327003517&d_site=3375178&d_aid=6105106&d_bust=3108764557

42 B
960 B

33ms
33ms

Script
image/gif

100.24.140.184
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scotiabank.demdex.net/firstevent?d_event=imp&d_src=203093&d_creative=176722618&d_campaign=27093947&d_placement=327003517&d_site=3375178&d_aid=6105106&d_bust=3108764557

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Server

100.24.140.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-100-24-140-184.compute-1.amazonaws.com

Software

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

DCS: dcscanary-prod-va6-1-v044-03ac1e4a5.edge-va6.demdex.com 8 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: MvTW0JDDQkU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-va6-1-v039-0e544ffc7.edge-va6.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: t7GdixIkSCk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://scotiabank.demdex.net/firstevent?d_event=imp&d_src=203093&d_creative=176722618&d_campaign=27093947&d_placement=327003517&d_site=3375178&d_aid=6105106&d_bust=3108764557
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/828318804047036416/ Frame C78A 85 KB
10 KB 68ms
21ms Document
text/html 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52d74c3fa0a99caa96dbd7477e86ec3df342e032cbb50e5909b7aa5e6ae06255

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 456345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 10538
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 04:02:15 GMT
expires: Fri, 08 Sep 2023 04:02:15 GMT
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C4FC 0
622 B 156ms
93ms Ping
image/gif 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst46vWcDlCw302lmar3b9_eamTd5ZYuaTe66DV6XB4skrgVOJhm9p7Sfx1SXlC2JtnpHwJN1AsyjICmQaMqjc0IoZZNSTaZoN5UgUS-OTI0tsncjdBnRB6Gagy5HEEz_SbSuGLOZmPGOe49vd8wIHIV-qPOQE_TgXQOM1EuTiKIfpsRx5C3PCzafsUvgrPL7dZMxwOKQVGeYatJRzQWSEhnBZgR3yh17emHEnZeRSYO34g4QS-Ox4p44n0p-8tqeWhuRVrDXl1LlQ-FuJPQI7uQDFn1dEw6zSi2JRjpSmX3iMf7m5nnj7bvI0I1bJjNwZusF4AHsmkUqCkgONrvb8Xc6ZFzyzjVzIA1b5AyY7rGBdX_XEfZCSv3mnDPVH-cY1iQycZ-H530nJaCUZUIPBEwZJiH3acYR6zOd8LjWrs38K8lhMA3iPVQfD-roHFbkFeZS7rOAfIbVuJHpAv1zYwqmcCvD6DhQPKEJgcsQYOEH1xkewVADvGTDu6D0e18UIXyVnL3nygGmSkXwsU-xV18CM7WKqgt3ditgxQqK8zfVLOjTzGLwrEQ8wGfhFOO8wqe0UfL7FwcYVRTuMykSCezabcJwg0Qtdei79joASK6ClmvPL1Un4HNn7pV3VKx4B14MfjDGyT68Xzm3cgbp0reUBNBAEbLGQhNcF1tqRH3EYMiinEg2VWPV6MDtXrFOioVbK6Vg5s-th5D921apio2Qc8Wq1qsp09XUmsb6gboqbMXsyANUBPZ8i3WgxWPDEh9Ag5GiK1TmwEezkUSz_xAgxQ6MR4Ct94kQRARoKANCjTbvEx2X17DtscCnEgP_dxymclVvjzTbQzL7JW4IrqYzJMkyQwI91uNjE_gkoeJ_K1f5LDMldB-EhK3mCJG6anrJm5DHKMnP4nFIDt2hHglFyKK1sBzejLN2tGQCX1I8IzqOpXnkXAKM4sNJXuOQg5qV7ve_g7IsNEfTY_2TkYulziKGCCKZ9EoPVXI5TfZNFSdMnWG8mc3e08HXic4DJWMsF_g1cntmNwt6Kj-fUaypYchnsJXEhn3bIsyuVHd4RTEC9Nu34H0YuURpiA380nCzD3Ip-ckn1PLS-6hUKilbfPKvltvJpe5Q6Qsg8_7rFY_LzOPtzQbaSKQBLZ201NXkfEddfV9lAGZWFRfZy0RXQL4aGF3EMiqp5ar9gzO39hrD89-v7bpIZPFlQgJhgPiXwCbgyRxuETf4lW1fNSDI012WQIA3glpcYZZpgUDSc_TeD-SIyYWaKmVRhtBigcHwOJ-odsXQ9Qa9pUYvuBI2eagDp9jnJeCjwWlxaQyy8jGylu6MPcLEZa56C5tskqYaUBD3Jy0ejmgRy_f7bhIxwCO5fYdXh4Cz9wiasLSmlJf&sai=AMfl-YRYxZ2F7tjUDuh2TVxlV9vRaDWNMho6BCZuqHjWHhyNTG83cRxG2OeyfV6djB-zX36CragraB7pbE5GANoPGPgKMPHTk-2nztzpxJTtXoUrFXnt7RCKR1i-0RzHChu9UcOcsfNdVpO8F0Ttyof97lPrON6W9CwjITXbU1lBbjuLLADk2WOBeOtZgS5uQyx5l4AyivMlVTdir99ZrdgyHh-prOxSYNnJwcwU_mcgSq_K7FQ&sig=Cg0ArKJSzH-nD5FtELoIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=372&cbvp=1&cstd=353&cisv=r20220908.33397&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Tue, 13 Sep 2022 10:48:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 729D 6 KB
3 KB 20ms
19ms Document
text/html 2607:f8b0:4006:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:47:56 GMT
expires: Wed, 13 Sep 2023 10:47:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C5A6 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C5A6 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK Roboto-Bold.woff
res-a.akamaihd.net/__media__/fonts/Roboto-Bold/ Frame C5A6 24 KB
25 KB 132ms
18ms Font
application/font-woff 23.63.77.138
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://res-a.akamaihd.net/__media__/fonts/Roboto-Bold/Roboto-Bold.woff
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.63.77.138 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-63-77-138.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c8a7ea184c79a6f61c400968314d03aae7c327f03efc03603f6a3cbada7bfb9a

Request headers

Referer: https://mariopartylegacy.com/
Origin: https://mariopartylegacy.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Unused62: 8096267
Date: Tue, 13 Sep 2022 10:48:00 GMT
Last-Modified: Mon, 16 May 2016 10:39:41 GMT
Server: nginx
ETag: "5739a36d-60f0"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24816

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1DF4 22 KB
8 KB 20ms
19ms Document
text/html 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 61356
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 17:45:24 GMT
expires: Tue, 12 Sep 2023 17:45:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29D7
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEFcOtiR8KC94Kb3RL6VnPs8&google_cver=1&google_push=AehlK4DqRkgrN4dl5bG0GmJO1F53crAOp1W3j0cvXtpDPCSoVmgPtFxBjLdks04E_zrmewmmdao5x...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AehlK4DqRkgrN4dl5bG0GmJO1F53crAOp1W3j0cvXtpDPCSoVmgPtFxBjLdks04E_zrmewmmdao5xUvR5riwuw1BPgDLCfAMrJaA2A

170 B
188 B

48ms
45ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AehlK4DqRkgrN4dl5bG0GmJO1F53crAOp1W3j0cvXtpDPCSoVmgPtFxBjLdks04E_zrmewmmdao5xUvR5riwuw1BPgDLCfAMrJaA2A

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Sep 2022 10:48:00 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 560CB53BE1D145E28BE9FA40CAD616FE Ref B: YTO01EDGE0520 Ref C: 2022-09-13T10:48:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AehlK4DqRkgrN4dl5bG0GmJO1F53crAOp1W3j0cvXtpDPCSoVmgPtFxBjLdks04E_zrmewmmdao5xUvR5riwuw1BPgDLCfAMrJaA2A
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXojL71UiLI7t5CE8udmw==

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 29D7 0
173 B 89ms
27ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEGH1qo9VfD-DnbwtcYQCyYQ&google_cver=1&google_push=AehlK4CgEkns4ZzhAEICH0V0v8mQo4i_Ot_gPISF2MPhKRrBLWWeTVoh8Vf3s2DFN2FK9iPTUOYnlGa4jWyr7cDiak2kFQyKyEe-AA
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29D7
Redirect Chain

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEPNW4ZHkTglCFI9a2ZH2SGs&google_cver=...
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEPNW4ZHkTglCFI9a2ZH2SGs&google_cver=1&google_push=AehlK4AY...

170 B
188 B

46ms
43ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEPNW4ZHkTglCFI9a2ZH2SGs&google_cver=1&google_push=AehlK4AYeeNK7-v1ahSd2qJ2qZjkC59L53h1yn10wARDAsgLrAziAsq8okhCklCbs-Vj_3zyMYA0AZAoqvoMQo2qwIpTXw8IvClGow

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEPNW4ZHkTglCFI9a2ZH2SGs&google_cver=1&google_push=AehlK4AYeeNK7-v1ahSd2qJ2qZjkC59L53h1yn10wARDAsgLrAziAsq8okhCklCbs-Vj_3zyMYA0AZAoqvoMQo2qwIpTXw8IvClGow
date: Tue, 13 Sep 2022 10:48:00 GMT
content-length: 0
strict-transport-security: max-age=15724800; includeSubDomains
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29D7
Redirect Chain

https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEGF9Hbc9AkO2p86J-haQ_y0&google_cver=1&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeW...
https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEGF9Hbc9AkO2p86J-haQ_y0&google_cver=1&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeW...
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeWkCbkV7wAcUDlgW1fwD5EOYkOaj4YrjKXA8CV5BB6U5ODti10UAWaw&google_hm=MDYwMzAwMD...

170 B
188 B

51ms
36ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeWkCbkV7wAcUDlgW1fwD5EOYkOaj4YrjKXA8CV5BB6U5ODti10UAWaw&google_hm=MDYwMzAwMDFfNjMyMDVmZTA2MDY5Nw%3D%3D

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Sep 2022 10:48:00 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4DnoxhJzpQAAQaOBdXs1wr-Win38dvf8nwCaK7E_fMeWkCbkV7wAcUDlgW1fwD5EOYkOaj4YrjKXA8CV5BB6U5ODti10UAWaw&google_hm=MDYwMzAwMDFfNjMyMDVmZTA2MDY5Nw%3D%3D
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29D7
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECPEmB4UPtMKe7O0l_lCZy8&google_cver=1&google_push=AehlK4Dx1SdtWZcsm_c8wXca7uaLa1w6OPKEABJE3vStEjyT7ps4dFMfK6ZFgk1j6FgtDX8GhuV...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDgwMkxQTE8tQy01NTRL&google_push=AehlK4Dx1SdtWZcsm_c8wXca7uaLa1w6OPKEABJE3vStEjyT7ps4dFMfK6ZFgk1j6FgtDX8GhuVoLzEIMl16Nk7O9pMcz_PiQFlEDw

170 B
188 B

46ms
44ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDgwMkxQTE8tQy01NTRL&google_push=AehlK4Dx1SdtWZcsm_c8wXca7uaLa1w6OPKEABJE3vStEjyT7ps4dFMfK6ZFgk1j6FgtDX8GhuVoLzEIMl16Nk7O9pMcz_PiQFlEDw

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDgwMkxQTE8tQy01NTRL&google_push=AehlK4Dx1SdtWZcsm_c8wXca7uaLa1w6OPKEABJE3vStEjyT7ps4dFMfK6ZFgk1j6FgtDX8GhuVoLzEIMl16Nk7O9pMcz_PiQFlEDw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 382e2818ca015d35b02cd449aa60881d
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29D7
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPF8HwUGMQoeFn4mCQsLopM&google_cver=1&google_push=AehlK4DPIwlGixs9KSHW-S6Zr09PWOxtNSQGBBELSsfbPwl3sWMjXMAU_4huzNw0jEwWBzMoIlL8Ps2ora639gLA...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=c13cbd22&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4DPIwlGixs9KSHW-S6Zr09PWOxtNSQGBBELSsfbPwl3...

170 B
188 B

46ms
43ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=c13cbd22&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4DPIwlGixs9KSHW-S6Zr09PWOxtNSQGBBELSsfbPwl3sWMjXMAU_4huzNw0jEwWBzMoIlL8Ps2ora639gLA8qo4pgqNjGRE

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: EWR53-P1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=c13cbd22&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4DPIwlGixs9KSHW-S6Zr09PWOxtNSQGBBELSsfbPwl3sWMjXMAU_4huzNw0jEwWBzMoIlL8Ps2ora639gLA8qo4pgqNjGRE
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: VoI9TUiT8fvSrp9MiI7RlXkyPmYy1F75dMfOcoIbu9zvrNDq1Ketfg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29D7
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGaXF_jCkEWzNqNbZjXErnA&google_cver=1&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-RtrRO2FIIL40DfOIZV...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGaXF_jCkEWzNqNbZjXErnA&google_cver=1&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-RtrRO2FIIL40DfOIZV...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-R...

170 B
188 B

52ms
42ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-RtrRO2FIIL40DfOIZVBnglneWmesGbnaZRGPkbNrpXPL8cw

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4AQqVSw3uYqTIRz031RVm7aIWweC5OzgGW0U3FYq9XE2vKETMs-RtrRO2FIIL40DfOIZVBnglneWmesGbnaZRGPkbNrpXPL8cw
date: Tue, 13 Sep 2022 10:48:00 GMT
server: ATS/9.1.10.25
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 29D7 0
12 B 51ms
44ms Image
text/html 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JS4gIWHNcAV41dRCF1kl9vLsNWg3diiADABslwAlEZcbJLSSAo8QAnkEjDBzckb7YXNgc1cw

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 publishertag.prebid.123.js Show response
static.criteo.net/js/ld/ Frame 4456 87 KB
28 KB 106ms
26ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.123.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:03 GMT
server: nginx
etag: W/"6271101f-15b58"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:48:00 GMT

GET /
google2waycm.netmng.com/cm/ Frame 43EC 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 43EC
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEAx9C-y_F3NjARIIs_lM99M&google_cver=1&google_push=AehlK4DFTlHxcgAsp8ABSgQFaTf7FWFtMeA1yS-yJtMIwUSdZs7UTHdSBBh6HNhNz-TMBgbdvnH71thcg2OynozL...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AehlK4DFTlHxcgAsp8ABSgQFaTf7FWFtMeA1yS-yJtMIwUSdZs7UTHdSBBh6HNhNz-TMBgbdvnH71thcg2OynozLO5Urab3cFees

170 B
188 B

37ms
36ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AehlK4DFTlHxcgAsp8ABSgQFaTf7FWFtMeA1yS-yJtMIwUSdZs7UTHdSBBh6HNhNz-TMBgbdvnH71thcg2OynozLO5Urab3cFees

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 13 Sep 2022 10:48:00 GMT
Server: MT3 4505 5b23575 master hkg-pixel-x19 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AehlK4DFTlHxcgAsp8ABSgQFaTf7FWFtMeA1yS-yJtMIwUSdZs7UTHdSBBh6HNhNz-TMBgbdvnH71thcg2OynozLO5Urab3cFees
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 13 Sep 2022 10:47:59 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 43EC
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEEl7IIp1FY1RREIp8qHsfGQ&google_cver=1&google_push=AehlK4DVd0zxV7qD3wm3M7ceeOI7Ihb-r7Ap9xq5VIhrxu-PJycz_AJshyKHbehsxq-vFBMwkPlgtbm...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEEl7IIp1FY1RREIp8qHsfGQ&google_cver=1&google_push=AehlK4DVd0zxV7qD3wm3M7ceeOI7Ihb-r7Ap9xq5VIhrxu-PJycz_AJshyKHbehsxq-vF...
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=3K77P85jSr2dwu_RIKlBUmMgX-A

170 B
188 B

50ms
40ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=3K77P85jSr2dwu_RIKlBUmMgX-A

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:47:59 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=3K77P85jSr2dwu_RIKlBUmMgX-A
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 43EC
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFzgnyq5HgVKLYWU6faTwqg&google_cver=1&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsT...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFzgnyq5HgVKLYWU6faTwqg&google_cver=1&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsTkmZ8-JQM&google_hm=FOC88if_SIOwVhTwk2H3hw==

170 B
188 B

63ms
56ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsTkmZ8-JQM&google_hm=FOC88if_SIOwVhTwk2H3hw==

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsTkmZ8-JQM&google_hm=FOC88if_SIOwVhTwk2H3hw==
Date: Tue, 13 Sep 2022 10:48:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 43EC
Redirect Chain

https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEDnHQpDmNs5_fpxVafMW1Uo&google_cver=1&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0Rqvi...
https://c.us1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_push=%GOOGLE_PUSH%&cty=br&google_gid=CAESEDnHQpDmNs5_fpxVafMW1Uo&google_cver=1&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0Rqvi...
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0RqviJEq3XQh6gd3sHcAro1zcw3q13WGfJm2tVEI2w1Thls2abClQW95&google_hm=MDYwMzAwMDFf...

170 B
188 B

56ms
41ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0RqviJEq3XQh6gd3sHcAro1zcw3q13WGfJm2tVEI2w1Thls2abClQW95&google_hm=MDYwMzAwMDFfNjMyMDVmZTA2MDY5Nw%3D%3D

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Sep 2022 10:48:00 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_nid=dynadmic_brazil&google_push=AehlK4BpSNK1VYc9On_lf1ZMtD-YqtxeP2LNYigNxVZl0RqviJEq3XQh6gd3sHcAro1zcw3q13WGfJm2tVEI2w1Thls2abClQW95&google_hm=MDYwMzAwMDFfNjMyMDVmZTA2MDY5Nw%3D%3D
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 43EC
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEDdgaWRLUlH2A0aB3_-CzsM&google_cver=1&google_push=AehlK4CuAVG4SpuOOW8rlmexu0PTcMbYeaZXK6e3U9vjQR1NSMPwY4rTnJ5yrDsp-GHH9KtDvGhDdlPe_FHYXVsz...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=1e48e93&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4CuAVG4SpuOOW8rlmexu0PTcMbYeaZXK6e3U9vjQR1NS...

170 B
188 B

46ms
43ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=1e48e93&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4CuAVG4SpuOOW8rlmexu0PTcMbYeaZXK6e3U9vjQR1NSMPwY4rTnJ5yrDsp-GHH9KtDvGhDdlPe_FHYXVszJMfKp5znfHTb

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: EWR53-P1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=1e48e93&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AehlK4CuAVG4SpuOOW8rlmexu0PTcMbYeaZXK6e3U9vjQR1NSMPwY4rTnJ5yrDsp-GHH9KtDvGhDdlPe_FHYXVszJMfKp5znfHTb
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: z1yrAzQjo3GGlgNhxCo_cSkUFa9spgGkgE9PTxsSWGNpvmSTl35a7A==

GET
H2 200 pub
cs.chocolateplatform.com/ Frame 43EC 0
59 B 152ms
33ms Image
text/plain 159.203.145.121
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEMuFPjNqtdwaKHzPK5Lvts8&google_cver=1&google_push=AehlK4A-e5SPqVJtXZcuRVbtLKWqAFwmAMcZHXCzyOB7BA8hJqz3XyGxnngES_u2gpqHoDbST75W-xWNn8VgiD7A_K0qwDX-Iz5H
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.203.145.121 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: CookieSync Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Sep 2022 10:47:59 GMT
server: CookieSync Server
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 43EC 0
12 B 48ms
35ms Image
text/html 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JwP_Qq79FU3To0d_GcWnfVVZY-YzzKCWMw_2wZt_lJq8MYXAb9r5EVNisjuV24T9pB2rSs

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK 300x250_bg.jpg
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 340B 25 KB
25 KB 116ms
20ms Image
image/jpeg 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/300x250_bg.jpg?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 80cc4917db805a57cc96ed5737ce15528bac22b38653c3b6b2454740a260b7aa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:03:19 GMT
Via: 1.1 baec235d174153a8f2e92ea724643824.cloudfront.net (CloudFront)
Last-Modified: Thu, 01 Sep 2022 22:13:34 GMT
Server: AmazonS3
Age: 485082
ETag: "bb34673e241c0db99343ec655c2e47cb"
X-Cache: Hit from cloudfront
x-amz-version-id: nkjsCM1eHItvEZphZkrN2Rg4qDu08O5_
Connection: keep-alive
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 25157
X-Amz-Cf-Id: m1m37iNF_AmDEYYSJwOl4d0yIS8VzE3MQVoBukyIffCILpBE_NbuJA==

GET
H/1.1 200
OK 300x250_cta.png
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 340B 645 B
1 KB 114ms
19ms Image
image/png 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/300x250_cta.png?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 58501b027fcd0c730f5e75570c91e0182fb258167a3528f22a838cc7eecc0c08

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:03:19 GMT
Via: 1.1 e42e8491a089e2183879e26e61dae708.cloudfront.net (CloudFront)
Last-Modified: Thu, 01 Sep 2022 22:13:34 GMT
Server: AmazonS3
Age: 485082
ETag: "bc0c0c71b32e9172019688fa835698d9"
X-Cache: Hit from cloudfront
x-amz-version-id: alhedavqjLffEPlxJ63vSz38vIKD4p23
Connection: keep-alive
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 645
X-Amz-Cf-Id: gzz7SpTRXWoVQHjLDVKsrDkP8R_ZhzOBLkXuSa7p_zcZisp9sMZ9Xw==

GET
H/1.1 200
OK logo.png
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 340B 15 KB
15 KB 115ms
21ms Image
image/png 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/logo.png?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38d797d77f92310ebdcd7319f36d999b6ed44dece556fb63d3deae5ee11b9d0a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:02:03 GMT
Via: 1.1 50670fc09f8465be7ae4adcf6e33ab7a.cloudfront.net (CloudFront)
Last-Modified: Thu, 01 Sep 2022 22:13:35 GMT
Server: AmazonS3
Age: 485158
ETag: "5092e363d273c5ffbd087f787a68b57c"
X-Cache: Hit from cloudfront
x-amz-version-id: FXBdThHKpszrvBvNyhrAEmOzJ.c_ccok
Connection: keep-alive
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 15232
X-Amz-Cf-Id: q-2ZyXKipJpal8DCElKQWHb9t1yBzJxOyXM7lqYZwib7gZAmLQqFFA==

GET
H/1.1 200
OK lockup.png
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 340B 3 KB
3 KB 112ms
18ms Image
image/png 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/lockup.png?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f896b65c94b5037b1d50dcc1a299373352e9858717372d5df2922619ad64c6d1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:02:06 GMT
Via: 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
Last-Modified: Thu, 01 Sep 2022 22:13:35 GMT
Server: AmazonS3
Age: 485155
ETag: "9fdb9a0488f5b3ae67857f25d10b6c7f"
X-Cache: Hit from cloudfront
x-amz-version-id: uKgU8qedD6bMNLoojDSOWh9CPMPGKJcC
Connection: keep-alive
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 2901
X-Amz-Cf-Id: FIek_gwgwntwBzWbFLFpN_y6BgKeEnHlB4RTLYHwKCDorBBR_dOjmg==

GET
H2 200 HelveticaNeueLTStd-Bd.woff
am.contobox.com/cbdata/fonts/HelveticaNeueLTStd-1/ Frame 340B 16 KB
16 KB 126ms
88ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeueLTStd-1/HelveticaNeueLTStd-Bd.woff?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae553d558315fb605a472046446fd459982aa95dc7ad57bd26e8b230a8799596

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
last-modified: Mon, 22 Jul 2019 19:52:58 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
etag: "091557fe7c6291e960368abdd908796b"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
access-control-max-age: 86400
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 15968
x-amz-cf-id: 141Gaxsz55Xm0Z16lzgEZGYIVDgiEbf4OvSd1ydf9JJV9jM16DzcnA==

GET
H2 200 HelveticaNeue-Roman.woff
am.contobox.com/cbdata/fonts/HelveticaNeue/ Frame 340B 13 KB
14 KB 89ms
52ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeue/HelveticaNeue-Roman.woff?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9578fa3dafa5207b612a55bb0d512c53f9c50299a402e53ac7da33fb2cc3f8b6

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 07:39:36 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
etag: "4a5c08cc9d3ae9e1c509d40f6c671c21"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
access-control-max-age: 86400
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 13400
x-amz-cf-id: ZIZRLUmal7RaLayOTeLSK9MWb0fpSCc5Ot26nNJypO-zCPo7W8bCbw==

GET
H2 200 HelveticaNeueLTStd-Lt.woff
am.contobox.com/cbdata/fonts/HelveticaNeue/ Frame 340B 15 KB
16 KB 102ms
66ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeue/HelveticaNeueLTStd-Lt.woff?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ba1174a28296695cc50db5e309f744d41bba56627cae80e7ee902c6ee039053

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
last-modified: Mon, 22 Jul 2019 19:52:57 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
etag: "9dfd9f72bb8be4c43a74e77af9af48c0"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
access-control-max-age: 86400
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 15840
x-amz-cf-id: uGYkY6rFtefRG8mupk25AzZrmtxiKtzpulvBlUibYwqC3PSjK_r1LQ==

GET
H2 200 viewload.js Show response
am.contobox.com/v3/frontend/creatives/ Frame 340B 87 B
461 B 29ms
28ms Script
text/javascript 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/v3/frontend/creatives/viewload.js?ad_id=132646&campaign_id=15906490985&cookie_id=97S1GsAaMa5N&domain=mariopartylegacy.com&dsp=DBM&event_type=impression&exchange_id=1&rd_iframe=iframe&ip_address=149.56.153.181&l_type=2&network_id=435328280&rule_id=28720&sid=335d0da0a14b43b494da78c02733f17d&site_id=36559527451&zone_id=129985&fromurl=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&cboxid=132646&lid=a_DBM_!!_c_15906490985_!!_e_1_!!_n_435328280_!!_s_36559527451&layout=desktop&clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCrR6H3V8gY5m2M4_enwT8tYCoBoXo7pZsoKC5r4sQq_S4gfkdEAEgg5vTaWD96KKB8AOgAcbLlMACyAEJqQLIFXgX99OpPqgDAaoEhAJP0JZSOd6XUa_SfPHcbkki_cP5eYDOD3Vqg3MUoYCQTUoZEQxSmCaoXQI7XIeKz67nEfvygo-LsljNLAbvGA2kBnpvkfddsbCo0QEFtbP4SHT3icz69Z3JvurJTVHeKKKa9s-GS8JW0Xb4nDCPdXjFoM-I5kUIXQ1ManoHTXwzSHkETLwcKaIGNHm5gOQqpZlt49M21VgoS2QizHEXxFf6JowUCk6itJvDeo3sdCdPXbxdw37GRkOcoWQxFRzaAnMMek9HQVtmK1PGacT0qq8-Kw3K07kzwwGqWY_974jWR_PNjU5SJ7shmnc_KUe2SDuF6FcdsnUGV6IJO5-nsr_VbzU228AEhfiD5eYD4AQDkAYBoAZNgAeitOu_AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCA8IgGEQARgdMgKKAjoCgEDyCBthZHgtc3Vic3luLTEwMDQzNTI0NDYxNTAxMTCACgOYCwHICwGADAGwE4i7sRDQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAASJeRoBbBcf0Bs7BRJjk2qup8yJ0UQBewpSE9lX-PHT7l4n7Ll2ZE%2526sig%253DAOD64_0ynZqgZrHMxUYf18q_MHf-9pWQGQ%2526client%253Dca-pub-5781531207509232%2526dbm_c%253DAKAmf-BoTx9BSsgzvHS744nrktvgF54ayU8LSms2pmCQbqHl15p858y8wpE5zD7raIBqeQXP5Z9Hcl917nbfOFc6ruKqG9ericSN0DSrYb7GSWZ0D6Y-iBvVfNvCAi3X2ZT_OzpBe0EggPoeSwy5SFRFsUFBmUTZyA%2526dbm_d%253DAKAmf-CxVpwyaVdj_XCh5fsPXA9j-HRBcxPjhxhQaF0GO2JCi2ncH_Q7hvVYBpogHWiqlX5jPPtBwuQZMn75aArisgAkLElN6tM7v1oBtOsjSyTPtdZ-_LjkOH0x2SjJC0WQZ8568ndJmGjEFY5zrArSxmXQSuu_nO7NMDLTTfZyUXAU_Sea0ST35nxaYy4hYY3rB6qGy2Jkd67Sf1jo4QrL596EPjEmyU4U3vf43jNhiwEqV0Ek7SHP0_I0JbWpBlsvecmWzsn2eiTvODPXnM8pEBOJVt7lsmMYyozkvXLPPXByq9oWvJUNm_AYYxoPs2VmQgw-2Q8NAtk1NuzhRLJPkvfMliVP6gbJqVdPKnmdmuhuW55cLMXWGIiSXbzmZeh7mV48L1CiDz31IkhPgfgzd2AD7BAgX18z0FYLXBMPQ_ypkAID5XClaihgI-LcbsEFHvN83XA43hMjUJeU5333NpbbSMb3SKw58pbezWw-G6KfCZ9W2LeGz665XWVrs5UAWJoGwFx15mb1NCqy0J5JcWp7SObMRbmcb_KW4-52_N7XuNFi-kQ%2526adurl%253D&http_referrer=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2F&ltype=2&resolution_width=1600&resolution_height=1200&env_type=iframe&position=above&ifr=1&iframe=yes
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: dd4b2828f30ac53b8db4f77db8dede34f9605436d286f254c88f34dfbf0de1cf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
content-length: 87
x-amz-cf-id: r9ZyyDKogjaNjNqbxi5OEJbmZYHSpRfETulP9taiZdhe1q0Ntnc4uA==

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 41A2 640 B
316 B 90ms
41ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhjJtsrPATAB&v=APEucNX3peEtm_juRh0adjVxtQ1b0sCxQFluOUHaFZc9veado5gAKsKu1dywm2u68NMt__dYES6DjnaJjPrQKGYVUSnX82gilg

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 295
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:48:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 729D 27 KB
17 KB 104ms
68ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cb7Hr--SwG4qy9g1siAkTdq3YdJQmEnkuG1XLx9kc5BGzFVz6Z4ERKZ4Jx8Z9_k6mpJvMOsUuZCahe0SBA5VkT1fa-icP_hEvFwkorN-QQ8Bins-8xEklNFquib2n3qpP5JBvFyBiydh5C7zCaye7igtwJLg&dbm_d=AKAmf-BLPm5JuyEdOZly66p0hP7kNrZMZBhcHCHGpTe73hUEBjuqs6380P5RanO7XfnlJnMbv0fDpDJBHzIBqoGJiIihhxVo76gAzIDJDCr1iFUzwuhlYl-I-4qwyHnH-5o9W31siOXHxRYsean3CXZPUqJyb_fGreuMy7znRqLId1uqhyTcZiK5nNJB_GVf6UAPzQCBnAhXGSfjEKARntOW4mGW8qIZE7AsddEJ9RZxUPQJFUhHXcQU0H9rHmfb-Ljef8LTWzADFFGVizYojQw7Cge3CAoqv9OLFwN7IyPydwGyfKkV6dZT9WgTa7CbYKEkjK0syNiuAYAEjIXdChYRFxd6k29Iny9Ubs-0Eg-nJykgI_1oLhjEB43m4sAk47Tm2WTPbdLPCUFPAn0VFTIg9AaSikU_P-cVqQY3gK3WLKD3oeYBjDno92iabGVklHYvt2mewUx7OfA-2tbXyVk9aNLmRo9_SrGZYXda23psLKWDi7q7F6Yk03T_HpQKTJLHIaGpDccN4FEMIXj0PmdEP08t1pXUQsp4cyArN-ocgLIP_4GeAw67M8VnxCBsQ_aG9J8XI6TQ2iAhak7Mvkk9LPJm3gZ56QTK-Gp5T6tDB3m6m56lnqrSUHTGyJFJlPT7JHAh9nCDaRWCU2FLicYoe19ofSSTWQkaPH3HB_YbYWWmsDdJt3dupDY-02N4PChOiipJV93zCYHo_s0aKzl2gdYxIIvSdGJH4cSc7u99cqvvgSluag-S3tO3MshxD4bhvXFPSounefQ2zmCg1A9qbqezFLjEnHtcCG2_-PfNvDAmu2kxcwzpVeoQYOraGfEGNtQprJLqo6BWOIp63Ll9c43twWGbShgzPg0CMEvaAA3ALHlGEKqJiHX0lfz0jyzTkE508eokI38k6WmniVg_acLa0IntYEAatzd9bBIfAxACFAiRzxYcEsQFqgKgwMctUpUzRGWSOy36MHw2cBYBGo7Q45c9Uze_atCBXRu7wfwqrD2USkfROVedxeLkDlAKAfwkL6eoWZOUp_V6Nz_q-4O9R4iC_z8vLKep1I4l4r3Kd_tZUc1Ig7wM3kcykDQU73LUyv-CRXToj1vgpWVF0EcdyBBPr7x6PhbxY21OvDjUmyZn4pjVYt1ZPMGZMQPoud98W9dHTtWR5-CfLeK1wNX-H7kVjEHJQYqcETNdl2r0s_-DmceTHhmYE44IdmBpTXz48hKKJX4EC0E7bcoaCR0hcIF2bbEewFT1DFq8noI2Ap38JaKaAPZo8wvacsUBzyCyox9D6G2yBH-5jdi9ST_h8XGMkQyaK3cs6FyTz1vGQDfS887EtMw5BGtSNPhCchYBOmaORgl4BnOTxfFKvLiBEULQ_X9qpJMLjv7b0JwhRe0ANCrrhMfmqCl1JYEwbJGjly9HnmrXqTA0N4gNh3eJ3K6d3qTzAkWCVyTciXV25plgT_bmxgovWtEzJ8_5njQ5Oejow8VWHi_Ijc1rT80UT5-ICqWFQWxHanwW1_cJ3PbE-lwbi4z4x6GVzK51O2ZApnnnXw9lb51aPTUp7GLz_VJQ-O0-1rOhR4o0ksyb8IHJZS7u6w2q098JNP7dD0h56N0-Qg1cmo42hxuatz59zMAQ0LlSgMB_NiRR4ii72UoSZMrNk5n-wQBDVWgoICr5NuTnGLV0SDoGST1MrET2IU3XMRyzqbbY1KSuza0AndJKU2EM-3TBTPm5HH3ha94dTs9eBeMp1AcBooWFuHZFwYmaynFDb7-Gazlw49AnktG6H-7yWJhJUP6ygQ10-C4t5XzlyEQAklN2SG_yVgomahT9cIt6JOiC03Wnd-QyUvdhiHbbORcEsHwsoOOMV_vvQ_Qcd9IIvv6Le47iYgvkCh6zqCFmby0NQkEHjpCXxGvx-xpqQur48qs_KTSCW425sVjRyAQ-kaCML6dtWrrcuUDvFmiqecbHT7I5nzHu77NzHJGne9GenjI6pcQqmL1XsMwEsrnOzUoa4R-LJPWilYcoQ5yhQ678zC-zQW5WzOnvziFDn4lZqXP1Gr3tidGDs0JZvgjS-FmQDT_Wzi5TFsvuZRkLQTF1ynjGvcONO6D4FOF6OemrN_oVfFVBuOquND3luud0TZqR4QuE5yxurj_FhukoxgZK8KRBCPVOoTmxpPWT3-BcnF25yfK5oMOZrSDE0M6EwPVT5lPCjiwp3iovQIMFKUt6OjuT1lG2rL0N0m79wx3YtHusr0ropnPb7OfKNFBuDVksYQvlPDYhHp-XK4OZ4Ri5B9p9aiM_vdQoXjsAVYqL9TyCX933jT9F4aaiyd1mdXk790Jo7s9p72TYQK1satyriNgnoKu5pOjoEBBdiCkjLvmDButZTSMMm0WgmtsAV-iNWUaDtJt5IarWyJwDAkMtL4ZdQDizbDPD6MGI435AqGHoWVhRTcBK4kArPQ0IQ_tt538IZQ5Zlysrl5JI4jsfeeyYUpoPJ0OtVKxFONLM8GO-ywITOd4VYfWq9xs6rCEP9Yusfl5IxQRk0t4NcE-hOiTbT_gzpUjitK4_hH2dhKMR-4IKH3gVSYEHzv0LyCgcgonNbEAkc_Cywqani5Iq9l_oa5QLI61uXSsk74bHDx_F17rpg9dkX85LOVIiVGbuQbDbNBjrPLRMoYQ-p2kEisq9SfbzJkCV-KfjO4bvHdjyIiD9M7uqcvVW-XKhD1Fq6w72nIveWDhSI8W9kQ03jMK_34Haufh_YVYFJ2GMrAxGth9omG8oqAxaGUvqKoMnNiJsUN9PwlrDuLu8lgWblc3zFbELKBf5JFSeAY5PQhibsIRl9fm7kif3ZAPMUzZBmAlRZ-42g-0K5CAJCnlwIvu1tcNhBSsAtHUqciD9l-rL9aJyXmazc3z2PmMTs-lnGsLIFRnmigBu1irIUiUD5bmW7YomRS8BSSQ-tJ70RXRBbAjpN_J0IX6sGMZUPneujcscP7P4ZnnUhAazfrO7Ui6hSAuBgvJtHM7d2T6KTTCGzEYhn1JhDwLjmP0QEFQWcyOQWPy-uhgT13JX8fGCQ_sHXuPDQEBXxbJ-w-oPECyRLCypWInIEZkXViqD-wTHoPnQumWjzzAC-OGoaY0xuBXlpoDhzdsstGM8N6reZXK0myb1xy7g6yYK2YKcAngW69GbBMBacQ0fcoWvpcqgKIpFTBDrkR1UFRmy-Y1pQz3-96UVSAsd4c008swWVPsKfPBAA4QHThGDvrlYH6_vvH1-rMkJBA8dssu5oAJAkg0cbq8RRQhlYqKwQDU4_exvH23Z6W63yLeWntT8_Y_xyWgAjX9e0PzWUVB_mDUQnsqvLpkz2m8nQRrQhF7d1cbqjrWzHr9jfE7O9692h3SIY5DEhYPV1uju5XaVbIKaMlnuhA3DCYzvSGCF4iB4L5bYBwi4oedhbOATxA&cid=CAASJeRo6iv44bwI1Tttt7jdRAz2IEakjl77bBaIW06KMOCfiUmGBOE&rfl=1%2Chttps%253A%252F%252Fmariopartylegacy.com%252F%240

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

118b7d83a74408b9f83534ef8d31b26799fa9298a285101e1dd504b81cc4a675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16884
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 729D 42 B
65 B 79ms
79ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A92OLdkQs2TmbEWFlqQUZ2DkQ89KMnNPb5s0StUviDIWCxEHliEesTLMYvbKUlgZzavENtyeco2ckB6jHubxu8DXm97vy5hmBiIqUZTZl-hngmQT8

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/ Frame 729D 3 KB
1 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/window_focus_fy2021.js

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:38:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 599
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 729D 142 KB
44 KB 130ms
71ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf5477f7c95dbc72d95dc48406365be84b2c1a2e3d6298d83e39d829e13e770b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44876
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662981969255015"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Sep 2022 10:48:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/ Frame 729D 17 KB
7 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220908/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:44:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 729D 0
0 38ms
36ms Image
text/html 2607:f8b0:4006:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRPAS0OuP2YtjMkEPkv67BCqrQk7vxyMOH-6x84ZgY9xClEP8tLLL6jP6WVGH0b-m_0bDmKFuVx_CYZP9o2qY2HlH86_g
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:821::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H2 200 bql.php Show response
lg3.media.net/ Frame C5A6 15 B
159 B 22ms
21ms Script
text/html 96.17.64.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=6255&&&vgd_l2type=sca&fp=CC2xY_08PWSgkjPawthbK5Sr-09jTD4D5eFj4mhBVxe23kQ9aLTL4AAbJJpehvP6KJsiExX5H_J2TTeLYOKtG62ns8Gsc1MiR-x1xgsyg-dte6Aym6ltbMJzKw5fKUwRQAIDWMvGija5KTrnHa0ayQ%3D%3D&cme=b7gd0YAvSkQ-ka-Wno3Yy2VN42FscHHyJy2c_x3addbdwkjMRiz1ad3sdtcpnPR2UQoXxyMx58QC_7rrZ0AvxBQjjQYj1hkwACqK7JamsVSrmrdnObmlvbHceHaGg_WlqGQ3gEFpeWiko_P4vCYc0JMmh13NFq5dlZj_GrYUc8h9IfstRWzYy9LscgWkN8aTTMQdmAPg0-CD1Y75XyQWGTf_9LMDZpmD%7C%7Cu8A6SM53vAftoPNiubF0nycR241yHs9V%7Cwq-seedwI9StKo6oJATMcvyNPKXfS9WM%7CdsA6EMpZ47R6ljdz__nQtthZoUpm2bb5%7Ca0AmFUYXmD7aw660rP70HkNBZMV3pwo4TCRczon4ct38n6g_JjN60w%3D%3D%7CHyhfC7RYyqKfZjtiVlFOq_XWDTyqYfm_P7wOPamxbRha51topHINzpJVM9E010yWArhB0jllvme9pDaGwFxnD0OlFtvaAoSoBTWhjjo96yb14ipr_kfJHxTYpy3JZ47kXFTMJLvn2L45ILTl5WAp_TtOskwc-yZPQX83Nw92NR75VIYp-KTxEi5IdHOVhDmfA7VV19XHkRFvmBFXVIXRBxfRPT3bSyVWpvwPuTSn9OQ%3D%7C&v=1&geo=45.5%7C-73.58&dlper=20&lper=100&lpid=&tsid=15062&q=&prv=&type=&ps=&hint=&td=&cc=CA&wsip=170721347&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nfu&vgd_dnquo=00_XX&ksu=207&fdkt=232&vgde_kbbh=fuoyxQBuG&kwd[]=Free+Super+Mario+Game&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=1&kid[]=11666737&kbc2[]=0%7C1%3D0.75%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.81%7C62%3D0.21%7C63%3D0.28%7C12%3D0.69%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D0.16%7C4%3D1.00&ktd[]=274911854848&ktrkt[]=Free+Super+Mario+Game&kwd[]=Download+Halo+Game&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=2&kid[]=74360453&kbc2[]=0%7C1%3D0.47%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.41%7C62%3D0.41%7C63%3D0.28%7C12%3D0.62%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D0.10%7C4%3D1.00&ktd[]=274895077632&ktrkt[]=Download+Halo+Game&kwd[]=Play+Free+PC+Games&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=3&kid[]=22633645&kbc2[]=0%7C1%3D2.77%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D2.78%7C62%3D0.46%7C63%3D0.28%7C12%3D0.62%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D1.01%7C4%3D3.05&ktd[]=274895077632&ktrkt[]=Play+Free+PC+Games&kwd[]=Free+Pacman+Game&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=4&kid[]=11623007&kbc2[]=0%7C1%3D0.78%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.81%7C62%3D0.21%7C63%3D0.28%7C12%3D0.69%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D0.03%7C4%3D1.00&ktd[]=274911854848&ktrkt[]=Free+Pacman+Game&kwd[]=Mario+PC+Games&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=5&kid[]=119466405&kbc2[]=0%7C1%3D0.72%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.79%7C62%3D0.25%7C63%3D0.28%7C12%3D0.62%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D0.13%7C4%3D1.00&ktd[]=274911854848&ktrkt[]=Mario+PC+Games&kwd[]=Super+Smash+Flash+2&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=6&kid[]=164904679&kbc2[]=0%7C1%3D0.97%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D1.09%7C62%3D0.46%7C63%3D0.28%7C12%3D0.62%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D0.09%7C4%3D1.00&ktd[]=274895077632&ktrkt[]=Super+Smash+Flash+2&kwd[]=New+Super+Mario+Bros+2&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=7&kid[]=129475791&kbc2[]=0%7C1%3D0.44%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.41%7C62%3D0.41%7C63%3D0.28%7C12%3D0.62%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D0.07%7C4%3D1.00&ktd[]=274895077632&ktrkt[]=New+Super+Mario+Bros+2&kwd[]=Super+Smash+Bros+3&kwt[]=232&kbc[]=05992428019c8c1a7e1bc50819067b57.d2s&kwp[]=8&kid[]=27454427&kbc2[]=0%7C1%3D0.72%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C60%3D0.79%7C62%3D0.25%7C63%3D0.28%7C12%3D0.62%7C10%3D4.36%7C66%3D1.21%7Cps%3D0.998%7C3%3D0.06%7C4%3D1.00&ktd[]=274895077632&ktrkt[]=Super+Smash+Bros+3&cid=8CU566D6F&vwid=1663066079866979151&vi=1663066079866979151&tdAdd[]=ib%3D0&vsid=3060676791454972&tdAdd[]=asnum%3D16276&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_cdv=794&vgd_l3_sc=QC&vgd_chost=contextual.media.net&vgd_hb_audit_1=8CUH868Z4&vgd_hb_audit_2=341475548&vgd_katbid=-102&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170721347&vgd_nrrv=96642&vgd_nrrmf=1c80a&vgd_nrrsf=scrr&vgd_cty=montreal&vgd_go_pid=8POITAN38&&tdAdd[]=%7C%40%7Cabp%3A1%3A2&vgd_ifrmode=10&vgd_l1rakh=1663066078144179762&sttm=1663066079549&upk=1663066080.12063&hvsid=00001663066079549025035145493268&verid=3111299&vgd_matchstr=hr%3D0%7Cbcat%3D13%7Ccsh%3D1&sbdrId=196&lineitemid=4&vgd_ecrid=352177047&vgd_isiolc=1&vgd_fcm_enc_mis=1&pid=8POITAN38&&abpl=2&&kbbq=%26asn%3D16276&&vgd_vstrid=3060676791454972&vgde_bdata=QOfvzxjj~8xLjMjvf9~myJLEYv9.9X~eBMJ-Nv9.AA~e8QMQOvA9H~ONfvu~G17v9%2C9%2C9~QNOv%20N~eM1QzvuFfhF~ejfLMQOvf9ff9iufuh~8xLjMGvfiWX9.hX~xLjM7UNv9~Q7OvuuuhXXXf~j1Q7v~e8QMxLjMGv9.fH~8Evf6%20xx%2F~kGGv9~e8QMxLjMjvf9~L88Ex1v9%2C9~J7vfi~LNvu~L8Qx8Ov9%2C9~LEQMQOvf9ff9iufuW~e8QMGvuWH.FA~xLjMGv9.9A~xLjM7e8v9~JNEMJJLvAX.f~xLjMjvf9~yN17vX99Hif~GGvuiF~eev9~jfLMGvu999~JLEYv9.9X~GYvu~Q8OvFAAiXHWhA~QOv9~x8OvwWT2yH-VZNQZp85GW~G7OvfHfWAHXAii9hH9iXWAf99AXhiAHiAui9u9HhX9FuXW99W9hhWiihih9uWiHiFhHWFHA9if9AifhWHWiW9HW9~OfEMjvA9~AENkvu999~x8Yv9~myMYQwv9.9u~OYYMQ7Lyvw1LYmz5~OfEMGv9.iX~myOfEMGv9.i~exLjMGv9.9F~QQvIK~x8Bvou~NJv9~LEQMGvAA.HH~exLjMjvf9~%3DVvfhAA~z7Qvf~7Gvou~N7vYmz7LJ1j~G1Q8QfvuiF~G1Q8QuvuiF~8QDJkv9~8exLjMGvuX.hF~8Q8kv9~jNvu~G8Ov9.9X~ONvW~ejfLMGvh.WA~8exLjMjvf9~QxEEj5M71yM8OvuuuhXXXf~e8JB1G8j875v9.AfFHhX~NGOEv9.9Ah~OYYvw1LYmz5~Qx8OvHhhFF9HHHWAHXfuX9Ah~QyY7vcxQ8NM1zOM01L75M%2F8OJmMZ1YJQ~8zQjv9~O7NvJ1Q7MQN~O1jyvxz8Qmzui~w7Yjvu~QmGEv~GOEN1EOv9~OYYMJLEYv7LxJ~GkjLv9.999~myG8Ov9.9X9~875EJM8Ovfu~QJjjJLM71yM8OvuuuhXXXf~N1LL8JLVOv9~ONx7vfX~OmyGv9ou~8GNvu~Y-JvOJQU7mE_mEu~Y-GzvoRf~OO7vou~zQlvf~7yQvhfW-i9%7Cih9-fX9~GQGv9~GQEv9~7Y-vuHA&vgd_optout=0&vgd_cfud=220401&vgd_scsver=311&vgd_bhv_kbb=-1&vgd_go_ent=1&vgd_l2ch=0&vgd_rensize=970_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_dtc=east_sc&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&vgd_pgids=1&&tdAdd[]=uiparams%3D%3Brend_w%3A970%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200&&vgd_uspa=0&vgd_sc=QC&vgd_l1rhst=contextual.media.net&hvsid=00001663066079549025035145493268&subBdr=196&bdrid=4&rc=0&rand=1663066080163&acid=905c32d12f6f4fcf8c2299720fd66022&matm=1663066080163&requrl=https%3A%2F%2Fmariopartylegacy.com&vgd_x_pos=315&vgd_y_pos=181&vgd_ren_page_h=4921&vgd_ltimesrc=1&vgd_ltime=1676&vgd_rtime=1314&vgd_etm=40&vgd_l1hcsd=Sdhh3%7C6114&vgd_l1ch=1&vgd_lhl=2704&vgd_pgid=p01358694656t202209131047&vgd_adprefflag=01&vgd_csip=rtb-appnexus-57dd7c57cf-vk5nx.SC&vgd_sbSup=1&vgd_nrrs=96642&vgd_cntrdt=SL%7CDIV-58e3a83746e0fb000143f024-1000%7CDIV&vgd_eadm=1&vgd_end=1

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.17.64.29 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-17-64-29.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=21600
server: Apache
date: Tue, 13 Sep 2022 10:48:00 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=54017
content-length: 15

GET
H3 200 PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js Show response
pagead2.googlesyndication.com/bg/ Frame A892 36 KB
16 KB 27ms
27ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ec80ab4268df9789b6af0dde736283e282147fcb8dd88ca5e3acd70882036e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 14:40:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15954
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Sep 2023 14:40:19 GMT

GET
H3 200 7187f0fa.svg
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 492 B
333 B 28ms
28ms Image
image/svg+xml 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/7187f0fa.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b74e688e7c657a53478003583dd789e4a5ce35161c3f62b80745fe730b77bbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 304
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:29 GMT

GET
H3 200 fa5fb8b3.svg
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 1 KB
664 B 61ms
41ms Image
image/svg+xml 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/fa5fb8b3.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b40c12b01d7dd928361aad83fb76e10878527f3b048cd0a4a4aff3ec8b85d9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 04:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456313
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 635
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 04:02:47 GMT

GET
H3 200 a94c3b60.svg
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 1 KB
590 B 75ms
55ms Image
image/svg+xml 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/a94c3b60.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f16f0898b02a9df6ac2f9888ed88b4f63976e512e9fac22c8d468cf6877b605

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 561
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:29 GMT

GET
H3 200 04b90d3f.svg
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 3 KB
1 KB 71ms
51ms Image
image/svg+xml 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/04b90d3f.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861cae0f0baa045f169177b9b6dc775cf1ddf7d64bd6fa7b71714d2e5090cc26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1174
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:29 GMT

GET
H3 200 5b47befb.svg
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 3 KB
1 KB 72ms
53ms Image
image/svg+xml 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/5b47befb.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

017f77dad35bc8628746a941c5b85ee4fb206c73f7abd23e1503fadcfdc734af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1106
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:29 GMT

GET
H3 200 f1c37baa.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 49 KB
49 KB 60ms
41ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/f1c37baa.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c9996503dc034049902e13428f941abc818f75a6257878a261acc3b2206dc61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49977
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 b5fefff1.svg
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 4 KB
2 KB 72ms
53ms Image
image/svg+xml 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/b5fefff1.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503ecba2019c7935aecb5a6322e359ec4e781280c3e700c6d2b81820fdbc1bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408151
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1664
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:29 GMT

GET
H3 200 396146ca.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 570 B
597 B 64ms
45ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/396146ca.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca92b873e5adfa0ee82541e1ac86a5c5e40d0867bbfb85551a0b69e0dd199aba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 570
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 5130adba.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 1 KB
1 KB 70ms
52ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/5130adba.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40cfd90254f8ee9bcc9b98d595ec9d88e0bafbb3fe643cfcb760f07323ece86b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 04:02:48 GMT
x-content-type-options: nosniff
age: 456312
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1379
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 04:02:48 GMT

GET
H3 200 104ff47a.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 2 KB
2 KB 67ms
49ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/104ff47a.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e35104ccba589e72a80a95a76778e92b7ef31c254e2fa4cad644e18d1f4b69a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2527
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 a8f76996.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 673 B
700 B 61ms
43ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/a8f76996.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71a9213f3bd7637037c40991e7012b97d6d69084c77e947b5c9dc0c15a0e980e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 673
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 3205f5a6.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 1 KB
1 KB 62ms
44ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/3205f5a6.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f34cbb4f65ff257c696d683b5ec9744d61fc9424d1341abb2c17e8d76c537770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1237
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 f682d8b3.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 103 B
130 B 60ms
43ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/f682d8b3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b4e0ca646d88b976feb9c46bcce7b34dd09601d7ba1bebfb787bc08a009f487

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 372aa14a.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 125 B
152 B 65ms
49ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/372aa14a.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a30b024d5187d1fb390f7b3bc8cf3275fda92755fe0cbdc078f3bdff49ab4d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:31 GMT
x-content-type-options: nosniff
age: 408149
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:31 GMT

GET
H3 200 6d26b0c8.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 1 KB
1 KB 62ms
46ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/6d26b0c8.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c532e077e9fcf9ff946507e700b8eba673a9ebc61b0d5a75eca0555e6621d2ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1413
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 a6685f3d.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 3 KB
3 KB 57ms
42ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/a6685f3d.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e534098b9b3641a9400bbdbda034131baaa1ee3ee61bf2faacb1f06fe98fecdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3315
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 833aa20e.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 760 B
787 B 56ms
41ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/833aa20e.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9b7800670c365338dd378c329ce796686c67ada423bb56461e1d60a66c2ad68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 760
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 c67ad961.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 1 KB
1 KB 82ms
66ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/c67ad961.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79302ecdde9b40e0e7a2cfa8073f5f40ec6ca93e53848805c39570adb916cc8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1331
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 c2e28a10.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 2 KB
2 KB 77ms
61ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/c2e28a10.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a98e69e4aaca2377e1a05293450aa29c8145d6aee9f17a858e0f59bac6404dad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 04:02:48 GMT
x-content-type-options: nosniff
age: 456312
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2135
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 04:02:48 GMT

GET
H3 200 4399ceac.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 4 KB
4 KB 79ms
63ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/4399ceac.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de73f9fa9a2c6f1d2f2142fce9a5d427bc430e2fd280cba8d5049b86aadbb6ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3686
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 00d1a388.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 174 B
201 B 80ms
64ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/00d1a388.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b86073394cd6e73cf4cc4a415f66508e33e2f8f12c34df1bb539f7500006185

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 174
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 b57bf401.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 223 B
250 B 76ms
59ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/b57bf401.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77680b788b7094c07a6ced1363f0c5fa75447e82d55575c043352b92b2ff6d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 04:02:48 GMT
x-content-type-options: nosniff
age: 456312
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 04:02:48 GMT

GET
H3 200 ec7c457f.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 2 KB
2 KB 71ms
54ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/ec7c457f.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1bad71a6245e0ac525b4e3680feaa079af3003beeaa8b431d88f81970735e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1775
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 94a956df.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 3 KB
3 KB 67ms
57ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/94a956df.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb358e3245da3678f0e2aa63162f53c18a3632750e90a1893def80a66583d527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3552
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 5959ebac.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 2 KB
2 KB 65ms
55ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/5959ebac.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a035e3712811e13925d335bc1c58c48667150448006add786f24d14c8002964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2204
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 1f6c5474.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 4 KB
4 KB 60ms
51ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/1f6c5474.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68a58bd4fde5255ffc0cca0ec5726e8062279fefdae5d97a584f354872c9b39b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3992
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H3 200 84a04b85.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 2 KB
2 KB 62ms
53ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/84a04b85.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

450864390e43d79760eb4436197835e87c2beddecc6ed4446af02d39283a3178

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 04:02:48 GMT
x-content-type-options: nosniff
age: 456312
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2036
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 04:02:48 GMT

GET
H3 200 713af890.png
s0.2mdn.net/sadbundle/828318804047036416/images/ Frame C78A 3 KB
3 KB 60ms
52ms Image
image/png 2607:f8b0:4006:81e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/828318804047036416/images/713af890.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/828318804047036416/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

590bbe15594205acc9f80509cdf4a58ca508b086f79dfa71529b526bbd87feac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/828318804047036416/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 17:25:01 GMT
x-content-type-options: nosniff
age: 408179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3533
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 14:17:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Sep 2023 17:25:01 GMT

GET
H2 200 products Show response
shoppable-api.contobox.com/ Frame 340B 5 KB
1 KB 129ms
54ms XHR
application/json 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shoppable-api.contobox.com/products?gallery_id=1834&cb_user_id=97S1GsAaMa5N&exclude=desc
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: bcc42132f8a104e64c80a5fbea67a3552d70d0d225ad023f19a92b9b693cffea

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: gzip
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
access-control-allow-credentials: true
content-length: 1116
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
x-amz-cf-id: n_PaZFURBlu16gDsWMwAJN2GdYtbIOBAaq8llUkcIf-9LG7y9ChvyA==

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 358F 15 KB
6 KB 257ms
24ms Document
text/html 2620:100:a001::c
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=mariopartylegacy.com

Requested by

Host: d1oykxszdrgjgl.cloudfront.net
URL: https://d1oykxszdrgjgl.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

17b6c419a7f65afd0e75266dcace486b79ceae9242177feaa960dda92816c4cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 13 Sep 2022 10:48:00 GMT
server: Kestrel
server-processing-duration-in-ticks: 378127
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 4456 88 KB
29 KB 122ms
62ms XHR
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

e9969ec6163fc467674443a6cd06f78cf8d664794d386558db417565e57423d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: gzip
last-modified: Wed, 31 Aug 2022 21:48:59 GMT
server: nginx
etag: W/"630fd74b-16068"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:48:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 93ms
81ms Image
text/html 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022090801&jk=2837811250882824&bg=!trWltfHNAAZTikH4c4o7ACkAdvg8WmSA2Ft44Q8lw4b4UxyENm_vO0_KoxgmkS9jCZNU6hKwypU3_wIAAAcZUgAAAANoAQcKAHG6I74lZ0LgjDFtkxq0Pv5URCQM-D71DaoaC15zPJ1LzZqjnhoRG4y8_QHP6ErEWT7UD0WTSt89DX_-XxVp-VFjgGjZ0WViQI0TR7wHLKBSW0MvZKCATTqv1vRR-pYeQXclTWkf59KFjVxtwCw9NqhlTpkC67GvnvyqwpqMcxsezdD_1dB2wCeW64zy2swPoaxH1nQo6U2rlbZj_bM1RNhv7hkb9f5ZENnbbteaCm-3ZC6cYu6ZU5xYRDWez-FWJp4MgWLO1x9XbjTIEdJU8MFoqh12S4Ala5wxH6q0yYUacACE9-twdARui-gU2c1pzolsyhATXCis5WvoGofSOF_DJiH0W6gpNS374yeFOlMEU5DwEGiuwzFQcyNV9MKS0q977dVY-KNcJEr9PUCcXXof3EUFt801oHHA537KaAfv1I7hddDeMYbQ61cfljG198GOnWJRlau0tCaAqg6TTQNO3dBwV7URge51hJ-grZfpN1pcm0U0MYPlJvcWylVLA3GvuiF6L7jcFSXJHfvA8ihlnhYeUSskVLmrX2r8wgwbzEEwsyLxEkE1XwDsTkO5FGnI6rbsLc15S5jY7RZoqHpd1xjmNHADmG7FK-vEfdjHK16pIv1jKVHtGrDFQjqWVfEs0ruhWkkl65eXMgGqb3cwrXyENg0ddGL23SiLX1WpqKPwgoHGVFvvVEST-BOncPFGunEQlKWStKrfEpM34l3WfAQh0gNGy4M6iiq_SiICh-dWbVO-icI16DfZBFmYf7pTM69RmkYwWioe-r3YULEwG7rx_zBf78D1UgcmIappUHdBl29zNiphUC8UvJVMzlLTontBrYlVlw-xPe_ZFkcu8BBm0-U7D8CNMFRHRt3Ag2jDFH2uwvqPxkISY0Qqtk5O_eQ0HGnSGDquVrVmuBk4rBH2tyZ7U211aRnKPNqUFx_TGi1akxCdnJ5JRfQMMw9QO8GXaFBTAK61Koglfk8TeNsnQV0t0Qv9HSPf8tMC_77ihIRxtrpAQas9ft0v7jR-uQyupeMlfDZQagMbAGYNzxkiPNkISkitsUrU5SIjfGv-ch_nHBBkBI_Rl1CaoS8FEhnvkzf2_jdd5c9dBahQDboQvHcRTeSD42O9f3m1SKmnabAkCacMATWCSEywrw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
H3 200 PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js Show response
pagead2.googlesyndication.com/bg/ Frame 1DF4 36 KB
16 KB 28ms
19ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ec80ab4268df9789b6af0dde736283e282147fcb8dd88ca5e3acd70882036e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 14:40:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15954
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Sep 2023 14:40:19 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 41A2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBLq94u5WBH-8rzY_jRRuBc&google_cver=1

43 B
61 B

39ms
39ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBLq94u5WBH-8rzY_jRRuBc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhjJtsrPATAB&v=APEucNX3peEtm_juRh0adjVxtQ1b0sCxQFluOUHaFZc9veado5gAKsKu1dywm2u68NMt__dYES6DjnaJjPrQKGYVUSnX82gilg
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBLq94u5WBH-8rzY_jRRuBc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41A2
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjQ1ZTcxZTMtOGU4MS0yNjllLWUzMjItMzgwMjc1NGRjMTAy

170 B
188 B

41ms
39ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjQ1ZTcxZTMtOGU4MS0yNjllLWUzMjItMzgwMjc1NGRjMTAy

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhjJtsrPATAB&v=APEucNX3peEtm_juRh0adjVxtQ1b0sCxQFluOUHaFZc9veado5gAKsKu1dywm2u68NMt__dYES6DjnaJjPrQKGYVUSnX82gilg

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjQ1ZTcxZTMtOGU4MS0yNjllLWUzMjItMzgwMjc1NGRjMTAy
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 41A2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJdjmGMCPYBrk3gQJIqby1A&google_cver=1

23 B
286 B

33ms
29ms

Image
image/gif

104.77.9.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJdjmGMCPYBrk3gQJIqby1A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIDQlQEQi67cAhjJtsrPATAB&v=APEucNX3peEtm_juRh0adjVxtQ1b0sCxQFluOUHaFZc9veado5gAKsKu1dywm2u68NMt__dYES6DjnaJjPrQKGYVUSnX82gilg
Protocol: H2
Server: 104.77.9.133 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-77-9-133.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.8 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 13 Sep 2022 10:48:00 GMT
server: akka-http/10.2.8
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEJdjmGMCPYBrk3gQJIqby1A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41A2
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDdhNTYwNjYtMWM5Zi00MmQ0LTk5YmMtOGM5ZmQxNDM0OGJk

170 B
188 B

39ms
38ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDdhNTYwNjYtMWM5Zi00MmQ0LTk5YmMtOGM5ZmQxNDM0OGJk

Requested by

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: akka-http/10.2.8
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NDdhNTYwNjYtMWM5Zi00MmQ0LTk5YmMtOGM5ZmQxNDM0OGJk
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Tue, 13 Sep 2022 10:48:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/ Frame 729D 30 KB
12 KB 21ms
19ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220908/r20110914/abg_lite.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efa230a3973395419cb2746d720c89db14d28401636f48514642360656c172ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 240
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11782
x-xss-protection: 0
server: cafe
etag: 11425859616848618248
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Sep 2022 10:44:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 729D 41 KB
15 KB 23ms
20ms Script
text/javascript 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 17:45:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Sep 2023 17:45:23 GMT

GET
H2 200 prbds2s Show response
rtb.gumgum.com/usync/ Frame 213A 0
99 B 24ms
24ms Document
text/plain 54.236.153.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/prbds2s?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dgumgum%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26uid%3D
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.153.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-153-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-length: 0
date: Tue, 13 Sep 2022 10:48:00 GMT
etag: "0d41d8cd98f00b204e9800998ecf8427e"
server: nginx
timing-allow-origin: *

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 177ms
23ms Preflight
application/json 2620:100:a001::c
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmariopartylegacy.com%2F&domain=mariopartylegacy.com&cw=1&pbt=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://mariopartylegacy.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 13 Sep 2022 10:48:00 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 287449
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ Frame 4456 49 B
299 B 135ms
86ms XHR
application/json 2600:1901:0:8344::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0010b00001rrIFkAAM&gdpr=0
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4456
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmariopartylegacy.com%2F&domain=mariopartylegacy.com&cw=1&pbt=1&lsw=1
https://mug.criteo.com/sid?cpp=-gapIHxLZnR5b1pjdnl6ZmlvMi9LdVY4WVlWWFJTNFlXRWF0MDM1TktYUlA1bW8yTURBQ3hOcU1NSklEMzk3VW5NbTdpclZLRWFlVHl3ZVpQb01wcnYwOGEzVU9rb29PR3VmUlJ0RjFMSUdQSWdRdGRPUlFYMDF5T2JzQi...

366 B
649 B

73ms
24ms

XHR
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=-gapIHxLZnR5b1pjdnl6ZmlvMi9LdVY4WVlWWFJTNFlXRWF0MDM1TktYUlA1bW8yTURBQ3hOcU1NSklEMzk3VW5NbTdpclZLRWFlVHl3ZVpQb01wcnYwOGEzVU9rb29PR3VmUlJ0RjFMSUdQSWdRdGRPUlFYMDF5T2JzQitlQzlDeCtsNWh4dTBaek0zcFAzK09sRkNHaHF2M2JZWGF5eE5JQnpwVU5vMGxJdVRJZjloRnlrOU95QTI5M2FXK0FxeG9ERVhlZ1lSYWJENFRldEg2dmpyWWVLeUpFbng0dW5DNlBhbVlXNkZIMXNFK1FQY2xUdlhKNnNYREFEOGxlUGh3UmZxfA&cppv=2

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

fcca252159d74430145c6cef609a621d0304484ee0dbc0861199b38c3d2c064e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 709227
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: Kestrel
location: https://mug.criteo.com/sid?cpp=-gapIHxLZnR5b1pjdnl6ZmlvMi9LdVY4WVlWWFJTNFlXRWF0MDM1TktYUlA1bW8yTURBQ3hOcU1NSklEMzk3VW5NbTdpclZLRWFlVHl3ZVpQb01wcnYwOGEzVU9rb29PR3VmUlJ0RjFMSUdQSWdRdGRPUlFYMDF5T2JzQitlQzlDeCtsNWh4dTBaek0zcFAzK09sRkNHaHF2M2JZWGF5eE5JQnpwVU5vMGxJdVRJZjloRnlrOU95QTI5M2FXK0FxeG9ERVhlZ1lSYWJENFRldEg2dmpyWWVLeUpFbng0dW5DNlBhbVlXNkZIMXNFK1FQY2xUdlhKNnNYREFEOGxlUGh3UmZxfA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
access-control-allow-origin: https://mariopartylegacy.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 556242
content-length: 0
expires: 0

POST
H/1.1 200 258.json Show response
id5-sync.com/g/v2/ Frame 4456 457 B
1 KB 314ms
103ms XHR
application/json 141.95.33.111
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/258.json

Requested by

Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.111 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203177.ip-141-95-33.eu

Software

Resource Hash

45d77e730024ce8285307966cbaafc8539c709de7ac7cb1f487c760fa851200f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
p3p: CP="CAO PSA OUR"
access-control-allow-origin: https://mariopartylegacy.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8
transfer-encoding: chunked

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame 4456 109 B
547 B 85ms
25ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=zwqtqe4&fmt=json
Requested by: Host: hb.vntsm.com
URL: https://hb.vntsm.com/v3/live/ad-manager.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 59ede1d7ddbba706136d62dc2577ada976015f2a0c5520143c31ec4967f63af6

Request headers

Referer: https://mariopartylegacy.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mariopartylegacy.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Thu, 13 Oct 2022 10:48:00 GMT

GET envelope
api.rlcdn.com/api/identity/ Frame 4456 0
0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C4FC 0
26 B 142ms
83ms Ping
image/gif 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst46vWcDlCw302lmar3b9_eamTd5ZYuaTe66DV6XB4skrgVOJhm9p7Sfx1SXlC2JtnpHwJN1AsyjICmQaMqjc0IoZZNSTaZoN5UgUS-OTI0tsncjdBnRB6Gagy5HEEz_SbSuGLOZmPGOe49vd8wIHIV-qPOQE_TgXQOM1EuTiKIfpsRx5C3PCzafsUvgrPL7dZMxwOKQVGeYatJRzQWSEhnBZgR3yh17emHEnZeRSYO34g4QS-Ox4p44n0p-8tqeWhuRVrDXl1LlQ-FuJPQI7uQDFn1dEw6zSi2JRjpSmX3iMf7m5nnj7bvI0I1bJjNwZusF4AHsmkUqCkgONrvb8Xc6ZFzyzjVzIA1b5AyY7rGBdX_XEfZCSv3mnDPVH-cY1iQycZ-H530nJaCUZUIPBEwZJiH3acYR6zOd8LjWrs38K8lhMA3iPVQfD-roHFbkFeZS7rOAfIbVuJHpAv1zYwqmcCvD6DhQPKEJgcsQYOEH1xkewVADvGTDu6D0e18UIXyVnL3nygGmSkXwsU-xV18CM7WKqgt3ditgxQqK8zfVLOjTzGLwrEQ8wGfhFOO8wqe0UfL7FwcYVRTuMykSCezabcJwg0Qtdei79joASK6ClmvPL1Un4HNn7pV3VKx4B14MfjDGyT68Xzm3cgbp0reUBNBAEbLGQhNcF1tqRH3EYMiinEg2VWPV6MDtXrFOioVbK6Vg5s-th5D921apio2Qc8Wq1qsp09XUmsb6gboqbMXsyANUBPZ8i3WgxWPDEh9Ag5GiK1TmwEezkUSz_xAgxQ6MR4Ct94kQRARoKANCjTbvEx2X17DtscCnEgP_dxymclVvjzTbQzL7JW4IrqYzJMkyQwI91uNjE_gkoeJ_K1f5LDMldB-EhK3mCJG6anrJm5DHKMnP4nFIDt2hHglFyKK1sBzejLN2tGQCX1I8IzqOpXnkXAKM4sNJXuOQg5qV7ve_g7IsNEfTY_2TkYulziKGCCKZ9EoPVXI5TfZNFSdMnWG8mc3e08HXic4DJWMsF_g1cntmNwt6Kj-fUaypYchnsJXEhn3bIsyuVHd4RTEC9Nu34H0YuURpiA380nCzD3Ip-ckn1PLS-6hUKilbfPKvltvJpe5Q6Qsg8_7rFY_LzOPtzQbaSKQBLZ201NXkfEddfV9lAGZWFRfZy0RXQL4aGF3EMiqp5ar9gzO39hrD89-v7bpIZPFlQgJhgPiXwCbgyRxuETf4lW1fNSDI012WQIA3glpcYZZpgUDSc_TeD-SIyYWaKmVRhtBigcHwOJ-odsXQ9Qa9pUYvuBI2eagDp9jnJeCjwWlxaQyy8jGylu6MPcLEZa56C5tskqYaUBD3Jy0ejmgRy_f7bhIxwCO5fYdXh4Cz9wiasLSmlJf&sai=AMfl-YRYxZ2F7tjUDuh2TVxlV9vRaDWNMho6BCZuqHjWHhyNTG83cRxG2OeyfV6djB-zX36CragraB7pbE5GANoPGPgKMPHTk-2nztzpxJTtXoUrFXnt7RCKR1i-0RzHChu9UcOcsfNdVpO8F0Ttyof97lPrON6W9CwjITXbU1lBbjuLLADk2WOBeOtZgS5uQyx5l4AyivMlVTdir99ZrdgyHh-prOxSYNnJwcwU_mcgSq_K7FQ&sig=Cg0ArKJSzH-nD5FtELoIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1102&vt=11&dtpt=730&dett=3&cstd=353&cisv=r20220908.33397&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 13 Sep 2022 10:48:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 HelveticaNeue-CondensedBold.woff
am.contobox.com/cbdata/fonts/HelveticaNeue/ Frame 340B 48 KB
49 KB 67ms
67ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeue/HelveticaNeue-CondensedBold.woff?ac=1661507723
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4dc1151b79543604e857a63f6d2021182255a40f2b7f12c88cc2421ff848d8cb

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
last-modified: Mon, 22 Jul 2019 19:52:56 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P4
etag: "10e55445d25dca55871e793a7520ef42"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
access-control-max-age: 86400
x-cache: Miss from cloudfront
accept-ranges: bytes
content-length: 49612
x-amz-cf-id: ma2rXL_YiPJCVMmNozmECVKhnP1GTEMP8wy216aLNXQ7_oq8T0KSXA==

GET
H2 200 nlp-en.png
am.contobox.com/cbdata/cbox_assets/custom/thd/ Frame 340B 16 KB
16 KB 20ms
19ms Image
image/png 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am.contobox.com/cbdata/cbox_assets/custom/thd/nlp-en.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 94fdf04fbbad0d95dfa380f9e6358f4def5f731c55a81138566dd33353c4ac52

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 11:50:53 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
last-modified: Mon, 07 Mar 2022 06:29:52 GMT
server: AmazonS3
age: 82628
etag: "4816c6c7572a59303e568ce47a00aca7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: JFK50-P4
accept-ranges: bytes
content-length: 16018
x-amz-cf-id: Stbv0nrC8z68-7htfyBFT7hirz5xlYjNrOspjX9wYHYrhfpuOHakKw==

GET
H2 200 p_1001638321.jpg
images.homedepot.ca/productimages/ Frame 340B 13 KB
13 KB 181ms
27ms Image
image/jpeg 173.222.103.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.homedepot.ca/productimages/p_1001638321.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.222.103.36 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a173-222-103-36.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 7cccc9aea3ac94c0b6d6f2321aa049fa916273d17d4735ec196c55ddaf8516fa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
last-modified: Fri, 22 Jul 2022 00:35:53 GMT
server: Akamai Image Manager
etag: "0f29af87a618ae160e7f35679a71301b"
content-type: image/jpeg
cache-control: private, no-transform, max-age=43200
content-length: 13155
expires: Tue, 13 Sep 2022 22:48:01 GMT

GET
H2 200 p_1001651402.jpg
images.homedepot.ca/productimages/ Frame 340B 3 KB
3 KB 189ms
36ms Image
image/jpeg 173.222.103.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.homedepot.ca/productimages/p_1001651402.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.222.103.36 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a173-222-103-36.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 1c4888f93b307a57af316cafb754a6677566fa972de1a3cad72dc0f4d94be089

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
x-check-cacheable: YES
x-serial: 1205
etag: "5e3df4896bb88b8d50b616ec3b80f2c5"
content-type: image/jpeg
cache-control: private, no-transform, max-age=43200
last-modified: Tue, 10 May 2022 20:06:46 GMT
content-length: 2842
server: Akamai Image Manager
expires: Tue, 13 Sep 2022 22:48:01 GMT

GET
H2

204

yahoo
prebid.a-mo.net/setuid/ Frame 4456
Redirect Chain

https://ups.analytics.yahoo.com/ups/58570/occ?gdpr=0&gdpr_consent=&uid=5453cbab-8739-43dd-b8ed-7befb4068dd6
https://prebid.a-mo.net/setuid/yahoo?uid=y-ShhVurVE2uGvAE6eM4E1xIKrQj8EicH7cfSDbKs-~A&gdpr=0&gdpr_consent=

0
112 B

30ms
30ms

Image
text/plain

145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.a-mo.net/setuid/yahoo?uid=y-ShhVurVE2uGvAE6eM4E1xIKrQj8EicH7cfSDbKs-~A&gdpr=0&gdpr_consent=
Protocol: H2
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 5
server: envoy
vary: Accept-Encoding

Redirect headers

location: https://prebid.a-mo.net/setuid/yahoo?uid=y-ShhVurVE2uGvAE6eM4E1xIKrQj8EicH7cfSDbKs-~A&gdpr=0&gdpr_consent=
date: Tue, 13 Sep 2022 10:48:00 GMT
server: ATS/9.1.10.25
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

sync
x.bidswitch.net/ Frame 4456
Redirect Chain

https://x.bidswitch.net/sync?ssp=adaptmx&user_id=5453cbab-8739-43dd-b8ed-7befb4068dd6&gdpr=0&gdpr_consent=&us_privacy=1---
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=14e0bcf2-27ff-4883-b056-14f09361f787&ssp=adaptmx&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=2910&partner_device_id=10596125502584628923&gdpr=0&gdpr_consent=&partner_url=https%3A%2F%2Fodr.mookie1.com%2Ft%2Fv2%3Ftagid%3DV2_948118%26src.vi...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2910&partner_device_id=10596125502584628923&gdpr=0&gdpr_consent=&partner_url=https%3A%2F%2Fodr.mookie1.com%2Ft%2Fv2%3Ftagid%3DV2_948118%26...
https://odr.mookie1.com/t/v2?tagid=V2_948118&src.visitorid=137c8093-711e-4365-b2af-593aee114210&ssp=adaptmx&gdpr_consent=&gdpr=0
https://aa.agkn.com/adscores/g.pixel?sid=9212302828&puid=10596125502584628923&ssp=adaptmx&gdpr=0&gdpr_consent=
https://odr.mookie1.com/t/v2?tagid=V2_785409&src.visitorId=212550604273004787637&ssp=adaptmx&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=419&user_id=10596125502584628923&ssp=adaptmx&gdpr=0&gdpr_consent=

43 B
235 B

61ms
60ms

Image
image/gif

35.211.178.172
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=419&user_id=10596125502584628923&ssp=adaptmx&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 35.211.178.172 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Tue, 13 Sep 2022 10:48:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://x.bidswitch.net/sync?dsp_id=419&user_id=10596125502584628923&ssp=adaptmx&gdpr=0&gdpr_consent=
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

match
match.360yield.com/ Frame 4456
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=w-IRF-twTYyoYqEa5ywXzw&google_cm&dsp_callback=0&publisher_dsp_id=340
https://match.360yield.com/match?dsp_callback=0&publisher_dsp_id=340&google_gid=CAESEB5Vg33b8y0LyQHVogXuHrY&google_cver=1

43 B
434 B

40ms
27ms

Image
image/gif

44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.360yield.com/match?dsp_callback=0&publisher_dsp_id=340&google_gid=CAESEB5Vg33b8y0LyQHVogXuHrY&google_cver=1
Protocol: H2
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Sep 2022 10:48:00 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://match.360yield.com/match?dsp_callback=0&publisher_dsp_id=340&google_gid=CAESEB5Vg33b8y0LyQHVogXuHrY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

match
ad.360yield.com/ Frame 4456
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=276&redir=https%3A%2F%2Fad.360yield.com%2Fmatch%3Fpublisher_dsp_id%3D5%26external_user_id%3D%5BUUID%5D&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c1...
https://ad.360yield.com/match?publisher_dsp_id=5&external_user_id=68486320-5fe1-4f00-a55f-beaa1f1ea52c

43 B
512 B

28ms
28ms

Image
image/gif

44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=5&external_user_id=68486320-5fe1-4f00-a55f-beaa1f1ea52c
Protocol: H2
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Sep 2022 10:48:01 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Date: Tue, 13 Sep 2022 10:48:00 GMT
Server: MT3 4505 5b23575 master iad-pixel-x18 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://ad.360yield.com/match?publisher_dsp_id=5&external_user_id=68486320-5fe1-4f00-a55f-beaa1f1ea52c
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Tue, 13 Sep 2022 10:47:59 GMT

GET
H2

200

match
na-ice.360yield.com/ Frame 4456
Redirect Chain

https://id5-sync.com/match?publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=313&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.360yield.com/match
https://id5-sync.com/c/124/124/2/1.gif?puid=c3e21117-eb70-4d8c-a862-a11ae72c17cf&gdpr=0&gdpr_consent=&us_privacy=
https://ib.adnxs.com/getuid?https://id5-sync.com/c/124/2/1/2.gif?puid=$UID&gdpr=0&gdpr_consent=
https://id5-sync.com/c/124/2/1/2.gif?puid=4776604448345215037&gdpr=0&gdpr_consent=
https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMODorRpheBjeZwx3gS5etGRkzhB4T5_QSUa2IzfA&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F124%2F3%2F0%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
https://id5-sync.com/c/124/3/0/3.gif?puid=d9d66320-5fe0-4400-875d-f0cb9f218aa1&gdpr=0&gdpr_consent=
https://na-ice.360yield.com/match?publisher_dsp_id=313&external_user_id=ID5-ZHMODorRpheBjeZwx3gS5etGRkzhB4T5_QSUa2IzfA&dsp_callback=0&gdpr=&gdpr_consent=

43 B
685 B

29ms
29ms

Image
image/gif

44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://na-ice.360yield.com/match?publisher_dsp_id=313&external_user_id=ID5-ZHMODorRpheBjeZwx3gS5etGRkzhB4T5_QSUa2IzfA&dsp_callback=0&gdpr=&gdpr_consent=
Protocol: H2
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Sep 2022 10:48:02 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://na-ice.360yield.com/match?publisher_dsp_id=313&external_user_id=ID5-ZHMODorRpheBjeZwx3gS5etGRkzhB4T5_QSUa2IzfA&dsp_callback=0&gdpr=&gdpr_consent=
date: Tue, 13 Sep 2022 10:48:01 GMT
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET
H2

204

magnite
prebid.a-mo.net/setuid/ Frame 4456
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=0&gdpr_consent=&us_privacy=1---
https://prebid.a-mo.net/setuid/magnite?uid=L802LPLO-C-554K&gdpr=0&us_privacy=1---

0
150 B

29ms
29ms

Image
text/plain

145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.a-mo.net/setuid/magnite?uid=L802LPLO-C-554K&gdpr=0&us_privacy=1---
Protocol: H2
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:00 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 5
server: envoy
vary: Accept-Encoding

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://prebid.a-mo.net/setuid/magnite?uid=L802LPLO-C-554K&gdpr=0&us_privacy=1---
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: d5a7ef20801cf5cb1ee516b6110e672f
Expires: 0

GET
H2

200

match
na-ice.360yield.com/ Frame 4456
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=5&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=42&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.3...
https://track.adform.net/serving/cookie/match/?CC=1&party=5&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=42&publisher_call_type=redirect&publisher_redirecturl=https://na-...
https://na-ice.360yield.com/match?publisher_dsp_id=42&Expiration=1664275681&external_user_id=2029913363476918026

43 B
574 B

28ms
26ms

Image
image/gif

44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://na-ice.360yield.com/match?publisher_dsp_id=42&Expiration=1664275681&external_user_id=2029913363476918026
Protocol: H2
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Sep 2022 10:48:01 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: nginx
location: https://na-ice.360yield.com/match?publisher_dsp_id=42&Expiration=1664275681&external_user_id=2029913363476918026
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

match
ad.360yield.com/ Frame 4456
Redirect Chain

https://x.bidswitch.net/sync?ssp=improve&publisher_user_id=c3e21117-eb70-4d8c-a862-a11ae72c17cf&publisher_dsp_id=191&publisher_call_type=redirect&publisher_redirecturl=https://na-ice.360yield.com/m...
https://pm.w55c.net/ping_match.gif?st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dimprove%26bsw_param%3D14e0bcf2-27ff-4883-b056-14f0936...
https://pm.w55c.net/ping_match.gif?scc=1&st=bidswitch&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D79%26user_id%3D_wfivefivec_%26expires%3D30%26ssp%3Dimprove%26bsw_param%3D14e0bcf2-27ff-4883-b056-1...
https://x.bidswitch.net/sync?dsp_id=79&user_id=rC4lnmvd1Oy3st5&expires=30&ssp=improve&bsw_param=14e0bcf2-27ff-4883-b056-14f09361f787
https://ad.360yield.com/match?publisher_dsp_id=191&external_user_id=14e0bcf2-27ff-4883-b056-14f09361f787

43 B
594 B

28ms
27ms

Image
image/gif

44.197.96.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=191&external_user_id=14e0bcf2-27ff-4883-b056-14f09361f787
Protocol: H2
Server: 44.197.96.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-96-251.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Sep 2022 10:48:01 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Location: //ad.360yield.com/match?publisher_dsp_id=191&external_user_id=14e0bcf2-27ff-4883-b056-14f09361f787
Date: Tue, 13 Sep 2022 10:48:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 39E4 42 B
64 B 90ms
89ms Fetch
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuf3imjC-0jKR_oUauKBdJRjrUbVrhg7HIvNZN2JrxsbXPsh52or3RqCea487r49uEU1SxQ0HtZW6esumJqxSXXODhwyL6KGqjlUsIlh2WzINnJDBz-J5Yn_m_fVlGow636pfE&sai=AMfl-YRLDaPq-_06SXEec9XyDv_3j-s6mV0K1G2_I7uuarsNWfVqBUkQfB9PzpywtsZFhB8NzurJQpQlD32N9t5WTnLKkoi6VqmQuYB9iWyBhLFXSbaMA3Q0rNGteHdN&sig=Cg0ArKJSzMfAhD1kpLkIEAE&cid=CAASJeRoBbBcf0Bs7BRJjk2qup8yJ0UQBewpSE9lX-PHT7l4n7Ll2ZE&id=lidar2&mcvt=1053&p=455,1100,705,1400&mtos=1053,1053,1053,1053,1053&tos=1053,0,0,0,0&v=20220912&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3997522798&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1663066078743&rpt=1177&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame CF02 0
745 B 63ms
62ms Script
text/html 68.67.179.155
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=806&pub_id=987524&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=806&pub_id=987524

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.155 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:48:01 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7ace0ef1-704a-4efc-aa93-9475f145508c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
nym1-ib.adnxs.com/ Frame 1DBF 0
844 B 19ms
17ms Ping
text/html 68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fmariopartylegacy.com%2F&e=wqT_3QLcBPBMXAIAAAMA1gAFAQjev4GZBhCvgsjAuZaH3hMYvaCrgYOO-qRCKjYJi2zn-6nxoj8RgIKLFTWYnj8ZAAAAwPUo_D8hgIKLFTWYnj8pi2wJJNAxAAAAQOF6lD8wgI2qBTimBkDqXEjgA1CXl_enAVjvg01gAGiFHXjFzQWAAQGKAQNVU0SSAQEG9GkBmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAh_gAu6QAeoCHWh0dHBzOi8vbWFyaW9wYXJ0eWxlZ2FjeS5jb20vgAMAiAMBkAMAmAMXoAMBqgNBEhg1MTUzNzgwOTAzMDA4MzAxNDM5X3NiaWQaEzE0MjIwNDMxNDAwMTgyNzQ2MDciCTM1MjE3NzA0NyoFTTExNzPAA6wCyAMA2AOdyS_gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTQ5LjU2LjE1My4xODGoBACyBA8IABABGNgFIFooADAAOAK4BADABADIBADaBAIIAeAEAfAEl5f3pwGIBQGYBQCgBf_igbDOjfrCR8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBfWkCfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0Ab54wLaBhYKEAAAAAAAAAAAAAAJP1gQABgA4AYB8gYCCACABwGIBwCgBwG6BwGoUAAYACAAMAA4tARAAMgHxc0F0gcNCQk2AAAFOAjaBwYBcHAYAOAHAOoHAggA8AfE_weKCAIQAJUIAACAP5gIAQ..&s=3abfeb2c0856460d2e5e34c226f4658be5e55201&type=pv&jm=1003&px=315&py=181&bw=970&bh=250&sf=1&sid=9087995241484847867&vd=ct~0|rr~5&sv=227&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=11175552&ft=2

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/227/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.181.211 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:48:01 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 95e8b7fc-e524-4574-be50-1a59f567d382
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mariopartylegacy.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 132ms
25ms Preflight
application/json 74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 13 Sep 2022 10:48:00 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 398428
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 getcode.js Show response
am.contobox.com/v3/frontend/creatives/ Frame 729D 336 KB
87 KB 78ms
78ms Script
text/javascript 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/v3/frontend/creatives/getcode.js?ph_id=cbox_ph_7283439&zone_id=129986&nomraid=false&lid=%7B%22a%22%3A%22DBM%22%2C%22c%22%3A%2215906490985%22%2C%22e%22%3A%221%22%2C%22s%22%3A%2236559527451%22%2C%22d%22%3A%22%22%2C%22n%22%3A%22435329865%22%7D&sourceUrl=https%253A%252F%252Fmariopartylegacy.com%252F&ifr=1&isSF=nosf&clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCH7iL318gY8LvHYeVnwSw_JegCYXo7pZs-J-5r4sQq_S4gfkdEAEgg5vTaWD96KKB8AOgAcbLlMACyAEJqQITAa_soNypPqgDAaoEgAJP0H8JxqrCRaSmwPLP2mov0sEVnkloJsjphiW31zsFcRji5atGwPsFgaahq2rUQ2VoCJ2hQ-rz0JaFCx1LN-vwiHGXnmTQcyNCifp0mirHB2Jn19raKalZqnQX5Vlwmm9zCe0RPeRO-kDtTBYhEC4fVDOoaElyrbvOislCB3DVGfYWFSQtQ8jU0vwSkD4FR96iQABl1eF52InJrgX6MezVvUA8lBeFS8rfXz1T5eJoQSAefeZoVn-eKR8u1pd-0g2SEA2kirTplEtzglyjQvyJq3NESQ-f87Z3Ew8FVZP1chnxi2lTtmFBq1z9TlnBAKIZvPky4RWAcASTVpea_eFFwASF-IPl5gPgBAOQBgGgBk2AB6K0678BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQPIIG2FkeC1zdWJzeW4tMTAwNDM1MjQ0NjE1MDExMIAKA5gLAcgLAYAMAbATiLuxENATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAASJeRo6iv44bwI1Tttt7jdRAz2IEakjl77bBaIW06KMOCfiUmGBOE%2526sig%253DAOD64_0vTAj_qv3KhbdFEAxKvLRKKsOnTA%2526client%253Dca-pub-5781531207509232%2526dbm_c%253DAKAmf-BZFRxo46onenPx9Z41ggFcCX34fXmPoqNPqw_3lQfRtq0iWxBBNYbW-8z3zqhAAqtt2jjqRCh1wPcQ5UtXFyT493siCzSmknxZmgVdqnJm3Sm0_amsPWbJ_1UvFUjeuSOVSgFumzekwFK5v3bPHJacJav6Tg%2526dbm_d%253DAKAmf-Ap10jorXrmFGKO5a9wscuiak1lINTAvaqC5XuE2cugAtrI0Dvnz00_EQwoQMqFaXofEMmIi4kVEG5cWyhyMc0MA68vq4TC_kQL1oW9yWQL5MghZIc-Rdvm0MU9E5FkyM_rXq31jHaRk1Yq9lKb3cv1ymCvuAguAnFbh8jBqR_s-3ag8QGFxGpUI1ss5Lux3KQeLQShLVuQbjRWCN6XVgU6LWX4kaofv10jbTdnB_9UtFwK_BiWPlc8D9qrGse8cDSrPq5Hx6C4J3na5dThI2aSqjsP-7y3ecw2ffVrkJAX1dzqE1g0gZu4VzxuX6G0AK3LnT3YvJVPOKzu2vC3CLNwOvzArI0CMCp-RomWy6dcbMJ2pwM3ILnQAEr0rzDyMPZCcpz6cyRwLsPjg6PbDBlg9bYGjsW3JxFU3wl3lHZZIEae6AcqsNaKZ5pyl_MJDTfpbhjbXcPAp3Op-DXNFWNYtteoiEhVOXKZ0ZtY3Va5hgSFSPS-tJwub3oTd7KzFTfxMxtHQoDx9B6K3MCoO2eLWzmZVFX9j5wxFbabqRh_b9wQgIw%2526adurl%253D&fromurl=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=https%3A%2F%2Fmariopartylegacy.com%2F&dyno_tag_params=%7B%7D
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: 653902be0c3768e8eefde7e5bdf127885e69393ae0dd91f7266088c93a15798e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
content-encoding: gzip
x-amz-cf-id: _N1fcbpaVNZ1FWk2eKtODg4pKH3FbBc-KYo_tofb8_nd-Pbdfx4Srw==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2E62 1 KB
752 B 19ms
18ms Document
text/html 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 61358
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 17:45:23 GMT
etag: 48472445140208031
expires: Tue, 13 Sep 2022 17:45:23 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 connectmyusers.php
cdn.connectad.io/ Frame 4456 0
0 169ms
131ms Image
text/html 2606:4700:10::6816:37ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.connectad.io/connectmyusers.php?gdpr=&consent=&us_privacy=&cb=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dconnectad%26gdpr%3D%26gdpr_consent%3D%26%26us_privacy%3D%26f%3Di%26uid%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 729D 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c73a5e3fa6d80c8610bcae425939c44b9ee786706413cc864019211f944df9e4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

sid Show response
mug.criteo.com/ Frame 358F
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mariopartylegacy.com&sn=ChromeSyncframe&so=0&topUrl=mariopartylegacy.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=s7tSSXxrQ2VDbTlqaGF4aUN5bjdkYmNEODRPMmUzaVEvSEVRLzdPNFQxMkxmZkhQUit3RFpvbW14Q1YwREFqWjlqN28vQjZoYjNCenFUaDBwc2FLUXg5bWVnL2JvZVNOTjBjTUJKbGhzUjkzcHArWW9wNmVKdUxFYzdwMz...

465 B
677 B

36ms
26ms

Fetch
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=s7tSSXxrQ2VDbTlqaGF4aUN5bjdkYmNEODRPMmUzaVEvSEVRLzdPNFQxMkxmZkhQUit3RFpvbW14Q1YwREFqWjlqN28vQjZoYjNCenFUaDBwc2FLUXg5bWVnL2JvZVNOTjBjTUJKbGhzUjkzcHArWW9wNmVKdUxFYzdwMzBDK0xiS281NC81aW1MSWkzTUg1b3RCN01SUDdiblBVaGgwaU53N05LazBibzcyNGFwcUVSRm4zSWFQOERBM0E2VUgwWTFUTURiS2tSVVgxbURGL016bFBJMkxxTkFQVmc3UmQyTU13YkZXOWlleTlDOHhBWG9PMEQ0L0xvSHFzNGQrOEpybFM3Vy9CcnlwMWw5NmM0TjFWVGpwSUs1cTVvQjJtbHJnQXVSUzd1QTVQa2ZSWT18&cppv=2

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

0bcb7f82018bd3cc00aa4b32ca7cd6a0bfedf43abdb27c6a8ec4245b79a9d2c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:00 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2614366
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://mug.criteo.com/sid?cpp=s7tSSXxrQ2VDbTlqaGF4aUN5bjdkYmNEODRPMmUzaVEvSEVRLzdPNFQxMkxmZkhQUit3RFpvbW14Q1YwREFqWjlqN28vQjZoYjNCenFUaDBwc2FLUXg5bWVnL2JvZVNOTjBjTUJKbGhzUjkzcHArWW9wNmVKdUxFYzdwMzBDK0xiS281NC81aW1MSWkzTUg1b3RCN01SUDdiblBVaGgwaU53N05LazBibzcyNGFwcUVSRm4zSWFQOERBM0E2VUgwWTFUTURiS2tSVVgxbURGL016bFBJMkxxTkFQVmc3UmQyTU13YkZXOWlleTlDOHhBWG9PMEQ0L0xvSHFzNGQrOEpybFM3Vy9CcnlwMWw5NmM0TjFWVGpwSUs1cTVvQjJtbHJnQXVSUzd1QTVQa2ZSWT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 527092
content-length: 0
expires: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CAD3 22 KB
8 KB 20ms
19ms Document
text/html 2607:f8b0:4006:80c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 61357
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 17:45:24 GMT
expires: Tue, 12 Sep 2023 17:45:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E62
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEIXV4jWZXP6m5P7QgJcW21o&google_cver=1&google_push=AehlK4Ba9Ad-G5-NH5dvmlZrfeKzG_3RdknrY200UOZM6OLZcr2RilwA6yq71wNkX9TWhgGvEf_...
https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEIXV4jWZXP6m5P7QgJcW21o&google_cver=1&google_push=AehlK4Ba9Ad-G5-NH5dvmlZrfeKzG_3RdknrY200UOZM6OLZcr2RilwA6yq71wNkX9TWhgGvEf_...
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=LjS06b9LTOGQRJA4GemFxA

170 B
188 B

37ms
36ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=LjS06b9LTOGQRJA4GemFxA

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=LjS06b9LTOGQRJA4GemFxA
pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E62
Redirect Chain

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEBQ_OCTMH2uOTMaFFA-p4F8&google_cver=...
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEBQ_OCTMH2uOTMaFFA-p4F8&google_cver=1&google_push=AehlK4Du...

170 B
188 B

41ms
36ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEBQ_OCTMH2uOTMaFFA-p4F8&google_cver=1&google_push=AehlK4DuARYaAQXUuTA0kM5fHPQ3Nfdx1DOYYugClj4mTpBlHspd_e-OCblyLTFHXOux8l1OMwtcOMJETlS-vwuosxWk9UHZl2ovjA

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=YTZiYWQ4NjktMDMxMy00MGJlLTkyNjEtNDI3MzVkY2ZjYjFl&google_gid=CAESEBQ_OCTMH2uOTMaFFA-p4F8&google_cver=1&google_push=AehlK4DuARYaAQXUuTA0kM5fHPQ3Nfdx1DOYYugClj4mTpBlHspd_e-OCblyLTFHXOux8l1OMwtcOMJETlS-vwuosxWk9UHZl2ovjA
date: Tue, 13 Sep 2022 10:48:01 GMT
content-length: 0
strict-transport-security: max-age=15724800; includeSubDomains
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E62
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAehlK4CxOHIyA0W1-jsUQB7tdv9Hb4J1ue3D9ZCrzecl7SlewApsexrTmyUPC2QT4_GCW5JHFXBtjDLwQn...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AehlK4CxOHIyA0W1-jsUQB7tdv9Hb4J1ue3D9ZCrzecl7SlewApsexrTmyUPC2QT4_GCW5JHFXBtjDLwQnIhyCLDtIB_PCFIOVwkxQ&google_hm=a5400f57-ad0e-41a4-...

170 B
188 B

134ms
129ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AehlK4CxOHIyA0W1-jsUQB7tdv9Hb4J1ue3D9ZCrzecl7SlewApsexrTmyUPC2QT4_GCW5JHFXBtjDLwQnIhyCLDtIB_PCFIOVwkxQ&google_hm=a5400f57-ad0e-41a4-98df-14a6f3e49ac9

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:48:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-64
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AehlK4CxOHIyA0W1-jsUQB7tdv9Hb4J1ue3D9ZCrzecl7SlewApsexrTmyUPC2QT4_GCW5JHFXBtjDLwQnIhyCLDtIB_PCFIOVwkxQ&google_hm=a5400f57-ad0e-41a4-98df-14a6f3e49ac9
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E62
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEPMqK3I3Y-l1rvvUIc94n2s&google_cver=1&google_push=AehlK4AOczFrWAheqNj9lSTc37G86i0li6czM3CcKkbeyvTnYZmNdvdFwOT6hi0jPStVrF2qCgNTXvQL3iN3DeXl2onvGh1ny...
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&mn_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&google_sc=1&google_push=AehlK4AOczFrWAheqNj9lSTc37G86i0...

170 B
188 B

45ms
40ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&mn_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&google_sc=1&google_push=AehlK4AOczFrWAheqNj9lSTc37G86i0li6czM3CcKkbeyvTnYZmNdvdFwOT6hi0jPStVrF2qCgNTXvQL3iN3DeXl2onvGh1ny_1xyQ&gdpr=&gdpr_consent=

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:48:01 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&mn_hm=MzA2MDY3Njc5MTQ1NDk3MjAwMFYxMA%3d%3d&google_sc=1&google_push=AehlK4AOczFrWAheqNj9lSTc37G86i0li6czM3CcKkbeyvTnYZmNdvdFwOT6hi0jPStVrF2qCgNTXvQL3iN3DeXl2onvGh1ny_1xyQ&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Tue, 13 Sep 2022 10:48:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E62
Redirect Chain

https://cc.adingo.jp/adx/push/?google_gid=CAESEAgs1VGyb8tq23c9aECMfy0&google_cver=1&google_push=AehlK4CYWQagBiEmCkH5RZ6xqY3WomvDMQgQefaJOfwCMJhq4q5nmzgT56pf7mViJCvtk7-wE1rqiQY_-v7OM4F2yW9Gb1g8hcm1
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AehlK4CYWQagBiEmCkH5RZ6xqY3WomvDMQgQefaJOfwCMJhq4q5nmzgT56pf7mViJCvtk7-wE1rqiQY_-v7OM4F2yW9Gb1g8hcm1&google_hm=db084ea598d447bbaed...

170 B
188 B

45ms
41ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AehlK4CYWQagBiEmCkH5RZ6xqY3WomvDMQgQefaJOfwCMJhq4q5nmzgT56pf7mViJCvtk7-wE1rqiQY_-v7OM4F2yW9Gb1g8hcm1&google_hm=db084ea598d447bbaed1bceb54b7a24b

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AehlK4CYWQagBiEmCkH5RZ6xqY3WomvDMQgQefaJOfwCMJhq4q5nmzgT56pf7mViJCvtk7-wE1rqiQY_-v7OM4F2yW9Gb1g8hcm1&google_hm=db084ea598d447bbaed1bceb54b7a24b
date: Tue, 13 Sep 2022 10:48:01 GMT
server: nginx
content-type: text/html; charset=UTF-8
p3p: CP=NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa HISa OUR SAMa OTRa STP UNI STA

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E62
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDAQB4rRiBlKPYLKyz-PXqM&google_cver=1&google_push=AehlK4BpxOZACdfzcWVEjv391r03quDSYtJq4K5_WxeLsPRfShIHIZClkd_OVMvFhpBz_fLwfZ...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4BpxOZACdfzcWVEjv391r03quDSYtJq4K5_WxeLsPRfShIHIZClk...

170 B
188 B

39ms
38ms

Image
image/png

142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4BpxOZACdfzcWVEjv391r03quDSYtJq4K5_WxeLsPRfShIHIZClkd_OVMvFhpBz_fLwfZurgv0h26OnkuxrtAxLVZbTbMgOEg

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1LU3NKMV9wRTJ1RmhhaU1JalRQMjcuRjMuR29GQmhzOH5B&google_push=AehlK4BpxOZACdfzcWVEjv391r03quDSYtJq4K5_WxeLsPRfShIHIZClkd_OVMvFhpBz_fLwfZurgv0h26OnkuxrtAxLVZbTbMgOEg
date: Tue, 13 Sep 2022 10:48:01 GMT
server: ATS/9.1.10.25
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 2E62
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEBJCDWh85l6yrdVGV9cj8gc&google_cver=1&google_push=AehlK4BNetBMCpRx_E7upWt10yDe8dlFVzMmSKgZwkfORgTu1i9dCMNQW1140B6aw8WySz9jYBIKHPkHV8o...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BNetBMCpRx_E7upWt10yDe8dlFVzMmSKgZwkfORgTu1i9dCMNQW1140B6aw8WySz9jYBIKHPkHV8oTuk5KxS3Ei_sv6GIcWg
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
9ms

Image
text/plain

51.222.39.185
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.222.39.185 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip185.ip-51-222-39.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2E62 0
12 B 37ms
35ms Image
text/html 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KAnOyygQELKajpXFvKKVYvbKreNY8cu2lQgWMJqJOnvM5fEstAyaOYyDRMpXpRCmsiLU81PyM

Requested by

Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK 728x90_bg.jpg
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 2260 20 KB
21 KB 23ms
22ms Image
image/jpeg 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/728x90_bg.jpg?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 422cdd4a77a702d0c42b4b9444a1276db358ba07e2e7663afc43c91f531da9d3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: NQPykN0i0ebTQaXvrDK8TrrrSSrgSZvt
Via: 1.1 50670fc09f8465be7ae4adcf6e33ab7a.cloudfront.net (CloudFront)
Last-Modified: Fri, 26 Aug 2022 22:45:16 GMT
Server: AmazonS3
Age: 421910
ETag: "7948a56a87de670253230802347e8329"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Date: Thu, 08 Sep 2022 13:36:12 GMT
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Length: 20605
X-Amz-Cf-Id: eFcs4zrM5n-sxyroj7BOTVQNdOdk3XpbP2NGiAKnyYmVWfUV04fvhA==

GET
H/1.1 200
OK 728x90_cta.png
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 2260 2 KB
3 KB 21ms
17ms Image
image/png 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/728x90_cta.png?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 57a47d71f413910c5be4b212e4a87094e0e56e9b13b21ffbec92d90fc37d2e48

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:36:16 GMT
Via: 1.1 baec235d174153a8f2e92ea724643824.cloudfront.net (CloudFront)
Last-Modified: Thu, 01 Sep 2022 22:13:34 GMT
Server: AmazonS3
Age: 421906
ETag: "2a136f2de02e39c3a0204c17cb29f96e"
X-Cache: Hit from cloudfront
x-amz-version-id: 9Jysi73pZD1JbMVjrFmqKLYZIhDPzklx
Connection: keep-alive
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 2374
X-Amz-Cf-Id: mRvNPs3kgRx9l0nz9ea3CMy6kUXs9w5O8pKcjDa0ijQZC3HgMn0_xw==

GET
H/1.1 200
OK logo.png
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 2260 15 KB
15 KB 23ms
20ms Image
image/png 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/logo.png?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38d797d77f92310ebdcd7319f36d999b6ed44dece556fb63d3deae5ee11b9d0a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 20:02:03 GMT
Via: 1.1 e42e8491a089e2183879e26e61dae708.cloudfront.net (CloudFront)
Last-Modified: Thu, 01 Sep 2022 22:13:35 GMT
Server: AmazonS3
Age: 485159
ETag: "5092e363d273c5ffbd087f787a68b57c"
X-Cache: Hit from cloudfront
x-amz-version-id: FXBdThHKpszrvBvNyhrAEmOzJ.c_ccok
Connection: keep-alive
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 15232
X-Amz-Cf-Id: JtU7q3tzT8UXcLjiXvS6BsJGMtLjxGU5Hto9mpHSLIgpNoe8qsDRJA==

GET
H/1.1 200
OK lockup1.png
cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/ Frame 2260 3 KB
4 KB 22ms
19ms Image
image/png 108.139.29.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cbmedia2.contobox.com/cbox_themes_v3/home_depot_appliances_always_on_q1_2022_-_fw31-update-event/images/lockup1.png?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7fa1f9f9ed93b91c557280c03c4d670c755206ec53071a069454643fbe8a0ce9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:36:16 GMT
Via: 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
Last-Modified: Thu, 01 Sep 2022 22:13:35 GMT
Server: AmazonS3
Age: 421906
ETag: "4c744100ce1e019a3a7a36a6f5c3b9b7"
X-Cache: Hit from cloudfront
x-amz-version-id: DX90yESrod19W22QjB3tIyH.UdgT7x3U
Connection: keep-alive
X-Amz-Cf-Pop: JFK50-P2
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 3186
X-Amz-Cf-Id: 8nfkP0n7PhPVCzQawgHmIDRn9EGYwjUqy9sdYRoUhlmH14dQnyy_HA==

GET
H2 200 HelveticaNeueLTStd-Bd.woff
am.contobox.com/cbdata/fonts/HelveticaNeueLTStd-1/ Frame 2260 16 KB
16 KB 36ms
33ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeueLTStd-1/HelveticaNeueLTStd-Bd.woff?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae553d558315fb605a472046446fd459982aa95dc7ad57bd26e8b230a8799596

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 1
x-cache: Hit from cloudfront
content-length: 15968
last-modified: Mon, 22 Jul 2019 19:52:58 GMT
server: AmazonS3
etag: "091557fe7c6291e960368abdd908796b"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
x-amz-cf-pop: JFK50-P4
accept-ranges: bytes
x-amz-cf-id: rDEAFB12Hy1MDd4faLzoeyoUhUSd7RH8ES01wdNEoAhxpSKLfr2Ffw==

GET
H2 200 HelveticaNeue-Roman.woff
am.contobox.com/cbdata/fonts/HelveticaNeue/ Frame 2260 13 KB
14 KB 54ms
52ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeue/HelveticaNeue-Roman.woff?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9578fa3dafa5207b612a55bb0d512c53f9c50299a402e53ac7da33fb2cc3f8b6

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 1
x-cache: Hit from cloudfront
content-length: 13400
last-modified: Tue, 19 Nov 2019 07:39:36 GMT
server: AmazonS3
etag: "4a5c08cc9d3ae9e1c509d40f6c671c21"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
x-amz-cf-pop: JFK50-P4
accept-ranges: bytes
x-amz-cf-id: 12m1ndlfY-8Zdb_supsxLsHDk5RQ3b48M2BNLyPN89MQWKXbZALkHA==

GET
H2 200 HelveticaNeueLTStd-Lt.woff
am.contobox.com/cbdata/fonts/HelveticaNeue/ Frame 2260 15 KB
16 KB 33ms
31ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeue/HelveticaNeueLTStd-Lt.woff?ac=1661507723
Requested by: Host: c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ba1174a28296695cc50db5e309f744d41bba56627cae80e7ee902c6ee039053

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 1
x-cache: Hit from cloudfront
content-length: 15840
last-modified: Mon, 22 Jul 2019 19:52:57 GMT
server: AmazonS3
etag: "9dfd9f72bb8be4c43a74e77af9af48c0"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
x-amz-cf-pop: JFK50-P4
accept-ranges: bytes
x-amz-cf-id: xA7oDQIYslVLnDgKpYgbbisImt1A94oyRWyIADjPFS7Y6ORmeMpyig==

GET
H2 200 viewload.js Show response
am.contobox.com/v3/frontend/creatives/ Frame 2260 87 B
461 B 33ms
32ms Script
text/javascript 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/v3/frontend/creatives/viewload.js?ad_id=132647&campaign_id=15906490985&cookie_id=97S1GsAaMa5N&domain=mariopartylegacy.com&dsp=DBM&event_type=impression&exchange_id=1&rd_iframe=iframe&ip_address=149.56.153.181&l_type=2&network_id=435329865&rule_id=28720&sid=60d3b7f353884418a84b400bcd4fa174&site_id=36559527451&zone_id=129986&fromurl=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&cboxid=132647&lid=a_DBM_!!_c_15906490985_!!_e_1_!!_n_435329865_!!_s_36559527451&layout=desktop&clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCH7iL318gY8LvHYeVnwSw_JegCYXo7pZs-J-5r4sQq_S4gfkdEAEgg5vTaWD96KKB8AOgAcbLlMACyAEJqQITAa_soNypPqgDAaoEgAJP0H8JxqrCRaSmwPLP2mov0sEVnkloJsjphiW31zsFcRji5atGwPsFgaahq2rUQ2VoCJ2hQ-rz0JaFCx1LN-vwiHGXnmTQcyNCifp0mirHB2Jn19raKalZqnQX5Vlwmm9zCe0RPeRO-kDtTBYhEC4fVDOoaElyrbvOislCB3DVGfYWFSQtQ8jU0vwSkD4FR96iQABl1eF52InJrgX6MezVvUA8lBeFS8rfXz1T5eJoQSAefeZoVn-eKR8u1pd-0g2SEA2kirTplEtzglyjQvyJq3NESQ-f87Z3Ew8FVZP1chnxi2lTtmFBq1z9TlnBAKIZvPky4RWAcASTVpea_eFFwASF-IPl5gPgBAOQBgGgBk2AB6K0678BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQPIIG2FkeC1zdWJzeW4tMTAwNDM1MjQ0NjE1MDExMIAKA5gLAcgLAYAMAbATiLuxENATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAASJeRo6iv44bwI1Tttt7jdRAz2IEakjl77bBaIW06KMOCfiUmGBOE%2526sig%253DAOD64_0vTAj_qv3KhbdFEAxKvLRKKsOnTA%2526client%253Dca-pub-5781531207509232%2526dbm_c%253DAKAmf-BZFRxo46onenPx9Z41ggFcCX34fXmPoqNPqw_3lQfRtq0iWxBBNYbW-8z3zqhAAqtt2jjqRCh1wPcQ5UtXFyT493siCzSmknxZmgVdqnJm3Sm0_amsPWbJ_1UvFUjeuSOVSgFumzekwFK5v3bPHJacJav6Tg%2526dbm_d%253DAKAmf-Ap10jorXrmFGKO5a9wscuiak1lINTAvaqC5XuE2cugAtrI0Dvnz00_EQwoQMqFaXofEMmIi4kVEG5cWyhyMc0MA68vq4TC_kQL1oW9yWQL5MghZIc-Rdvm0MU9E5FkyM_rXq31jHaRk1Yq9lKb3cv1ymCvuAguAnFbh8jBqR_s-3ag8QGFxGpUI1ss5Lux3KQeLQShLVuQbjRWCN6XVgU6LWX4kaofv10jbTdnB_9UtFwK_BiWPlc8D9qrGse8cDSrPq5Hx6C4J3na5dThI2aSqjsP-7y3ecw2ffVrkJAX1dzqE1g0gZu4VzxuX6G0AK3LnT3YvJVPOKzu2vC3CLNwOvzArI0CMCp-RomWy6dcbMJ2pwM3ILnQAEr0rzDyMPZCcpz6cyRwLsPjg6PbDBlg9bYGjsW3JxFU3wl3lHZZIEae6AcqsNaKZ5pyl_MJDTfpbhjbXcPAp3Op-DXNFWNYtteoiEhVOXKZ0ZtY3Va5hgSFSPS-tJwub3oTd7KzFTfxMxtHQoDx9B6K3MCoO2eLWzmZVFX9j5wxFbabqRh_b9wQgIw%2526adurl%253D&http_referrer=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2F&ltype=2&resolution_width=1600&resolution_height=1200&env_type=iframe&position=above&ifr=1&iframe=yes
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: a447e4b58ea0e7ecbd3515b5c257ad5bbff7895db37360eb3d112f22beeef3a1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
content-length: 87
x-amz-cf-id: K2R9DxuBOdP8x9oUXO9rI5XoRkwWebDQzkcm82xsojS3ulxpFD62BQ==

GET
H2 200 log
hblg.media.net/ Frame 1DBF 35 B
200 B 41ms
40ms Image
image/gif 23.205.72.10
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/log?log=kfk&evtid=adplog&&lmt_enf=true&req_mtype%3C%3E=0&mx_bsProfileRa=0&mx_nsz=2&spSource=0&insl=0&ifst=0&vid=5153780903008301439&s_city=new+york&ugd=4&bcat%3C%3E=IAB17-18%23%23IAB9-9%23%23IAB25-2%23%23IAB17-18%23%23IAB17-18%23%23IAB17-18&exp=ssProfile%3D0%7Csfl%3Dfalse%7Cmd_rp%3D1%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D2%7Cfl_rl%3D1%7Cdbr%3D1%7Ctpi%3D1&app=0&ctr=-1.0&mx_TAF=2&device_id=4&ae=false&mx_UCC=2&prspt=headerBid&mx_bss_algos%3C%3E=0&usp_status=0&seat=BID_API&og_cbdp=0.050&size=970x250&mx_TAS=1&mx_gpid_sent=false&xtmax=175&mx_crsw_bckt=-B2&commit_id=30d7cc7e&scrid=352177047&itypeid=21&mx_SPRIG=1&viewability=33&renderer=0&be=0&rtime=47.0&adj0=0.0&tmax=200&s_ip=68.67.180.120&adj2=0.0&adj1=0.0&adtypes=0&mx_aabpc=0&reqid=5153780903008301439&sc=QC&mowxReqId=905c32d12f6f4fcf8c2299720fd66022_1&ifdp=0&requrl=https%3A%2F%2Fmariopartylegacy.com&bidrestime=1663066078236&pv_adtype=0&cc=CA&strg=HARMONY&cxtSgmt=Music_and_Party_Video_Games&pcrid=8CU566D6F-633954873-38-27&coppa_enf=true&devmodel=Unknown&bdp=0.050&ct=Montr%C3%83%C2%A9al&spIsReq=3&s=1&abs=0%7C0%7Cxtmax%3D175%7CHARMONY%7Cbrr%3D1&mx_epbc=8CU566D6F&dnt_enf=false&mx_ssBucket=0&vls=0&asn=16276&mang=1&fleet=appnexus&mx_isLossNtf=false&advUrl=https%3A%2F%2Frelated.360topics.com&dn=mariopartylegacy.com&pgcatiab2=697&dt=O&acid=905c32d12f6f4fcf8c2299720fd66022&actltime=53&act=headerBid&iframingState=0&mx_lr_seg_deal=0&exclattr=1%7C17%7C9%7C10%7C14&dfpBd=0.037&sckfl=1&dmm_erpm=true&mx_lr=0&coppa_applied=N&mview=1&smbrid=806&bfs=103&rfc=-1&prvApiId=8CU566D6F&epcexp=false&pubid=pub-appnexus-exp&mx_bsProfile=0&cid=8CUH868Z4&bcrid=352177047&omul=1.0&res_mtype=0&apPrfs%3C%3E=13%23%2361&pgcatiab=IAB9&suid=4776604448345215037&chnl=HARMONY&pst=0&reqsize=970x250&adpos=0&itype=APPNEXUS_EXPERIMENT&mx_g_one_uid_sent=None&user_data_cnt=0&spCst=0&mx_sid=8CUH868Z4&tgtval=pub-appnexus-exp&__expireat=1663066678489&dnt_status=N&reftype=0&viewability_vendor=EXCHANGE&prvAccId=633954873&ckfl=0&pgcatsprig=936&lper=1&mx_tgs=728x90%7C970x250&dummy_vsid=false&cbdp=0.037&pvdTmax=143&ltime=53.0&epc=633954873&prvReqId=181061006285_1526002283_34147554841&zip=H3G+0A1&exid=31&spFst=0&mx_GCID=0&cliIPType=v4&pexid=APPNEXUS_EXPERIMENT-987524&ybnca_erpm=0.05&brsrclk=0&sbdrid=196&mx_bsBucketRa=0&rtttime=63&apTags%3C%3E=75&mx_PC=1&wsip=mowx-lite-59ccbdff6f-9w7vr&currsrc_date=2022-09-12+00%3A00%3A00&mx_divid=11175552&geoll=false&omid=0&debug_ts=2022-09-13+10%3A47%3A58&mx_ssProfile=0&devbrand=Unknown&mx_SC=0&reftime=15000&pbidflr=0.000&spbf=0&currsrc=API&fpusp=false&mnrfc=-1&moau=true&ocurr=USD&stagid=11175552&snm=SUCCESS&mx_IAB2=1&usp_enf=0&bidflr=0.000&coppa_status=N&incentive_type=0&skadidfl=0&pid=8PR113JGC&spTo=3&ecp=1.76&pvid=4&mx_mrpp_key=bidapi-gcp-sc&schain_cmpl=1&is_ortb=true&mx_aurl_hc=0&ucrid_ver=2&mx_maq_call=false&mx_uid_sent=0&mx_sbp=-10.0&mnrf=0&slotVisibility=0&dbf=1&gdpr=0&dmm_ogerpm=false&csip=rtb-appnexus-57dd7c57cf-vk5nx.SC&mx_bsBucket=0&mx_aurt=0&mx_crsw_exp=desktopTop1&spIvt=3&dsid=11175552&ptype=23&media=0&acsn=1&dtc=east_sc&mx_aqcpl_crid=4&ogbdp=0.05&tpbTkn=false&fpuReq=1&vcmplrt=-1.0&crid=341475548&geo_source=2&sat=1&mnet_ckfl=0&mp_seg%3C%3E=44730%23%2344718%23%2344713%23%237786%23%2344758%23%2317233%23%237774%23%237769&dfpDiv=11175552&opbidflr=0.000&impId=1422043140018274607&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.05~vw_exc%3D0.33~vis_sd%3D304~dc2%3D1~bat%3D0%2C0%2C0~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2022091217~iurl_b%3D29850.75~url_tkc%3D0~std%3D11175552~last%3D~vis_url_b%3D0.24~ip%3D2JquuV~fbb%3D0~vis_url_l%3D20~riipua%3D0%2C0~et%3D29~rc%3D1~risuid%3D0%2C0~rps_sd%3D2022091218~vis_b%3D184.63~url_b%3D0.03~url_tvi%3D0~ecp_eer%3D35.2~url_l%3D20~gcat%3D500492~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.05~bm%3D1~sid%3D633954873~sd%3D0~uid%3Dh8LZg4xIGcsGWiyb8~btd%3D242834539907409583200357934931901047506158008077899797018949674864309203927848980480~d2p_l%3D30~3pcf%3D1000~uim%3D0~og_msh%3D0.01~dmm_strg%3Dharmony~d2p_b%3D0.95~ogd2p_b%3D0.9~vurl_b%3D0.06~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D33.44~vurl_l%3D20~CI%3D2733~nts%3D2~tb%3D-1~ct%3Dmontreal~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D15.76~isif%3D0~lc%3D1~bid%3D0.05~dc%3D8~vl2r_b%3D7.83~ivurl_l%3D20~supply_tag_id%3D11175552%7Eviewability%3D0.326475%7Ecbdp%3D0.037%7Edmm%3Dharmony%7Esuid%3D4776604448345215037%7Esgmt%3DMusic_and_Party_Video_Games%7Einsl%3D0%7Edtc%3Deast_sc%7Edalg%3Dunison19%7Ehtml%3D1%7Esobp%3D%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.000%7Eogbid%3D0.050%7Eitype_id%3D21%7Eseller_tag_id%3D11175552%7EcarrierId%3D0%7Edcut%3D25%7Edogb%3D0-1~ibc%3D1~mxe%3DdesktopTop1~mxbn%3D-B2~ddt%3D-1~nsz%3D2~tgs%3D728x90%7C970x250~bsb%3D0~bsp%3D0~tmx%3D143&utime=1322&sf=0&cpr=0.4440503664344295&evttyp=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.72.10 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-72-10.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Tue, 13 Sep 2022 10:48:01 GMT

GET
H2 200 bqi.php
lg3.media.net/ Frame 1DBF 15 B
15 B 20ms
19ms Image
text/html 96.17.64.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?vgd_len=2875&lf=3&&vgd_hb_audit_1=8CUH868Z4&vgd_hb_audit_2=341475548&vgd_l2type=sca&pid=8POITAN38&katbid=-102&katen=1&cme=b7gd0YAvSkQ-ka-Wno3Yy2VN42FscHHyJy2c_x3addbdwkjMRiz1ad3sdtcpnPR2UQoXxyMx58QC_7rrZ0AvxBQjjQYj1hkwACqK7JamsVSrmrdnObmlvbHceHaGg_WlqGQ3gEFpeWiko_P4vCYc0JMmh13NFq5dlZj_GrYUc8h9IfstRWzYy9LscgWkN8aTTMQdmAPg0-CD1Y75XyQWGTf_9LMDZpmD||u8A6SM53vAftoPNiubF0nycR241yHs9V|wq-seedwI9StKo6oJATMcvyNPKXfS9WM|dsA6EMpZ47R6ljdz__nQtthZoUpm2bb5|a0AmFUYXmD7aw660rP70HkNBZMV3pwo4TCRczon4ct38n6g_JjN60w==|HyhfC7RYyqKfZjtiVlFOq_XWDTyqYfm_P7wOPamxbRha51topHINzpJVM9E010yWArhB0jllvme9pDaGwFxnD0OlFtvaAoSoBTWhjjo96yb14ipr_kfJHxTYpy3JZ47kXFTMJLvn2L45ILTl5WAp_TtOskwc-yZPQX83Nw92NR75VIYp-KTxEi5IdHOVhDmfA7VV19XHkRFvmBFXVIXRBxfRPT3bSyVWpvwPuTSn9OQ=|&gdpr=0&prid=8PRVCXX19&cid=8CU566D6F&crid=633954873&requrl=https%3A%2F%2Fmariopartylegacy.com&vi=1663066079866979151&ugd=4&cc=CA&sc=QC&bdrid=4&subBdr=196&startTime=1663066079539&l2type=sca&vgd_l1rakh=1663066078144179762&l1ch=1&sttm=1663066079549&upk=1663066080.12063&hvsid=00001663066079549025035145493268&acid=905c32d12f6f4fcf8c2299720fd66022&verid=3111299&vgd_bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.05~vw_exc%3D0.33~vis_sd%3D304~dc2%3D1~bat%3D0%2C0%2C0~scd%3Dqc~v_asn%3D16276~vl2r_sd%3D2022091217~iurl_b%3D29850.75~url_tkc%3D0~std%3D11175552~last%3D~vis_url_b%3D0.24~ip%3D2JquuV~fbb%3D0~vis_url_l%3D20~riipua%3D0%2C0~et%3D29~rc%3D1~risuid%3D0%2C0~rps_sd%3D2022091218~vis_b%3D184.63~url_b%3D0.03~url_tvi%3D0~ecp_eer%3D35.2~url_l%3D20~gcat%3D500492~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.05~bm%3D1~sid%3D633954873~sd%3D0~uid%3Dh8LZg4xIGcsGWiyb8~btd%3D242834539907409583200357934931901047506158008077899797018949674864309203927848980480~d2p_l%3D30~3pcf%3D1000~uim%3D0~og_msh%3D0.01~dmm_strg%3Dharmony~d2p_b%3D0.95~ogd2p_b%3D0.9~vurl_b%3D0.06~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D33.44~vurl_l%3D20~CI%3D2733~nts%3D2~tb%3D-1~ct%3Dmontreal~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D15.76~isif%3D0~lc%3D1~bid%3D0.05~dc%3D8~vl2r_b%3D7.83~ivurl_l%3D20~supply_tag_id%3D11175552%7Eviewability%3D0.326475%7Ecbdp%3D0.037%7Edmm%3Dharmony%7Esuid%3D4776604448345215037%7Esgmt%3DMusic_and_Party_Video_Games%7Einsl%3D0%7Edtc%3Deast_sc%7Edalg%3Dunison19%7Ehtml%3D1%7Esobp%3D%7Ebdpcapd%3D0%7Edmm_erpm%3Dtrue%7Ebflr%3D0.000%7Eogbid%3D0.050%7Eitype_id%3D21%7Eseller_tag_id%3D11175552%7EcarrierId%3D0%7Edcut%3D25%7Edogb%3D0-1~ibc%3D1~mxe%3DdesktopTop1~mxbn%3D-B2~ddt%3D-1~nsz%3D2~tgs%3D728x90%7C970x250~bsb%3D0~bsp%3D0~tmx%3D143&matchstring=hr%3D0%7Cbcat%3D13%7Ccsh%3D1&vgd_matchstr=hr%3D0%7Cbcat%3D13%7Ccsh%3D1&vgd_sc=QC&lineitemid=4&infr=1&stime=1663066078891&vgd_ecrid=352177047&l1hcsd=l1!Sdhh3|6114&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&pvl=%7B%22dtc%22%3A%22east_sc%22%2C%22mbr%22%3A1%2C%22l1rpth%22%3A%22%2Fnmedianet.js%22%2C%22pgids%22%3A1%7D&vgd_fcm_enc_mis=1&l2ch=0&vgd_pgid=p01358694656t202209131047&vgd_pgids=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.17.64.29 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-17-64-29.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=21600
server: Apache
date: Tue, 13 Sep 2022 10:48:01 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=52741
content-length: 15

GET
H2

200

setuid Show response
pbs.venatusmedia.com/ Frame D43C
Redirect Chain

https://cs.emxdgt.com/um?ssp=pbs&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Demx_digital%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Db%26ui...
https://ib.adnxs.com/getuid?https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$UIDbrt56751663066076982594b2
https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=4776604448345215037brt56751663066076982594b2

0
508 B

38ms
38ms

Document
text/html

35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=4776604448345215037brt56751663066076982594b2
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mariopartylegacy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/html
date: Tue, 13 Sep 2022 10:48:01 GMT
expires: 0
pbs: nam
pragma: no-cache
via: 1.1 google

Redirect headers

AN-X-Request-Uuid: 0658686a-1f1b-493c-b25d-dfd56ea543d7
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Sep 2022 10:48:01 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=4776604448345215037brt56751663066076982594b2
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H2 200 products Show response
shoppable-api.contobox.com/ Frame 2260 5 KB
1 KB 56ms
53ms XHR
application/json 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://shoppable-api.contobox.com/products?gallery_id=1834&cb_user_id=97S1GsAaMa5N&exclude=desc
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: bcc42132f8a104e64c80a5fbea67a3552d70d0d225ad023f19a92b9b693cffea

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
content-encoding: gzip
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
access-control-allow-credentials: true
content-length: 1116
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
x-amz-cf-id: Lna_5JjAJ1InjBw-5XYQlPC7G_5qx7yiiyC3OBTG4RG-S87fK6xTvw==

GET
H3 200 PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js Show response
pagead2.googlesyndication.com/bg/ Frame CAD3 36 KB
16 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/PsgKtCaN-XibavDd5zYoPighR_y43YjKXjrNcIggNuI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ec80ab4268df9789b6af0dde736283e282147fcb8dd88ca5e3acd70882036e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 14:40:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15954
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Sep 2023 14:40:19 GMT

GET
H2 200 HelveticaNeue-CondensedBold.woff
am.contobox.com/cbdata/fonts/HelveticaNeue/ Frame 2260 48 KB
49 KB 32ms
31ms Font
application/font-woff 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/cbdata/fonts/HelveticaNeue/HelveticaNeue-CondensedBold.woff?ac=1661507723
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4dc1151b79543604e857a63f6d2021182255a40f2b7f12c88cc2421ff848d8cb

Request headers

Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
Origin: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 820b14719bf91dbc846cab9728bc3fe6.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 1
x-cache: Hit from cloudfront
content-length: 49612
last-modified: Mon, 22 Jul 2019 19:52:56 GMT
server: AmazonS3
etag: "10e55445d25dca55871e793a7520ef42"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
x-amz-cf-pop: JFK50-P4
accept-ranges: bytes
x-amz-cf-id: QVlcE4vOMextDvwx13CvLe4kHKf5_4Z5Tv4Fj037dZ_NfLdeQ2t77Q==

GET
H2 200 nlp-en.png
am.contobox.com/cbdata/cbox_assets/custom/thd/ Frame 2260 16 KB
16 KB 19ms
19ms Image
image/png 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am.contobox.com/cbdata/cbox_assets/custom/thd/nlp-en.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 94fdf04fbbad0d95dfa380f9e6358f4def5f731c55a81138566dd33353c4ac52

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Mon, 12 Sep 2022 11:50:53 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
last-modified: Mon, 07 Mar 2022 06:29:52 GMT
server: AmazonS3
age: 82629
etag: "4816c6c7572a59303e568ce47a00aca7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: JFK50-P4
accept-ranges: bytes
content-length: 16018
x-amz-cf-id: 16R5SN-acYasK8QVp6uVjKib80tqB9t58nwAc3htXpeFsNOCIdTBSA==

GET
H2 200 p_1001631910.jpg
images.homedepot.ca/productimages/ Frame 2260 8 KB
9 KB 28ms
26ms Image
image/jpeg 173.222.103.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.homedepot.ca/productimages/p_1001631910.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.222.103.36 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a173-222-103-36.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 61ad03c22ca146cc520c4e7a31f690f8a119ec65127b61697a146c6fa36a4c06

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
last-modified: Tue, 10 May 2022 20:02:32 GMT
server: Akamai Image Manager
etag: "bc49b056df89061adde809c5b24036d9"
content-type: image/jpeg
cache-control: private, no-transform, max-age=43200
content-length: 8685
expires: Tue, 13 Sep 2022 22:48:01 GMT

GET
H2 200 p_1001491838.jpg
images.homedepot.ca/productimages/ Frame 2260 4 KB
4 KB 37ms
36ms Image
image/jpeg 173.222.103.36
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.homedepot.ca/productimages/p_1001491838.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.222.103.36 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a173-222-103-36.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: fc64141dd909f5581ca240fb6a04936822138a5a291a617e2c3e90287be0107d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
x-check-cacheable: YES
x-serial: 872
etag: "b3923f7f74ab302b2c38e77f7e118300"
content-type: image/jpeg
cache-control: private, no-transform, max-age=43200
last-modified: Tue, 10 May 2022 20:15:18 GMT
content-length: 4252
server: Akamai Image Manager
expires: Tue, 13 Sep 2022 22:48:01 GMT

GET
H2

200

setuid
pbs.venatusmedia.com/ Frame 4456
Redirect Chain

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dpulsepoint%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%25%25VGUID%25%25
https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205

86 B
705 B

40ms
39ms

Image
image/png

35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205
Protocol: H2
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 google
content-type: image/png
pbs: nam
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-CA
location: https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-dd6bdcf45-98qkc
expires: -1

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1DF4 0
23 B 83ms
82ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BD-AI318gY9jWIZCWoPMPyP-i6AkAAAAAOAHgBAI&bg=!dnWldTHNAAZTikH4c4o7ACkAdvg8WlBZL0vZ6M5OjF3GuaAii6AFV4o-bNj5mHOvqaio44iM4qx4zAIAAALAUgAAAANoAQeZAy_D-L79cS6jhknU3pLfsfX7HeygwEcqoh_U0kBa5t1qc-bf5rZP_jvqovOn7qFKBVvLZ-0Zm7-UaHcemz58lI3nFc3UFEp8NBRLYDSPgt3cGW8myewXwjGHfCq3vb5VukD32FxiL9AHMubkvvkM7-Uv6GKn6buDypGj7E2sTivHnhwJUkrcDkebwiyJC7MP4mf5zyJxHLEVgLUCqURwtOuNhrDkKRoU3iCw9QUDtebT7uldz-sFdEkGdPPyvRQMuGPZyiBP4wZFGwV6XFE19MB5bN3_Lsya66U3ewYSDeWLmwi4Zjd78dA8K2VkM1YG9cJbm3vPQ9uUu2hb0Pv1svDWa8tHv_K6lKPZ10MZWeIO_bobDVW3F4rpTUaPca73h32tSEMPxn4kOsaH6lAjY7SccX1LwJ2_W4p7mo2gbB11I_qyn4OPC81te6MhPIe3VYwKigNEbyFf77Bf6yMP1Qc60m661xvBlzb2iSRKssdEOrHv0QDyCcxN-PZrAwKwl_yYaIsaDDPJAZQX_7O-1rv5QVfOenRb3aVP6jZJw5L7p-dqm7iG_dYnOBWr_JwQdMc8e8M_eeQnA6gEsI3kC2ICD_S0TsADpNsu53yQ3s6fOcUzFwsY6Sn4-2mi7M_sq4truycJk6ftTsK6v4JguvfJErjH-H0RC88tiRfEH8_CVlMWBYrFznajgcKBSco2Jc9fxI4W3r7TUUV_eiU4Jr1MeJBEojj1ut9CaqonZRg-e1F5tKq3l8yIC0GE0c7Eb25rJ2Dz8mCeBwn6dD0ULW4fVtHmy2guqd1pjqEsDm5RJ8vRqJyIpDBMR9iNckO7fePdpSqFblTCL5K0wa5xaeSpCzqSOSELKYa3WBty0Tkk6hOgGJrSs5k8ESRjLcvSpDjwpl0i30DR-akayKtLcDhTmFa40ukmnz1UGiEaRkHLRR6xPJ94CD71QhLtCaTEOKQ0Q7FN4X5D1QfcCPpDs3VGnTc7ai7QUuXJPorWhIn9hDt_j1iHnPv7g88mMqCmMzgd32nc-xI5IwrRxa8Ji7xlZ2GPL6eTBiP-WYn8I_qWZyFhAs6LlZB5Ddu16Xxr5w

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A892 0
23 B 89ms
89ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BhWk8318gY_r1IcLGzwWvprmABQAAAAA4AeAEAg&bg=!lJell9PNAAZTikH4c4o7ACkAdvg8Whao1yd-_gpudf3MOLZB9x00vF0MiyiOT9sNLJW4QghHKxfT9gIAAANlUgAAAANoAQcKAB5KrQc-z1Ia7IiM8b3SUgP3e-ci7SEsPeODYYpXAO2ZA0KlYure0IGYzC81JVOOZFup4rrd_3ny_SpOAxw2L7lDjtAfZDsvu6v4WSPtCjDip4lKSa4_PnNZLILqX3MuoeMIOXWLDpkZE0r0vNbIZdB02jcbHR1k5dO3pXfoRa40vey1IiHJ04hx59ymYqcHDZwXQ1E8bn0A1-u8GyGkZqJkGvUi79U8dK8Pv9fVPYNI0qpeogsHNDiIZb3UOVkDenEaDIuowC1SlZGdNMlP-2lUCa6b7FajC8z9Xv4iJHbmtoe3j9ut3mIwWpHOKp_Y2huQHNN6YMlP9raBbyhrMWo2uSQ96coi8oTY4kX1yWOpuWRmuPS7ZYz8PHEqMIcfSi56dO_gW-rWC3nImfluVARuzBLvgnnTCULprt3SOZLdG-D76SKSbn90GjA79tdyodz8PkG5vI7rghOMvokCSLHANUdapMTd6wjI41IG-MRx78aYpTenTtTVYL6pTZQcC8SkUBYd_E5shoaVGgSNeOl7ih9tzQ_yePY5BpZ2phEYNL5YN0FhwoUiNNRefGCyUlCZSpf__u6b_S9J7J01xGJlcdZoWbrJrG02PGBx6QywNoD5W5AWZy7JqKlM_iJtBH8ljFpF7QTL-rUVd8NbN1F-6LocUaKHrFaMZGsj7PY7XXISFKj5QZc7mOrWyVNwn3JvxUawCojnkh0tRDWuS9T1He4mC_WGPLgeYFxfLSjwU1QoWr2JmvOeH1qLeTEscJ1qIAAICjUDZgwjFDE5g81WGALtGWGQ9HPyZyVVWMA4p6hWVSbpKm4wNdoglaFxdABaT9L_5U2lMG3tNmnIirI7z8fpajAqK2b4bTmm0sTuzLu6Epid9p0XJxN1BlLMNY1gavFY5B5aIa7RuIP35ZBudyIz9oBAm4Iy4CtdcM6L7Tm5ufU-JBxXlqi9ghy1jqM8POIK965r8FMrWM5aqQU3Vz-vxoM0szwUoFl2pqLaPMnbLDX_NcKiN97sGfB7doHKUYt8H4S1-xFzVPmFXyExjc0Hkmf9-vToPqQNZkkHCt-sU08eFrhqggEG2weIvG0hHQjrEf7p69obdF3CZ_TmOidmxgzANAanoXdSGeMqx0tQ63FRcP-nD_oHJnBoAMlgQYI

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 viewstart.js Show response
am.contobox.com/v3/frontend/creatives/ Frame 340B 84 B
459 B 54ms
53ms Script
text/javascript 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/v3/frontend/creatives/viewstart.js?ad_id=132646&campaign_id=15906490985&cookie_id=97S1GsAaMa5N&domain=mariopartylegacy.com&dsp=DBM&event_type=time-attention&exchange_id=1&rd_iframe=iframe&ip_address=149.56.153.181&l_type=2&network_id=435328280&rule_id=28720&sid=335d0da0a14b43b494da78c02733f17d&site_id=36559527451&zone_id=129985&fromurl=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&cboxid=132646&lid=a_DBM_!!_c_15906490985_!!_e_1_!!_n_435328280_!!_s_36559527451&layout=desktop&clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCrR6H3V8gY5m2M4_enwT8tYCoBoXo7pZsoKC5r4sQq_S4gfkdEAEgg5vTaWD96KKB8AOgAcbLlMACyAEJqQLIFXgX99OpPqgDAaoEhAJP0JZSOd6XUa_SfPHcbkki_cP5eYDOD3Vqg3MUoYCQTUoZEQxSmCaoXQI7XIeKz67nEfvygo-LsljNLAbvGA2kBnpvkfddsbCo0QEFtbP4SHT3icz69Z3JvurJTVHeKKKa9s-GS8JW0Xb4nDCPdXjFoM-I5kUIXQ1ManoHTXwzSHkETLwcKaIGNHm5gOQqpZlt49M21VgoS2QizHEXxFf6JowUCk6itJvDeo3sdCdPXbxdw37GRkOcoWQxFRzaAnMMek9HQVtmK1PGacT0qq8-Kw3K07kzwwGqWY_974jWR_PNjU5SJ7shmnc_KUe2SDuF6FcdsnUGV6IJO5-nsr_VbzU228AEhfiD5eYD4AQDkAYBoAZNgAeitOu_AagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCA8IgGEQARgdMgKKAjoCgEDyCBthZHgtc3Vic3luLTEwMDQzNTI0NDYxNTAxMTCACgOYCwHICwGADAGwE4i7sRDQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAASJeRoBbBcf0Bs7BRJjk2qup8yJ0UQBewpSE9lX-PHT7l4n7Ll2ZE%2526sig%253DAOD64_0ynZqgZrHMxUYf18q_MHf-9pWQGQ%2526client%253Dca-pub-5781531207509232%2526dbm_c%253DAKAmf-BoTx9BSsgzvHS744nrktvgF54ayU8LSms2pmCQbqHl15p858y8wpE5zD7raIBqeQXP5Z9Hcl917nbfOFc6ruKqG9ericSN0DSrYb7GSWZ0D6Y-iBvVfNvCAi3X2ZT_OzpBe0EggPoeSwy5SFRFsUFBmUTZyA%2526dbm_d%253DAKAmf-CxVpwyaVdj_XCh5fsPXA9j-HRBcxPjhxhQaF0GO2JCi2ncH_Q7hvVYBpogHWiqlX5jPPtBwuQZMn75aArisgAkLElN6tM7v1oBtOsjSyTPtdZ-_LjkOH0x2SjJC0WQZ8568ndJmGjEFY5zrArSxmXQSuu_nO7NMDLTTfZyUXAU_Sea0ST35nxaYy4hYY3rB6qGy2Jkd67Sf1jo4QrL596EPjEmyU4U3vf43jNhiwEqV0Ek7SHP0_I0JbWpBlsvecmWzsn2eiTvODPXnM8pEBOJVt7lsmMYyozkvXLPPXByq9oWvJUNm_AYYxoPs2VmQgw-2Q8NAtk1NuzhRLJPkvfMliVP6gbJqVdPKnmdmuhuW55cLMXWGIiSXbzmZeh7mV48L1CiDz31IkhPgfgzd2AD7BAgX18z0FYLXBMPQ_ypkAID5XClaihgI-LcbsEFHvN83XA43hMjUJeU5333NpbbSMb3SKw58pbezWw-G6KfCZ9W2LeGz665XWVrs5UAWJoGwFx15mb1NCqy0J5JcWp7SObMRbmcb_KW4-52_N7XuNFi-kQ%2526adurl%253D&http_referrer=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2F&ltype=2&resolution_width=1600&resolution_height=1200&event_target=1&time_spent=0&event_action=inview&label=Time%20to%20completion%20(s)&event_component=Tab%3A%20Products&event_component_id=362070&event_component_order=0&tab_id=362070&tab_name=Tab%3A%20Products&event_label=Time%20to%20completion%20(s)&event_value=1
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: 7624419173656410510be4b81b2c7a251c497e90bab901c59dca25cbb7acba40

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
content-length: 84
x-amz-cf-id: slkZS3Es-IxyIAMTHBQQE4fcWHTVajDsfZSvb8VNDoYpXqN3SoTuag==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CAD3 0
23 B 82ms
82ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Baixn4F8gY4TGJYaoyQOB5IGwBwAAAAA4AeAEAg&bg=!Hh2lHVnNAAZTikH4c4o7ACkAdvg8Wu-IvZO9EU6OyoqH05pdr_NTKyepalhY6-iaqtRCX1_RcLwwEAIAAAB7UgAAAANoAQcKAD-h4JZQj-kAu6UKsbxi1ACAcSldl4wp9tJ3dUrXoQ1Sx6-dnLECd2W9KrLNzA5WusUU-WejiXnTLVSoqLUv2cWZAxlA9CN2pvFGlfywSOdvbcYvkBF9boHqzEsP_QOprppYbY-0BvjZesR5DzZcbdn-cYkGv-qp1k6XK_qzMI3jpPRBzKMnlDYjjkd4U2R0rd-3_RoFgbQjC4vDs6a8ChFBV56tse3kC63yUgTGXCmbMWcjo9nDLrmzXRWutjrFgoJGCy9N5Q04pU2kK2fvpvqJVYvPIS7znE1E2Y5rxBZRQznj3epLLu5mrRS3IqyDEZj9PUfQZ96iJhDL-og-pkAzrtp0Fq0NwXupQFnilEjekhC4R0LzeFPKKObsEb9cWeahR5oRW0DZTc5-YhbuV9HkuXh7GZhIIN4Sz41E-84ASV9JkFYe3qJvMm9ry2Ktj3Jj9trUTpk5wB0ZwMpgKLIyTY-OVbTZimgcY4EaDaP50kLoUTP0ipuSsLwGmMAjCV5meYnp-m5RR0wrTXBtQNRy9dPPJXhfCdG8--JlaAbiOkVjtKo8UnJG6KGslmRIEcYvkrJUfZ33HcLlfR8vIrfNrbX9VIHP07o91MnkHOr8BVQwFjhrJZwtCUHO_nj0cFOuP2psFH-jN-vzp0mLhAxPzNXw6EG_qY_fzYhQvkXl4xG-Yb5mVVo1693xIvzFLs9Wbu3v40jhBj2t9Lwf_SsUdyLv_-63M4NKWj_LtXnMvsQQp7Z7ees99DIfo5xJoUA3PXZpFLkZr9XXsitFxD4wN5tjMCsa5qJ83Ga_ixeCZ03drpqdHhU0nzrvAjE4oj5C3dogko4m71YBCwCBhKrzvQHiJ2Fz5FdS6DpjEDr6tzQ3sFbK3qiIS0vtG51jwylo2EmRCI45ekE6-TLw3db-upnmfZGMBmfehJgcSOccmsd1ZVS-hSA93k6zLjF7GchqbgKJfbpCkw39uT7_6LJfDlY_u-pg_sJglYTwvfsLnb5BUR8qVShSpiqvmJ6BD7z8U_nJJc9n77YWO7FaU4s8uJ9FMiiSH7EzDcdWSJheowwaxy9kiVELsdhB6iMAi_-bOfPNLCEr2cumXhP585HFUMcLnXgE1e1_A5bPRWQnJx3trfrnaKruhP8u

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
pbs.venatusmedia.com/ Frame 4456
Redirect Chain

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dpulsepoint%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%25%25VGUID%25%25
https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205

86 B
701 B

40ms
39ms

Image
image/png

35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205
Protocol: H2
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 google
content-type: image/png
pbs: nam
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-CA
location: https://pbs.venatusmedia.com/setuid?bidder=pulsepoint&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=39Q4xeHD0mWI&ev=1&pid=561205
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-dd6bdcf45-98qkc
expires: -1

GET
H2

200

setuid
pbs.venatusmedia.com/ Frame 4456
Redirect Chain

https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fpbs.venatusmedia.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26f%3Di%26uid%3D%5BUID%5D
https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9

86 B
701 B

39ms
39ms

Image
image/png

35.209.198.18
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9
Protocol: H2
Server: 35.209.198.18 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 18.198.209.35.bc.googleusercontent.com
Software: /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://mariopartylegacy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:01 GMT
via: 1.1 google
content-type: image/png
pbs: nam
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 13 Sep 2022 10:48:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-64
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://pbs.venatusmedia.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&us_privacy=&f=i&uid=a5400f57-ad0e-41a4-98df-14a6f3e49ac9
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 729D 42 B
64 B 89ms
88ms Fetch
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEndzDnizBylAEd5-gAsCkxpZ3iAUFguvUnjZbI_7J3t7gcgD09rS7bPBf-NpB-Ago7e8z5gGQziZh7TVFAptiuCG6EhT0GncluWramcbfWfXIBOQDowDDAgIgmKI_olvGVPI&sai=AMfl-YTRl1lX7RMnxCG0P1NnI4kJmL6y3fZvBAW5EtNUJ-TKNT3MmSYFCtBKw1tPrXX0260eR4Wk1qwdnyOtdT3nOX0vmt5J6WRZ0h5RUdNRiz4KCU5fUsg7zcWx48jH&sig=Cg0ArKJSzNUVX62sndyWEAE&cid=CAASJeRo6iv44bwI1Tttt7jdRAz2IEakjl77bBaIW06KMOCfiUmGBOE&id=lidar2&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220912&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3875135371&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1663066080082&rpt=966&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Sep 2022 10:48:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 viewstart.js Show response
am.contobox.com/v3/frontend/creatives/ Frame 2260 84 B
459 B 29ms
28ms Script
text/javascript 108.138.128.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.contobox.com/v3/frontend/creatives/viewstart.js?ad_id=132647&campaign_id=15906490985&cookie_id=97S1GsAaMa5N&domain=mariopartylegacy.com&dsp=DBM&event_type=time-attention&exchange_id=1&rd_iframe=iframe&ip_address=149.56.153.181&l_type=2&network_id=435329865&rule_id=28720&sid=60d3b7f353884418a84b400bcd4fa174&site_id=36559527451&zone_id=129986&fromurl=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&cboxid=132647&lid=a_DBM_!!_c_15906490985_!!_e_1_!!_n_435329865_!!_s_36559527451&layout=desktop&clicktag=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCH7iL318gY8LvHYeVnwSw_JegCYXo7pZs-J-5r4sQq_S4gfkdEAEgg5vTaWD96KKB8AOgAcbLlMACyAEJqQITAa_soNypPqgDAaoEgAJP0H8JxqrCRaSmwPLP2mov0sEVnkloJsjphiW31zsFcRji5atGwPsFgaahq2rUQ2VoCJ2hQ-rz0JaFCx1LN-vwiHGXnmTQcyNCifp0mirHB2Jn19raKalZqnQX5Vlwmm9zCe0RPeRO-kDtTBYhEC4fVDOoaElyrbvOislCB3DVGfYWFSQtQ8jU0vwSkD4FR96iQABl1eF52InJrgX6MezVvUA8lBeFS8rfXz1T5eJoQSAefeZoVn-eKR8u1pd-0g2SEA2kirTplEtzglyjQvyJq3NESQ-f87Z3Ew8FVZP1chnxi2lTtmFBq1z9TlnBAKIZvPky4RWAcASTVpea_eFFwASF-IPl5gPgBAOQBgGgBk2AB6K0678BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiAYRABGB0yAooCOgKAQPIIG2FkeC1zdWJzeW4tMTAwNDM1MjQ0NjE1MDExMIAKA5gLAcgLAYAMAbATiLuxENATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAASJeRo6iv44bwI1Tttt7jdRAz2IEakjl77bBaIW06KMOCfiUmGBOE%2526sig%253DAOD64_0vTAj_qv3KhbdFEAxKvLRKKsOnTA%2526client%253Dca-pub-5781531207509232%2526dbm_c%253DAKAmf-BZFRxo46onenPx9Z41ggFcCX34fXmPoqNPqw_3lQfRtq0iWxBBNYbW-8z3zqhAAqtt2jjqRCh1wPcQ5UtXFyT493siCzSmknxZmgVdqnJm3Sm0_amsPWbJ_1UvFUjeuSOVSgFumzekwFK5v3bPHJacJav6Tg%2526dbm_d%253DAKAmf-Ap10jorXrmFGKO5a9wscuiak1lINTAvaqC5XuE2cugAtrI0Dvnz00_EQwoQMqFaXofEMmIi4kVEG5cWyhyMc0MA68vq4TC_kQL1oW9yWQL5MghZIc-Rdvm0MU9E5FkyM_rXq31jHaRk1Yq9lKb3cv1ymCvuAguAnFbh8jBqR_s-3ag8QGFxGpUI1ss5Lux3KQeLQShLVuQbjRWCN6XVgU6LWX4kaofv10jbTdnB_9UtFwK_BiWPlc8D9qrGse8cDSrPq5Hx6C4J3na5dThI2aSqjsP-7y3ecw2ffVrkJAX1dzqE1g0gZu4VzxuX6G0AK3LnT3YvJVPOKzu2vC3CLNwOvzArI0CMCp-RomWy6dcbMJ2pwM3ILnQAEr0rzDyMPZCcpz6cyRwLsPjg6PbDBlg9bYGjsW3JxFU3wl3lHZZIEae6AcqsNaKZ5pyl_MJDTfpbhjbXcPAp3Op-DXNFWNYtteoiEhVOXKZ0ZtY3Va5hgSFSPS-tJwub3oTd7KzFTfxMxtHQoDx9B6K3MCoO2eLWzmZVFX9j5wxFbabqRh_b9wQgIw%2526adurl%253D&http_referrer=https%3A%2F%2Fc6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com%2F&ltype=2&resolution_width=1600&resolution_height=1200&event_target=1&time_spent=0&event_action=inview&label=Time%20to%20completion%20(s)&event_component=Tab%3A%20Products&event_component_id=362070&event_component_order=0&tab_id=362070&tab_name=Tab%3A%20Products&event_label=Time%20to%20completion%20(s)&event_value=1
Requested by: Host: mariopartylegacy.com
URL: https://mariopartylegacy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: b0afbac9c98a9d3327cb1bedf4d61133e77602b09a96e46283d7ee6ca83c9f30

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 10:48:02 GMT
via: 1.1 dd80355363eac92e0372107558e579a8.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P4
vary: Origin, Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
content-length: 84
x-amz-cf-id: aaWzahWX8573QxUrX4jZKjbWa2zbrYrrkzuHEr5pcQPkx7yS5jIIZQ==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.360yield.com
URL: https://ad.360yield.com/pb

Domain: www.google.com
URL: https://www.google.com/recaptcha/api2/aframe

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESECaJeVaoEM3PQm1yp3JYPAg&google_cver=1&google_push=AehlK4D5Tyz_PsUI3kx0uc_k9YuqRsQuvkIwHWr_tfX4iP_Wrz232RBWFVuW_io4dRWRBVKMS_ihZPqW6a_KyJ1jBnoI9EnO0pY

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=2173

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

96 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mariopartylegacy.com/	1970-01-20 15:33:46	Name: _ga Value: GA1.2.1350949069.1663066076
.mariopartylegacy.com/	1970-01-20 05:59:12	Name: _gid Value: GA1.2.2068343256.1663066076
.mariopartylegacy.com/	1970-01-20 05:57:46	Name: _gat_gtag_UA_84394370_1 Value: 1
mariopartylegacy.com/	1970-01-20 06:40:58	Name: _pbjs_userid_consent_data Value: 3524755945110770
.lijit.com/	1970-01-20 14:43:22	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.omnitagjs.com/	1970-01-20 06:40:58	Name: ayl_visitor Value: 2e1365d54bb9a2e53ba39551fc554595
.openx.net/	1970-01-20 14:43:22	Name: i Value: 9b9d9d70-ee71-47cd-ac14-aa53db883c9f\|1663066076
.rubiconproject.com/	1970-01-20 14:43:22	Name: khaos Value: L802LPLO-C-554K
.360yield.com/	1970-01-20 08:07:22	Name: tuuid Value: c3e21117-eb70-4d8c-a862-a11ae72c17cf
.360yield.com/	1970-01-20 08:07:22	Name: tuuid_lu Value: 1663066076
.a-mo.net/	1970-01-20 14:43:22	Name: amuid2 Value: 5453cbab-8739-43dd-b8ed-7befb4068dd6
.prebid.a-mo.net/	1970-01-20 14:43:22	Name: sd_amuid2 Value: 5453cbab-8739-43dd-b8ed-7befb4068dd6
.emxdgt.com/	1970-01-20 08:07:22	Name: uid Value: 56751663066076982594b2
.adnxs.com/	1970-01-20 08:07:22	Name: uuid2 Value: 4776604448345215037
.mariopartylegacy.com/	1970-01-20 15:19:22	Name: __gpi Value: UID=00000969f5a3f0af:T=1663066076:RT=1663066076:S=ALNI_MZepan3u8wnV0Ormw1DgKfjszp67g
.doubleclick.net/	1970-01-20 15:33:46	Name: IDE Value: AHWqTUkzy2NGI-XauFeMFeYgcdyP5tvKrBhOAR5qG7rZT1XvEAoRPbnp3hpK4-MeDD0
.mariopartylegacy.com/	1970-01-20 15:19:22	Name: __gads Value: ID=ddae48b5fd03b39c:T=1663066076:S=ALNI_MbcWFFAik3XueuvM0ez-Ki1DX951g
.smartadserver.com/	1970-01-20 14:43:22	Name: pbw Value: %24b%3d16999%3b%24o%3d11100
.smartadserver.com/	1969-12-31 23:59:59	Name: vs Value: 321617=5101127
.smartadserver.com/	1969-12-31 23:59:59	Name: TestIfCookie Value: ok
.smartadserver.com/	1970-01-20 14:43:22	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 14:43:22	Name: pid Value: 1172854194788157185
.smartadserver.com/	1970-01-20 05:59:12	Name: sasd2 Value: q=%24qc%3D1308948106%3B%24ql%3DHigh%3B%24qpc%3D28700%3B%24qt%3D124_1509_77271t%3B%24dma%3D0&c=1&l=1501522464&lo=384595258&lt=637986628786889055&o=1
.smartadserver.com/	1970-01-20 05:59:12	Name: sasd Value: %24qc%3D1308948106%3B%24ql%3DHigh%3B%24qpc%3D28700%3B%24qt%3D124_1509_77271t%3B%24dma%3D0
.go.sonobi.com/	1970-01-20 06:40:58	Name: __uis Value: a5400f57-ad0e-41a4-98df-14a6f3e49ac9
.adnxs.com/	1970-01-20 08:07:22	Name: icu Value: ChgIhKM8EAoYAyADKAMw3r-BmQY4A0ADSAMQ3r-BmQYYAg..
.prebid.a-mo.net/	1970-01-20 14:43:22	Name: __amc Value: 3_1663066076_1663066078
.casalemedia.com/	1970-01-20 14:43:22	Name: CMID Value: YyBf384x9Z912gErIW1toQAA
.casalemedia.com/	1970-01-20 08:07:22	Name: CMPS Value: 2748
.casalemedia.com/	1970-01-20 08:07:22	Name: CMPRO Value: 2748
.media.net/	1970-01-20 14:43:22	Name: visitor-id Value: 3060676791454972000V10
.adnxs.com/	1970-01-20 08:07:22	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVVN$dh!@wnfH8K6pQK`!5=E<L5?%K/lvZ['5>]1[lw`uM4>(2`1S5VL??mLUelP[Y%nugO%v4VB%nngo*6X_]
.contobox.com/	1970-01-20 15:33:46	Name: ContoboxGetCode Value: 97S1GsAaMa5N
.demdex.net/	1970-01-20 10:16:58	Name: demdex Value: 24861984027215330284354830400227382033
.scotiabank.demdex.net/	1970-01-20 10:16:58	Name: scotiabank Value: 24861984027215330284354830400227382033
.casalemedia.com/	1970-01-20 08:07:22	Name: CMTS Value: 415
.smaato.net/	1970-01-20 06:28:00	Name: SCM Value: 1e48e93
.smaato.net/	1970-01-20 06:12:53	Name: SCMg Value: 1e48e93
.blismedia.com/	1970-01-20 14:43:26	Name: b Value: 63205FE0CD7B977CC7B4E0B2BLIS
.sitescout.com/	1970-01-20 14:43:22	Name: ssi Value: dcaefb3f-ce63-4abd-9dc2-efd120a94152#1663066080364
.inmobi.com/	1970-01-20 08:07:22	Name: idsp_c Value: a6bad869-0313-40be-9261-42735dcfcb1e
.dyntrk.com/	1970-01-20 14:43:22	Name: dyn_u Value: 06030001_63205fe060697
.yahoo.com/	1970-01-20 14:43:43	Name: A3 Value: d=AQABBOBfIGMCEOwaxlPTXyu7wk4wQwx-aPgFEgEBAQGxIWMqYwAAAAAA_eMAAA&S=AQAAAiH4iR65d4e9ODpWcA_0sy8
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:43:22	Name: bcookie Value: "v=2&ea3ed0c6-8782-4fea-89b3-ecfbda0c54de"
.linkedin.com/	1970-01-20 05:59:12	Name: lidc Value: "b=OGST01:s=O:r=O:a=O:p=O:g=2787:u=1:x=1:i=1663066080:t=1663152480:v=2:sig=AQHp_5wTfvceNbJ7I5uoubAhFDZ4dnh5"
.bidswitch.net/	1970-01-20 14:43:22	Name: tuuid Value: 14e0bcf2-27ff-4883-b056-14f09361f787
.bidswitch.net/	1970-01-20 14:43:22	Name: c Value: 1663066080
.bidswitch.net/	1970-01-20 14:43:22	Name: tuuid_lu Value: 1663066080
.toast.com/	1970-01-20 15:33:46	Name: BID Value: Z5HIQ4PPZOEF48090662PDOKY
.sitescout.com/	1970-01-20 06:40:58	Name: _ssuma Value: e30
.bidswitch.net/	1970-01-20 05:57:46	Name: google_push Value: AehlK4BDW3LcEorK_n4Xnovrsu4wMWnYDohAL996P-WhP5w2eHjCKbw5oN5GIqNt9Rp6NR4RpE0fQ_xbQ2JWj_7z1AsTkmZ8-JQM
mariopartylegacy.com/	1970-01-20 05:57:49	Name: _lr_retry_request Value: true
mariopartylegacy.com/	1970-01-20 06:40:58	Name: _lr_env_src_ats Value: false
.adsrvr.org/	1970-01-20 14:43:22	Name: TDID Value: 822589b7-7c2b-4f7c-b85a-f78168c3d36e
.rubiconproject.com/	1970-01-20 14:43:22	Name: audit Value: 1\|mFVHqHkj5bHvUQp6C/aJK+1WuCoMxA8a+JUixCbOKdokEu2gZrfHPgpAD7Ucs4dEMoEZGvjddfROcqJqNU5OLBqjD3we6qaJzG6FmltYou0hIyAGkp/6gE3OYGmoobl7
.analytics.yahoo.com/	1970-01-20 14:43:22	Name: IDSYNC Value: "18yx~274y:196y~274y"
.criteo.com/	1970-01-20 15:19:22	Name: uid Value: 4d973292-dc9c-40d6-9954-b9862add9915
.teads.tv/	1970-01-20 14:41:55	Name: tt_viewer Value: d204eaa4-5bf4-4c17-95f5-0dd252aa47ca
.prebid.a-mo.net/	1970-01-20 05:59:12	Name: _sv3_7 Value: 1
.prebid.a-mo.net/	1970-01-20 05:59:12	Name: _sv3_9 Value: 1
.mathtag.com/	1970-01-20 15:23:41	Name: uuid Value: d9d66320-5fe0-4400-875d-f0cb9f218aa1
.mathtag.com/	1970-01-20 06:40:58	Name: mt_mop Value: 4:1663066080
.mookie1.com/	1970-01-20 15:26:34	Name: id Value: 10596125502584628923
.mookie1.com/	1970-01-20 15:26:34	Name: mdata Value: 1\|10596125502584628923\|1663066081029
.mookie1.com/	1970-01-20 15:26:34	Name: ov Value: 7e5aea1ebc334719dd7f40b7ab7f1806
.tapad.com/	1970-01-20 07:24:10	Name: TapAd_TS Value: 1663066081131
.tapad.com/	1970-01-20 07:24:10	Name: TapAd_DID Value: 137c8093-711e-4365-b2af-593aee114210
.id5-sync.com/	1970-01-20 05:57:46	Name: cf Value:
.id5-sync.com/	1970-01-20 05:57:46	Name: cip Value:
.id5-sync.com/	1970-01-20 05:57:46	Name: cnac Value:
.id5-sync.com/	1970-01-20 05:57:46	Name: car Value:
.id5-sync.com/	1970-01-20 05:57:46	Name: gdpr Value:
.w55c.net/	1970-01-20 15:26:34	Name: wfivefivec Value: rC4lnmvd1Oy3st5
.tapad.com/	1970-01-20 07:24:10	Name: TapAd_3WAY_SYNCS Value:
.adform.net/	1970-01-20 06:40:58	Name: C Value: 1
.media.net/	1970-01-20 06:17:55	Name: data-g Value: CAESEPMqK3I3Y-l1rvvUIc94n2s~~3
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s8654\|YyBgu
.adingo.jp/	1970-01-20 06:40:58	Name: ID Value: db084ea598d447bbaed1bceb54b7a24b
.mariopartylegacy.com/	1970-01-20 15:19:22	Name: cto_bidid Value: SLnlq184MmclMkZ1MUNRbkFMT3VMdmxWdjQ4Y1NxaWtqUndCd3N4TGJSbGhibE94Y1BNbXJLdHN5dlN1ZGRyUVdFJTJGUEh5bUFjNEliTEhWNUJNUUU1TUxxMW9ZNmRTMWFQRHlzVnVKdDFBT2hRUWVKanMlM0Q
.w55c.net/	1970-01-20 06:40:58	Name: matchbidswitch Value: 5
.mookie1.com/	1970-01-20 06:12:10	Name: syncdata_TAP Value: 1
.tidaltv.com/	1970-01-20 14:43:22	Name: tidal_ttid Value: 2e34b4e9-bf4b-4ce1-9044-903819e985c4
.mariopartylegacy.com/	1970-01-20 15:19:22	Name: cto_bundle Value: jufr3l9Nd0UlMkJPVnFueHpkdnFaWlE0JTJCbE5jejglMkYyRkZ6YnFQU2ttMWgyMnNnNmFyYThHQThnU0RGcHNldDlxbWs3UlhVOXdEWm1OSFB1djAlMkI2ZGJlSlppNGlNYzlCYU5iYVlkU2tYY3B3blFna0lSUk8lMkZFakg2aDZQTDhCVGhEd3clMkIlMkJOWllOa3N5UUpMdVAwUVp5U1hocDlRUlZ0ZFd6a3dqYkFqSExXTWFaRHNLVSUzRA
.id5-sync.com/	1970-01-20 08:07:22	Name: id5 Value: c96db65a-1477-45b4-ae21-000c1c9f2484#1663066081125#2
.adform.net/	1970-01-20 07:24:10	Name: uid Value: 2029913363476918026
.tidaltv.com/	1970-01-20 14:43:22	Name: sync-his Value: "H4sIAAAAAAAAADM0NjK2tDI0sgAAo/RvugkAAAA="
.agkn.com/	1970-01-20 14:43:22	Name: ab Value: 0001%3AcVhPNCZNtJIfzeLd9IlpXdIVCRvwef1r
.mookie1.com/	1970-01-20 06:12:10	Name: syncdata_NEU Value: 1
.contextweb.com/	1970-01-20 14:36:10	Name: V Value: 39Q4xeHD0mWI
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 5cedfa9d1294de0a
pbs.venatusmedia.com/	1970-01-20 08:07:22	Name: uids Value: eyJ1aWRzIjp7fSwidGVtcFVJRHMiOnsic29ub2JpIjp7InVpZCI6ImE1NDAwZjU3LWFkMGUtNDFhNC05OGRmLTE0YTZmM2U0OWFjOSIsImV4cGlyZXMiOiIyMDIyLTA5LTI3VDEwOjQ4OjAxLjk3MDQ5NVoifSwicHVsc2Vwb2ludCI6eyJ1aWQiOiIzOVE0eGVIRDBtV0kiLCJleHBpcmVzIjoiMjAyMi0wOS0yN1QxMDo0ODowMS45MDMwNVoifSwibmhuYWNlIjp7InVpZCI6Ilo1SElRNFBQWk9FRjQ4MDkwNjYyUERPS1kiLCJleHBpcmVzIjoiMjAyMi0wOS0yN1QxMDo0ODowMC42NDU3MDJaIn0sImVteF9kaWdpdGFsIjp7InVpZCI6IjQ3NzY2MDQ0NDgzNDUyMTUwMzdicnQ1Njc1MTY2MzA2NjA3Njk4MjU5NGIyIiwiZXhwaXJlcyI6IjIwMjItMDktMjdUMTA6NDg6MDEuNTQ0NjU2WiJ9fSwiYmRheSI6IjIwMjItMDktMTNUMTA6NDc6NTkuNDE0NjkxWiJ9
.id5-sync.com/	1970-01-20 08:07:22	Name: 3pi Value: 2#1663066081690#-646693358#4776604448345215037\|3#1663066082029#-263005146#d9d66320-5fe0-4400-875d-f0cb9f218aa1\|124#1663066081478#-2070283679
.id5-sync.com/	1970-01-20 05:57:46	Name: callback Value:
.360yield.com/	1970-01-20 08:07:22	Name: um Value: !5,7DTxDV9lKVE2dS3p7suJmDwQfgCA3InoB-OagR.gwfHCpjAOoS.xkO37Ot8qRyeR1YY,1670842081!313,sn7FWe8zidlcKjvfZrki68bLBBKFeRUuo2Irp9Hqa3c1hjmnt.qmoAl26LmobvRmQ15rZAeQlzZBGGes,1670842082!340,yAofGIWPXg-buoNNPpIrhXs3v8SXOU4c.9YsLMDT4kPexVGpYhh-EUE,1670842080!191,ZyLAAxl2drwu0O4s5UGnBt4kqAlVdUha99zGRY9jOMuFCWG.Jkj9BqPFaQlX6s-7c8k,1670842081
.360yield.com/	1970-01-20 08:07:22	Name: umeh Value: !5,0,1725274081,-1!313,0,1725274082,-1!340,0,1725274080,-1!191,0,1725274081,-1

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	Message: A bad HTTP response code (404) was received when fetching the script.
javascript	error	URL: https://mariopartylegacy.com/ Message: Access to XMLHttpRequest at 'https://ad.360yield.com/pb' from origin 'https://mariopartylegacy.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network	error	URL: https://ad.360yield.com/pb Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://mariopartylegacy.com/ Message: Access to XMLHttpRequest at 'https://www.google.com/recaptcha/api2/aframe' from origin 'https://mariopartylegacy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.com/recaptcha/api2/aframe Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Message: Refused to execute script from 'https://scotiabank.demdex.net/firstevent?d_event=imp&d_src=203093&d_creative=176722618&d_campaign=27093947&d_placement=327003517&d_site=3375178&d_aid=6105106&d_bust=3108764557' because its MIME type ('image/gif') is not executable, and strict MIME type checking is enabled.
javascript	error	URL: https://mariopartylegacy.com/ Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=2173' from origin 'https://mariopartylegacy.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=2173 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cs.emxdgt.com/umcheck?apnxid=4776604448345215037&redirect=https://pbs.venatusmedia.com/setuid?bidder=emx_digital&gdpr=&gdpr_consent=&us_privacy=&f=b&uid=$EMXUID&b64_redirect=aHR0cHM6Ly9wYnMudmVuYXR1c21lZGlhLmNvbS9zZXR1aWQ/YmlkZGVyPWVteF9kaWdpdGFsJmdkcHI9JmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0mZj1iJnVpZD0kRU1YVUlE Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
abs-0.twimg.com
abs.twimg.com
acdn.adnxs.com
ad.360yield.com
adservice.google.ca
adservice.google.com
am.contobox.com
ap.lijit.com
api.rlcdn.com
ats.rlcdn.com
bh.contextweb.com
bidder.criteo.com
c.us1.dyntrk.com
c6efabcfccb3224bd07618d6a5e79e28.safeframe.googlesyndication.com
cbmedia2.contobox.com
cc.adingo.jp
cdn.adnxs.com
cdn.connectad.io
cm-exchange.toast.com
cm.g.doubleclick.net
contextual.media.net
cs.chocolateplatform.com
cs.emxdgt.com
cs.media.net
d1oykxszdrgjgl.cloudfront.net
dsum-sec.casalemedia.com
fastlane.rubiconproject.com
free.xjs.lol
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb-api.omnitagjs.com
hb.vntsm.com
hb.vntsm.io
hblg.media.net
htlb.casalemedia.com
i.clean.gg
ib.adnxs.com
id5-sync.com
images.homedepot.ca
lexicon.33across.com
lg3.media.net
mariopartylegacy.com
match.360yield.com
match.adsrvr.org
mug.criteo.com
mweb.ck.inmobi.com
na-ice.360yield.com
nym1-ib.adnxs.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
pbs.twimg.com
pbs.venatusmedia.com
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
platform.twitter.com
pm.w55c.net
prebid.a-mo.net
prg.smartadserver.com
px.ads.linkedin.com
qsearch-a.akamaihd.net
res-a.akamaihd.net
rtb.gumgum.com
s.ad.smaato.net
s0.2mdn.net
scotiabank.demdex.net
script.4dex.io
securepubads.g.doubleclick.net
shoppable-api.contobox.com
static.criteo.net
sync.go.sonobi.com
sync.mathtag.com
sync.teads.tv
sync.tidaltv.com
syndication.twitter.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
track.venatusmedia.com
ups.analytics.yahoo.com
us-u.openx.net
venatusmedia-d.openx.net
warp.media.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ad.360yield.com
api.rlcdn.com
google2waycm.netmng.com
www.google.com
100.24.140.184
103.229.206.241
103.243.202.190
104.117.182.27
104.152.168.8
104.18.19.126
104.244.42.8
104.244.43.131
104.45.178.220
104.76.104.25
104.77.220.25
104.77.221.10
104.77.9.133
107.178.246.49
108.138.128.83
108.139.29.124
108.178.23.114
135.148.35.200
141.95.33.111
142.250.64.66
142.250.65.226
145.40.89.200
159.203.145.121
173.222.103.36
18.214.193.123
195.244.31.11
198.148.27.140
207.198.113.93
23.105.12.144
23.205.72.10
23.41.168.189
23.63.77.138
23.92.190.69
2600:1901:0:8344::
2600:1f18:1c96:4102:b9ab:f4:b89e:5480
2600:9000:2209:a400:1b:5138:8a40:93a1
2600:9000:23cb:1800:0:1651:6140:21
2602:803:c002:200::116
2606:2800:21f:5b71:3e29:d001:be46:4bcc
2606:2800:220:de:468:2285:c1:4a3
2606:4700:10::6816:2f8e
2606:4700:10::6816:37ce
2606:4700:20::ac43:4bf1
2607:f8b0:4006:808::2002
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80c::2001
2607:f8b0:4006:80d::2002
2607:f8b0:4006:817::2002
2607:f8b0:4006:81d::2008
2607:f8b0:4006:81e::2006
2607:f8b0:4006:81f::200e
2607:f8b0:4006:821::2001
2607:f8b0:4006:821::2004
2607:f8b0:4006:823::2002
2620:100:a001::4
2620:100:a001::c
2620:1ec:21::14
2a04:4e42:1c::159
3.217.95.75
3.225.218.147
34.95.69.49
34.96.105.8
35.190.90.30
35.209.198.18
35.211.178.172
35.244.159.8
37.157.6.241
37.19.207.34
44.197.96.251
51.222.39.185
52.213.197.181
52.223.40.198
52.85.61.49
54.175.87.114
54.236.153.70
68.67.179.155
68.67.181.211
69.166.1.12
69.173.151.100
74.119.119.129
74.119.119.139
96.17.64.29
99.84.119.113
017f77dad35bc8628746a941c5b85ee4fb206c73f7abd23e1503fadcfdc734af
0233d3c9020f448a33edeea538ba1424b7a61a3b9433b1273daceea88bbe2e00
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03167c69766462ad487d85155b442c971b0c5494224b9a71d9de3fe67f8ca59c
03e2f7f0e1794b1852dda8c1828fb4b677a9d18d76417e3a9686a1d35e66f581
0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5
04e335d4d6e4403b6be6ab4c8b75b2a59c060e00f8b36a2e8626b4de3ff3da3b
0812fe1eca87b53058cf954b36e8b6c12fb15da281f92386acf6f0d800a2acbc
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
095ce7913e543fa079a0e91c892304486f466f5d3c8ea49d50501a1d08ddd72d
09c4cb7e9d5c200caa3851c606ff2be03de38d9cadab7cf1096149a84e5ddadf
0a98976de9a16af304959c0e2cda0e24b0f6b8dfdcd5e623cc2ff8603d9b2f21
0b646f6a0117000d7a12cb08668222c21cd3ae0194b31cb4a12a60547171e380
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcb7f82018bd3cc00aa4b32ca7cd6a0bfedf43abdb27c6a8ec4245b79a9d2c3
0cef42f8742099cecb69425cc702bcb2438a6b3fdcb1e8957e3fac9dbea8d0e4
0ecaf4e8ec6cea3892eb9c2bbb9ef4ab6fb5b5616beec753625c4013abdf4fca
0edaf21554e0889aed8de9ec9e662e8247f3fad31fd795914a8822681bea1913
1025796e98f8a3035216dc8af4175a21b80c2d702b79278a362184970b4f2d95
118b7d83a74408b9f83534ef8d31b26799fa9298a285101e1dd504b81cc4a675
126310ace7911a6aec004ee06ab5e5c48833069fc52ba79987981ecb94f87a9b
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17b6c419a7f65afd0e75266dcace486b79ceae9242177feaa960dda92816c4cb
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1a8ed29607237e532764ff6ff46fdd97520c33ae6e445ada898e9697a0d4fee0
1ac3021d1a1f1ff8b3f3e53d107f7fb5b22058764474233733bbc7aa144a1348
1c4888f93b307a57af316cafb754a6677566fa972de1a3cad72dc0f4d94be089
1cc5fba1b17b26c8975d63d581f375152c583264b4ba58a2d2eacac2d11d90ee
1cf56f38cef3acc0ca544006317d5c99e086f503b6c38b89e96dc7ff9d46b153
1dfec866aa3a6679f2692fe6aa7ff41ae4d676e287239ced6409c05a4d715f68
222fa391f26a0b6f4b5d8459ada308e078e6d2e69707766e247692a6f45676c8
22c7e0e314fa1ee6e628b537d92e672b2768b61544cf2532eb69fcfe711adf9d
239888860762071d6992c5467b0f63afcdf9d945de4db1238df82fd632ece2b5
264cd082d571d4bf306dbf6a4eff8552a976e7bfd23e7f6b350841a8defd5d2d
2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67
2bee0d563edebc31a6e69fb17bf224b00e73b4278cd0d480a7666e1fb7afd27c
2df380cb1ad10e7b3eb3e60c8cf95aa66a097ef6a4f231cdffdaf981fbcdb367
2ec2fb171e1620562e36b696354c0aeb30f901ac6d5797a01b2301c8645de308
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3372c435acb306919c0975372f87e9c0fd852b413a95701c2e0c9461827611af
3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c
3436d3c4df3c679dc1fb73efbadd55f05b62959168e0129128e491656702adca
343737036659ab2da60dba8711484b9457e7fde594b917c0cb0c54823d90e71f
343ebdef497ae0b54fe36b5d73a8d90337a648141b5dfe8a028b9cdc33c3796f
38d797d77f92310ebdcd7319f36d999b6ed44dece556fb63d3deae5ee11b9d0a
3a3ffdda003bc7bc7d8fdc426b862833319f89115310cd535042b2fc4b664e43
3b74e688e7c657a53478003583dd789e4a5ce35161c3f62b80745fe730b77bbb
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3ec80ab4268df9789b6af0dde736283e282147fcb8dd88ca5e3acd70882036e2
4016e5c000f30547fe4c066aa2afad9f2ca5db3d6717b4d0990fecfd1a301507
40cfd90254f8ee9bcc9b98d595ec9d88e0bafbb3fe643cfcb760f07323ece86b
422cdd4a77a702d0c42b4b9444a1276db358ba07e2e7663afc43c91f531da9d3
424332ea0ecacff818cf7de57fd7968c0172f01776ff025a4d2a99540422d3f0
450864390e43d79760eb4436197835e87c2beddecc6ed4446af02d39283a3178
45d77e730024ce8285307966cbaafc8539c709de7ac7cb1f487c760fa851200f
47b0b8311de649cf1b7e1dc1b5bde74e63602fed5ac8a640bf6d616cc2db72d3
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae
4b39977b867ee443704b6436fb856593c33e24c5a9c07b7cb35792a198f5adbe
4b4f5b60d49a29fea94c6c61db57d0e6b54b6bedfb051f7aaddbf4f1735123dd
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6bd6798b332659706f4e6160d766e6aeb6f994363807c825dacbe82c613604
4b86073394cd6e73cf4cc4a415f66508e33e2f8f12c34df1bb539f7500006185
4c74bf286c261bf175c4d922f9e1b53ed0a7e4dee5b47bdcfbc999069693a563
4cb32ec64c172379f3b33674d6ad45d1c5bb38601e17b9ee43597ba17a5c5350
4dc1151b79543604e857a63f6d2021182255a40f2b7f12c88cc2421ff848d8cb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ff2b434a7c54ace6f1487f3575062abe7219c1a4fd68a4e5a34de0e111ad312
503ecba2019c7935aecb5a6322e359ec4e781280c3e700c6d2b81820fdbc1bc4
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52ca0718791373d71720ce8447eda9f65de1c9d3b34bd17a861fc274a12b4d0b
52d74c3fa0a99caa96dbd7477e86ec3df342e032cbb50e5909b7aa5e6ae06255
540454962825aed8f17a0552980aed58a8d040e50ce761447da221d054812904
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5631fc48e76457a804176c23175cd0bfbecec9f01e126e952a38fd72b764e5ed
57a47d71f413910c5be4b212e4a87094e0e56e9b13b21ffbec92d90fc37d2e48
584b10df5af4716257aae636285c55f27e9a970412fa831dd66023efabb84b48
58501b027fcd0c730f5e75570c91e0182fb258167a3528f22a838cc7eecc0c08
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
590bbe15594205acc9f80509cdf4a58ca508b086f79dfa71529b526bbd87feac
5977fa8ea52d584fe87cb70a27beb1fc610dd953b988fd27159195cfe9a06e2a
59d5152b5cc36484345d5030139f42726c7b9e533bc5ec15ce8c21dfeb9fcd2c
59ede1d7ddbba706136d62dc2577ada976015f2a0c5520143c31ec4967f63af6
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5ae46e7d4cede0d4a7f1612768008668b0cfb2e6d17a8d63e2d9f2cf34b80bbd
5b29f10d6e7c79c2f7f11b0abe16a4fb45e29673dababd29a0313d72aeaa90b5
5b32009d78e3905b5795e394e00cb3fb5afbb912622323c581bbb856dfb560d5
5b624864fd63d3b6324cbfe4e72fc7f2bd17a3abada38fe16f1a46e78f0d3eb1
5d962165bf404b1e8e70127b6975399727f671fdd7e90ed8c1b5f12a6c768e12
5dc05f9d5b2fa276fdfb735dd0c9b8cc3899bd4642bedda59615a908f374c982
5dcb21a8683035807bbaaa32c7d4d771dd884d148ca5db8ea2746310784b5afa
5de6e83c84280798e52931aae72c3e30c0afc4dfc385b5e9352a67846096abc5
5e939f7f2ddb20f90b0d03ff858ab310c3573e20abf16dd1f62609d0c06f9789
5f0d0dc37da096042a77e53ce42fdcc6152a6e606f453ab038cedd7dc088ddb5
60402023b661bea571a650b514c4e3c1c9de527892fef7b3cbc81e2b140d5499
608661a180f2b843b19611a5fd02f50276ee47440c0c92fbd35789b23adfefcd
61ad03c22ca146cc520c4e7a31f690f8a119ec65127b61697a146c6fa36a4c06
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c34b945902ab85a4d8134bcbef2309558cef9b344777023e3acfac754ad430
628492e9ee5248b3ae1bd504a7d60227a2e7a09b953b858784044d7d28844489
63440413f9b013a54631b329d428a96694a8e82c1c67a5f924e29ade9ffc45e0
64a3d735b9af4456b3406c752981e19ac84d52cb4a20bab9aa41eafde8939e66
653902be0c3768e8eefde7e5bdf127885e69393ae0dd91f7266088c93a15798e
653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479
65910d9ad85211ab3195d9d6947901ca337e779f404344bc7209b5809d70e18c
6624cfdb330a4273c33b550e5ae7440a7ef259e3c074b7b89bd27739bddfeb75
68a58bd4fde5255ffc0cca0ec5726e8062279fefdae5d97a584f354872c9b39b
6a035e3712811e13925d335bc1c58c48667150448006add786f24d14c8002964
6ac02891b27823988aa0fb9191d5b2ab916dd49cce09ca4ee8bbad196474bcbf
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e8060b67a9bc601a234fad07a2ffdf1ba56bab8d4fe01fcdece885bce46f0aa
706eff92aac2e99f9d483c82182dcb83456e8ec6712cd801aab3e72546b12e8f
70e55e1491cf289e12baf4a42cb0bf12d296fef7bc18f975b7e7b3b6860c4c80
7181c93962530c41049c3aff9c3a0f4b0d03685ec63d22a39e3461e5628c09af
71a9213f3bd7637037c40991e7012b97d6d69084c77e947b5c9dc0c15a0e980e
732e093b7af9eb20bbae0d854548911684db64a17d4b69f0e31b81a928adb359
734403944e03e15bb0153ebf848c55f61d540effdcf81c3a3bfffaf6a6b90f5e
743b4f16b44469f295fc49a34f43206275fc582805041c359dd7c75d838781e0
753c0217daba8e42bd03b3103f7e8a02d43b376b3f7a24a6c14b336c1aaa8cd6
7624419173656410510be4b81b2c7a251c497e90bab901c59dca25cbb7acba40
76be95cf10e2dc894e3960e5a50d616b9fd9b3a874fc0cfba65d43c3b94e83dd
775a02c37772954d38fe41b802b94a0ee37dccb98a03827cdef3eddd2abc13d1
77680b788b7094c07a6ced1363f0c5fa75447e82d55575c043352b92b2ff6d7e
79302ecdde9b40e0e7a2cfa8073f5f40ec6ca93e53848805c39570adb916cc8c
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7a65f39e0a424d169ce7466d7d39b651328191bfab375d57ff37b0f603fcd329
7c9996503dc034049902e13428f941abc818f75a6257878a261acc3b2206dc61
7cca3bfd3c150a4f69e6a2fddb6699f1ffd274436c93a35184674ed16f08550e
7cccc9aea3ac94c0b6d6f2321aa049fa916273d17d4735ec196c55ddaf8516fa
7cd06ebcc99017e3dac76cf98fb6bb6e987be09d24173d6dd9859852e88f82b7
7d2cdcfb9a06ae6226f06b3cb14c4a53fa0f94ec5048dfb469d6834f6fb4e124
7e545a7e4d7f69a26daa026799b6ab7caea7cfe6aa822b0038f63c14a5f69cf1
7ee4ef45ec190a70a56f43b8a5bc3697c28eba81a9b6f6baef83b08741d32ba3
7ee7784d217b273bd847dcc83ca3451f76f63cc1b619805dbdb297197bb44eb8
7f2e03bf800e4297ceb63600c207a9595883640324446f7d65c1f7c419acc08d
7f3f9aa1f474e91c3a9123ed1c6a5330ac9793ed3bbf583b94a731dd3dfe9403
7f5f7101bfd48378049f22dfcafa3247adf8f2611602f7ba99307d6f536c4625
7fa1f9f9ed93b91c557280c03c4d670c755206ec53071a069454643fbe8a0ce9
80534a6e1ec41d37acec8be383f8d1112dbbeea31dd51ead47463095c13bff3a
80cc4917db805a57cc96ed5737ce15528bac22b38653c3b6b2454740a260b7aa
8292e076c85520d9770a2739a10f142c0471931cf0107d528626fa9bc998a0d4
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
83ba999d199db8be6582ac081da2eb0c2a05396b92fc35333e12437026a2a621
8410d3b0967b358ea8a5674c454166c57643e79e398fddfd24d16dfea2a5cde5
84e5902420c80249fae4e0c136ae1c78b9f977210e528d676a0cbd1f276a12e3
861cae0f0baa045f169177b9b6dc775cf1ddf7d64bd6fa7b71714d2e5090cc26
86224186f3264331472cc1d6e7e018baaa23e9b9f26eace14d0f1b7892a92ad6
874f243a9f1e59b8b2de69554fd07e91828c2708457b3eaf47cc2569dcd88829
880f96a0b1f6eb62e94842f79f2248bbda2c453c885d319a03a1892f3014964f
8a68f733a4c556d63f4075e483fa51939f0a6de4675336226c1a15077ee92c71
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b4e0ca646d88b976feb9c46bcce7b34dd09601d7ba1bebfb787bc08a009f487
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8c3d3c6c0c12b0ebe7d355c3d337e9b5f2115bbfeb99fce7804e391a006cde54
8f4fc0f336126492b535be2e0b29fbb538a3079547d19a81368aec9268a54f26
906917064249257d133929d88cd256cc0f0a85bfebea2ffe13ee28e749dc2230
92b19b5113efbbaf8335fe55e8aff7d74a625a2964ff63f55593100e30bd3a0b
92f1c3973f0fdeed0f764028a1415b11372c3ce61d8c08bdcebde53d66f93cff
94fdf04fbbad0d95dfa380f9e6358f4def5f731c55a81138566dd33353c4ac52
9578fa3dafa5207b612a55bb0d512c53f9c50299a402e53ac7da33fb2cc3f8b6
96498a12a2e2f062be8ad2251c561bfa2d103f80923a4ea0af82d707c5239089
9755be0c168d11892adcf65aaa09cd3c671a262d4512e393bf542730a6a38aa8
97e76d358eb3575e3ebaf7b919a5d0fb801ac267df002882a4ee90fddfb2f9d4
98b3ff3a8543eaee1f9946fde06f31cd9bb98f9e57cd431e0234db57c221334e
99f43e50f4179af4ebf4c93668866d5a5607914fa0a5daa087354c3159d3fa03
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ab6ba1e7e051b464b2a5855abc359ba0f4cde98edc2335e2648bbfe5a35cf38
9ba1174a28296695cc50db5e309f744d41bba56627cae80e7ee902c6ee039053
9c7f084bb47763e7b83c776d449461b57fcf5752688e5d95cca6cceac065cd9c
9f16f0898b02a9df6ac2f9888ed88b4f63976e512e9fac22c8d468cf6877b605
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a24b94f31d9fee028cfd9fc7e810b25145d052efabcbc3514f31b263f9b9b2a3
a30b024d5187d1fb390f7b3bc8cf3275fda92755fe0cbdc078f3bdff49ab4d55
a447e4b58ea0e7ecbd3515b5c257ad5bbff7895db37360eb3d112f22beeef3a1
a49e862fdeb4e76d59f5eff667f0f01593a32289abe3fc8fb4bf31c9b019cf7e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8278a6160501fc10d91a073cd3f18200c0857917f0d7e1d311a8361d43b162a
a84d93033cfb20c017fcdb465504883f68f8cddef078b205b04b0cd73f0d8405
a98e69e4aaca2377e1a05293450aa29c8145d6aee9f17a858e0f59bac6404dad
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd
aca4ff92368d1e601edc0cb3590be251d5af55460e57f9a61b3d8caffcd27f17
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ae553d558315fb605a472046446fd459982aa95dc7ad57bd26e8b230a8799596
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b09ee6851a73c9478432b5c40896cee45d41ec6e384488e0491651a076e759ae
b0afbac9c98a9d3327cb1bedf4d61133e77602b09a96e46283d7ee6ca83c9f30
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b40c12b01d7dd928361aad83fb76e10878527f3b048cd0a4a4aff3ec8b85d9fc
b708635fbfc8d797c342a9b4400924ca767cba109a8ab50abfbb09aaf5681f71
b884d92a693c2e1689e630dad72d23cb3775d4d9abc1c591f0a9439fa4b0d24f
bb358e3245da3678f0e2aa63162f53c18a3632750e90a1893def80a66583d527
bcc42132f8a104e64c80a5fbea67a3552d70d0d225ad023f19a92b9b693cffea
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c0f68a9595fd8ff81f5a765be4da5aa5ce13cbbb8d5f40e25a270bd86978c35b
c12714fe1fba7f07ba74c777c318e90b4ef7b54c28207d35b36ce0fc87cc0957
c27a0f2694d067e38175c95eb364a7c565fc1d326930a14272f4ff9ff698a20a
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c532e077e9fcf9ff946507e700b8eba673a9ebc61b0d5a75eca0555e6621d2ef
c60ab75be523fbf7e9a4ca0f6012921d7c3f61a6e3b85ee284e597d471c461ed
c6f6d25594bb36ece49a086f833453906f388a3aec9a2e8568ba183807fc390b
c73a5e3fa6d80c8610bcae425939c44b9ee786706413cc864019211f944df9e4
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8a7ea184c79a6f61c400968314d03aae7c327f03efc03603f6a3cbada7bfb9a
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9b7800670c365338dd378c329ce796686c67ada423bb56461e1d60a66c2ad68
ca92b873e5adfa0ee82541e1ac86a5c5e40d0867bbfb85551a0b69e0dd199aba
cb193b3c2f1dfcceb57b746e5efb6e333a443f1faaf692e3c0d4c0d1c98e6aba
cdc46119f82b8cc0c4fa0ad51203da3154d0aee0e887aaf26a46988e5f359070
ce0920f0283bfe19cf6fb57b0b6882fc4888e615cdd245905746feaf2d3fb125
ce4a43fb7c3dc8758414c539bb65c273e18bc965174a7192ab70ae882fc551bc
ce8368e5b8e9f2f066acc6284578c00021aea742c4c7c7ec2836c232a5f8b1f8
cf0bea09a1804cee4bc3effc8b920594928f674754be42ad17692ea6fe45cbbe
cf5477f7c95dbc72d95dc48406365be84b2c1a2e3d6298d83e39d829e13e770b
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d297edda9cc0ac8d1ea9ae162e30430673ac07b4d8a536051b27ab2d96037c27
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
d5763082f22f1b266ad9526c5ef3f30390b24e5848be77bbfa386c277b14d98a
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d84628fdcbd80df1ec891a2d39af7837c748eaa2d7369fedd3e39cb902b04573
db32f49acd2a4475497b35146476dbb4088170567de999e9c1d6875d884be376
db874201ae76f49c827617b4216afb6d7ecf663afc30ece8033e19ef181e3ea4
dba21b69260b204a0ea685b1388df50b9c490e8db990610b08499aef93a72f39
dd4b2828f30ac53b8db4f77db8dede34f9605436d286f254c88f34dfbf0de1cf
de73f9fa9a2c6f1d2f2142fce9a5d427bc430e2fd280cba8d5049b86aadbb6ac
de9675c824d446ca7217ce6cb4b588285c47953a6f38d3cc265a9896fbaa026e
ded6a344cab6b04f35d5974166b765ea329aa309368373d916658c000e2e1cef
df0d77bff49f6ce8fcedd36c2bac801d98c148546ba6faaaaa25302a7f862faf
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
dfde5485c4fc9e9acca625d86fbeb240c9bd3ab78a395721aae49aa97b091c93
e0ac22294a879393741a8b64c7fca06ee5f5bc7f65c62ae06d7924080376249c
e1d0287283928af07afff92aba4c963f5d0b86ee2ff05011d8846eaced1cde57
e35104ccba589e72a80a95a76778e92b7ef31c254e2fa4cad644e18d1f4b69a5
e35abf5f076db7c3505bef249dbe3d290aab4573ceb7df4bc06c3245c52d6f03
e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e534098b9b3641a9400bbdbda034131baaa1ee3ee61bf2faacb1f06fe98fecdb
e8962d65caa8b6f0dc72b61fbb38446161265efab5e41ca343cedfafd139a4e1
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e921680b363787cc6f8a38f1e9c47c7c61962501539df2b374fb3d356086d880
e9969ec6163fc467674443a6cd06f78cf8d664794d386558db417565e57423d3
e9be626283432b18e9f062d0956034a56920d78b80f8f7bd1838282b9a44052e
ed685cec29cdd76d6984eef3c3c7505e4d35062be9c22b8eef47d2d2d71b6281
ee93a9591c2ae5d76e3f175cc4ef925c44475c309c6b576a251a5f19e7f07bba
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa230a3973395419cb2746d720c89db14d28401636f48514642360656c172ce
efacee7759e431f77426efc9ff019bca09c1dd1e6af5d30643ac766874f85571
f1bad71a6245e0ac525b4e3680feaa079af3003beeaa8b431d88f81970735e9e
f34cbb4f65ff257c696d683b5ec9744d61fc9424d1341abb2c17e8d76c537770
f65300d3b75c15467cc0bbc95c87180bf1388ad0923711da99b360d8b24a1a2e
f74f09e9fd96d0445dcd5c4ebf50055bd5d782f5ad346174a7d4f389adca17c6
f896b65c94b5037b1d50dcc1a299373352e9858717372d5df2922619ad64c6d1
faee2c502fefa21e57d3ee2db23497df78a27354c19051d2361b8758e8747127
fb0a73227804ebe3e40397940dc84025062f49abac44fcb13ed6627220315a3e
fc64141dd909f5581ca240fb6a04936822138a5a291a617e2c3e90287be0107d
fcca252159d74430145c6cef609a621d0304484ee0dbc0861199b38c3d2c064e
fe4f915ffcb03078459bc08bceb07b6a3158278caa6f4a86c1a01aa229e05e7a
ffba6a19531714af6bc3fb4b4863676e4c916050f1c2b6c9836c50969795b282

mariopartylegacy.com Open in urlscan Pro 104.152.168.8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

380 Requests

86 %HTTPS

30 %IPv6

64 Domains

93 Subdomains

65 IPs

8 Countries

6348 kBTransfer

11858 kBSize

96 Cookies

5 Outgoing links

Page URL History

Redirected requests

380 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mariopartylegacy.com Open in urlscan Pro
104.152.168.8 Public Scan

Screenshot
Live screenshot

Full Image

380
Requests

86 %
HTTPS

30 %
IPv6

64
Domains

93
Subdomains

65
IPs

8
Countries

6348 kB
Transfer

11858 kB
Size

96
Cookies

380 HTTP transactions
5 data transactions