k99.com Open in urlscan Pro
93.184.220.223 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Submission: On February 14 via manual (February 14th 2023, 4:21:40 am UTC) from US — Scanned from GB

Summary HTTP 364 Redirects Links 57 Behaviour Indicators

Summary

This website contacted 90 IPs in 11 countries across 86 domains to perform 364 HTTP transactions. The main IP is 93.184.220.223, located in London, United Kingdom and belongs to EDGECAST, US. The main domain is k99.com. The Cisco Umbrella rank of the primary domain is 791295.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on September 30th 2022. Valid for: a year.

This is the only time k99.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	93.184.220.223 93.184.220.223	15133 (EDGECAST) (EDGECAST)
14	192.229.144.129 192.229.144.129	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:400d:80a::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:230... 2600:9000:2304:4200:0:b015:b300:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
5	172.64.151.162 172.64.151.162	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	192.229.233.218 192.229.233.218	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:400d:807::200e	15169 (GOOGLE) (GOOGLE)
1 1	2a03:2880:f21... 2a03:2880:f21c:81c4:face:b00c:0:43fe	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f22... 2a03:2880:f22d:e5:face:b00c:0:4420	32934 (FACEBOOK) (FACEBOOK)
2	2a04:4e42:41::84 2a04:4e42:41::84	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
3	18.66.23.213 18.66.23.213	16509 (AMAZON-02) (AMAZON-02)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
6	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
35	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
8	2a00:1450:400... 2a00:1450:400d:808::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:400d:80d::2002	15169 (GOOGLE) (GOOGLE)
2	34.95.69.49 34.95.69.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	99.86.4.3 99.86.4.3	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80d::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2.19.44.144 2.19.44.144	16625 (AKAMAI-AS) (AKAMAI-AS)
2	44.209.82.109 44.209.82.109	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.133.55 34.120.133.55	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	172.64.154.237 172.64.154.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	18.196.218.148 18.196.218.148	16509 (AMAZON-02) (AMAZON-02)
4	69.166.1.15 69.166.1.15	27630 (AS-XFERNET) (AS-XFERNET)
4	104.18.33.19 104.18.33.19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
8	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 5	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
5	34.252.119.156 34.252.119.156	16509 (AMAZON-02) (AMAZON-02)
4	185.64.190.77 185.64.190.77	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4	13.224.191.98 13.224.191.98	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	151.101.64.84 151.101.64.84	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
3	143.204.215.72 143.204.215.72	16509 (AMAZON-02) (AMAZON-02)
1	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2606:4700:20:... 2606:4700:20::ac43:4686	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2606:4700::68... 2606:4700::6812:17ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	99.86.4.94 99.86.4.94	16509 (AMAZON-02) (AMAZON-02)
2 2	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	18.197.80.115 18.197.80.115	16509 (AMAZON-02) (AMAZON-02)
6	2.18.36.193 2.18.36.193	16625 (AKAMAI-AS) (AKAMAI-AS)
4	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
6	23.64.52.128 23.64.52.128	16625 (AKAMAI-AS) (AKAMAI-AS)
4	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
2	18.235.165.126 18.235.165.126	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:80b::2010	15169 (GOOGLE) (GOOGLE)
1 5	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 4	37.157.6.241 37.157.6.241	198622 (ADFORM) (ADFORM)
1 1	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
23	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	213.155.156.164 213.155.156.164	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
2 4	52.95.125.22 52.95.125.22	16509 (AMAZON-02) (AMAZON-02)
8 10	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 2	141.94.170.64 141.94.170.64	16276 (OVH) (OVH)
2 2	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
5	52.48.166.87 52.48.166.87	16509 (AMAZON-02) (AMAZON-02)
2 2	35.201.96.126 35.201.96.126	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.64.190.87 185.64.190.87	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	3.64.174.171 3.64.174.171	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
2	2606:4700::68... 2606:4700::6812:106b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 9	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	2a05:d018:d29... 2a05:d018:d29:3601:d295:c4e8:8fc9:991a	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.182.161 209.54.182.161	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	198.47.127.20 198.47.127.20	() ()
1 2	2a02:2638::1c 2a02:2638::1c	() ()
1	2600:1901:0:8... 2600:1901:0:8344::	() ()
2	178.250.2.146 178.250.2.146	() ()
1	52.48.107.147 52.48.107.147	() ()
1 1	85.114.159.118 85.114.159.118	() ()
1 1	54.85.61.80 54.85.61.80	() ()
5 5	52.214.145.182 52.214.145.182	() ()
1 1	198.148.27.139 198.148.27.139	() ()
1 1	185.86.138.153 185.86.138.153	() ()
2 2	151.101.130.49 151.101.130.49	() ()
1 1	35.214.223.115 35.214.223.115	() ()
1	195.5.165.20 195.5.165.20	() ()
1 2	77.243.60.138 77.243.60.138	() ()
1	2606:4700:10:... 2606:4700:10::ac43:db6	() ()
1 2	52.7.44.10 52.7.44.10	() ()
2 2	34.111.129.221 34.111.129.221	() ()
1	34.111.131.239 34.111.131.239	() ()
5 5	3.126.56.137 3.126.56.137	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	() ()
1	98.98.134.243 98.98.134.243	() ()
3 3	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
1 1	159.65.196.12 159.65.196.12	() ()
8 8	213.19.147.45 213.19.147.45	() ()
2	23.88.86.2 23.88.86.2	() ()
2 4	2606:4700::68... 2606:4700::6812:19ad	() ()
2	35.186.193.173 35.186.193.173	() ()
2 2	141.94.161.190 141.94.161.190	() ()
2 2	141.94.171.216 141.94.171.216	() ()
2	72.251.241.206 72.251.241.206	() ()
2 2	52.220.229.2 52.220.229.2	() ()
2 2	34.102.253.54 34.102.253.54	() ()
9	141.226.228.48 141.226.228.48	() ()
6	2600:1f18:612... 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70	() ()
2 2	2.19.35.65 2.19.35.65	() ()
2	52.73.40.162 52.73.40.162	() ()
364	90

33 93.184.220.223 (London, United Kingdom)

ASN15133 (EDGECAST, US)

k99.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.229.144.129 (United States)

ASN15133 (EDGECAST, US)

townsquare.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:400d:80a::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2304:4200:0:b015:b300:21 (United States)

ASN16509 (AMAZON-02, US)

dbejeqv8nk3po.cloudfront.net.	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.64.151.162 (United States)

ASN13335 (CLOUDFLARENET, US)

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.229.233.218 (United States)

ASN15133 (EDGECAST, US)

cdn.production.townsquareblogs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:807::200e (Ireland)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f21c:81c4:face:b00c:0:43fe (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

platform.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f22d:e5:face:b00c:0:4420 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:41::84 (Vienna, Austria)

ASN54113 (FASTLY, US)

assets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.23.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-23-213.vie50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstatb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:400d:808::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.3 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-3.fra6.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.44.144 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-44-144.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.209.82.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-209-82-109.compute-1.amazonaws.com

prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.154.237 (United States)

ASN13335 (CLOUDFLARENET, US)

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.196.218.148 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-218-148.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.166.1.15 (United States)

ASN27630 (AS-XFERNET, US)

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.33.19 (None, )

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

townsquaremedia-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.244 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.252.119.156 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-119-156.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.77 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.191.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-191-98.fra2.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.84 (United States)

ASN54113 (FASTLY, US)

log.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.215.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-72.fra53.r.cloudfront.net

static.solutionshindsight.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.90 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:17ea (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

action.dstillery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
action.media6degrees.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-94.fra6.r.cloudfront.net

cdn.p-n.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:e:face:b00c:0:2 (Frankfurt am Main, Germany) 2 redirects

ASN32934 (FACEBOOK, US)

web.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.80.115 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-80-115.eu-central-1.compute.amazonaws.com

k.p-n.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.36.193 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-36-193.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.64.52.128 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-64-52-128.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.19.138.119 (France)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.165.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-165-126.compute-1.amazonaws.com

funes.solutionshindsight.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.78 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.241 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.164 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-164.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.95.125.22 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.34 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.94.170.64 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-7.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.254.47 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loada.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.48.166.87 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-166-87.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 126.96.201.35.bc.googleusercontent.com

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.87 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.204.74.118 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.64.174.171 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-174-171.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:106b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.165 (Frankfurt am Main, Germany) 6 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3601:d295:c4e8:8fc9:991a (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.182.161 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.20 (None, )

ASN- ()

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (None, ) 1 redirects

ASN- ()

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8344:: (None, )

ASN- ()

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (None, )

ASN- ()

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.107.147 (None, )

ASN- ()

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.85.61.80 (None, ) 1 redirects

ASN- ()

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.214.145.182 (None, ) 5 redirects

ASN- ()

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (None, ) 1 redirects

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.153 (None, ) 1 redirects

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.223.115 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (None, )

ASN- ()

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (None, ) 1 redirects

ASN- ()

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:db6 (None, )

ASN- ()

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.7.44.10 (None, ) 1 redirects

ASN- ()

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (None, ) 2 redirects

ASN- ()

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.131.239 (None, )

ASN- ()

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.56.137 (None, ) 5 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (None, )

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.243 (None, )

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:678:cb4:bbbb::11 (None, ) 3 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.196.12 (None, ) 1 redirects

ASN- ()

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 213.19.147.45 (None, ) 8 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.88.86.2 (None, )

ASN- ()

matching.truffle.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:19ad (None, ) 2 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (None, )

ASN- ()

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.94.161.190 (None, ) 2 redirects

ASN- ()

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.94.171.216 (None, ) 2 redirects

ASN- ()

pixel-eu.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.241.206 (None, )

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.220.229.2 (None, ) 2 redirects

ASN- ()

cm-supply-web.gammaplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.102.253.54 (None, ) 2 redirects

ASN- ()

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 141.226.228.48 (None, )

ASN- ()

am-match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-vid-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70 (None, )

ASN- ()

taboola-supply-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.35.65 (None, ) 2 redirects

ASN- ()

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.73.40.162 (None, )

ASN- ()

ioms.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1063 trc.taboola.com vidstat.taboola.com images.taboola.com imprammp.taboola.com am-match.taboola.com wf.taboola.com sync.taboola.com am-vid-events.taboola.com vidstatb.taboola.com pips.taboola.com cds.taboola.com Failed	879 KB
41	pubmatic.com 1 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 696 ads.pubmatic.com — Cisco Umbrella Rank: 704 image6.pubmatic.com — Cisco Umbrella Rank: 1001 simage2.pubmatic.com — Cisco Umbrella Rank: 962 image2.pubmatic.com — Cisco Umbrella Rank: 1431 aud.pubmatic.com — Cisco Umbrella Rank: 7611 simage4.pubmatic.com image4.pubmatic.com	108 KB
33	k99.com k99.com — Cisco Umbrella Rank: 791295	262 KB
26	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 93	22 KB
22	rubiconproject.com 8 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 677 eus.rubiconproject.com — Cisco Umbrella Rank: 786 token.rubiconproject.com — Cisco Umbrella Rank: 803 pixel.rubiconproject.com — Cisco Umbrella Rank: 442 secure-assets.rubiconproject.com	42 KB
22	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 255 stats.g.doubleclick.net — Cisco Umbrella Rank: 160 cm.g.doubleclick.net — Cisco Umbrella Rank: 308	292 KB
14	townsquare.media townsquare.media — Cisco Umbrella Rank: 35489	823 KB
13	amazon-adsystem.com 3 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 362 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 712 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1003 s.amazon-adsystem.com — Cisco Umbrella Rank: 373	57 KB
10	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 426	3 KB
8	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 303 secure.adnxs.com — Cisco Umbrella Rank: 673	22 KB
8	openx.net townsquaremedia-d.openx.net — Cisco Umbrella Rank: 65810 u.openx.net — Cisco Umbrella Rank: 953	1 KB
8	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 794 eb2.3lift.com — Cisco Umbrella Rank: 501 Failed	5 KB
8	gstatic.com fonts.gstatic.com	264 KB
7	yahoo.com 6 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 719 ups.analytics.yahoo.com	2 KB
7	google.com apis.google.com — Cisco Umbrella Rank: 217 region1.analytics.google.com — Cisco Umbrella Rank: 3399 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2231 www.google.com — Cisco Umbrella Rank: 18	112 KB
6	tremorhub.com taboola-supply-partners.tremorhub.com	1 KB
6	1rx.io 6 redirects sync.1rx.io	3 KB
6	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 1177 id.crwdcntrl.net	2 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1082 syndication.twitter.com — Cisco Umbrella Rank: 1438	150 KB
5	bidr.io 5 redirects match.prod.bidr.io	2 KB
5	criteo.com 1 redirects dis.criteo.com — Cisco Umbrella Rank: 912 gum.criteo.com mug.criteo.com	2 KB
5	solutionshindsight.net static.solutionshindsight.net — Cisco Umbrella Rank: 47512 funes.solutionshindsight.net — Cisco Umbrella Rank: 51748	30 KB
5	gumgum.com g2.gumgum.com — Cisco Umbrella Rank: 2330	5 KB
5	facebook.com 2 redirects www.facebook.com — Cisco Umbrella Rank: 98 web.facebook.com — Cisco Umbrella Rank: 131	31 KB
5	casalemedia.com as-sec.casalemedia.com — Cisco Umbrella Rank: 2369 htlb.casalemedia.com — Cisco Umbrella Rank: 741	2 KB
5	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 944	19 KB
4	tribalfusion.com 2 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
4	onaudience.com 4 redirects pixel.onaudience.com — Cisco Umbrella Rank: 3221 pixel-eu.onaudience.com	2 KB
4	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 917	2 KB
4	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 521	4 KB
4	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 660	272 KB
4	p-n.io cdn.p-n.io — Cisco Umbrella Rank: 6376 k.p-n.io — Cisco Umbrella Rank: 3937	52 KB
4	sonobi.com apex.go.sonobi.com — Cisco Umbrella Rank: 3073	3 KB
4	townsquareblogs.com cdn.production.townsquareblogs.com — Cisco Umbrella Rank: 69582	103 KB
3	turn.com 3 redirects ad.turn.com	1 KB
3	weborama.fr 2 redirects cr.frontend.weborama.fr idsync.frontend.weborama.fr	898 B
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 405	1 KB
3	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 1185	2 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 203	3 KB
3	pinterest.com assets.pinterest.com — Cisco Umbrella Rank: 2860 log.pinterest.com — Cisco Umbrella Rank: 4306	19 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 114 storage.googleapis.com — Cisco Umbrella Rank: 644	17 KB
2	bfmio.com ioms.bfmio.com	995 B
2	playground.xyz 2 redirects ads.playground.xyz	675 B
2	gammaplatform.com 2 redirects cm-supply-web.gammaplatform.com	1 KB
2	adgrx.com cm.adgrx.com	565 B
2	erne.co 2 redirects green.erne.co	824 B
2	ctnsnet.com ipac.ctnsnet.com	572 B
2	truffle.bid matching.truffle.bid
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	audrte.com 1 redirects a.audrte.com	1 KB
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	739 B
2	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 2007	97 KB
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 6690	751 B
2	fiftyt.com 2 redirects visitor.fiftyt.com — Cisco Umbrella Rank: 6783	1 KB
2	exelator.com 2 redirects loada.exelator.com — Cisco Umbrella Rank: 32804	2 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 6593	562 B
2	media6degrees.com action.media6degrees.com — Cisco Umbrella Rank: 7010	374 B
2	dstillery.com 2 redirects action.dstillery.com — Cisco Umbrella Rank: 7577	280 B
2	amazon.dev prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 1019	455 B
2	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 2654	515 B
2	clean.gg i.clean.gg — Cisco Umbrella Rank: 2217	104 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 189	87 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 109	141 KB
2	instagram.com 1 redirects platform.instagram.com — Cisco Umbrella Rank: 8912 www.instagram.com — Cisco Umbrella Rank: 1148	20 KB
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	555 B
1	sitescout.com pixel-sync.sitescout.com	191 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	zeotap.com mwzeom.zeotap.com	382 B
1	iprom.net core.iprom.net	280 B
1	loopme.me 1 redirects csync.loopme.me	226 B
1	smartadserver.com 1 redirects rtb-csync.smartadserver.com	792 B
1	contextweb.com 1 redirects bh.contextweb.com	673 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	638 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	524 B
1	33across.com lexicon.33across.com	244 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 765	674 B
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 1027	588 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 721	725 B
1	btloader.com btloader.com — Cisco Umbrella Rank: 1558	12 KB
1	teads.tv a.teads.tv — Cisco Umbrella Rank: 1611	4 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 132	49 KB
1	rlcdn.com api.rlcdn.com — Cisco Umbrella Rank: 1065	354 B
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1823	17 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 226	27 KB
1	net. dbejeqv8nk3po.cloudfront.net.	43 KB
364	86

	Domain	Requested by
33	k99.com	k99.com dbejeqv8nk3po.cloudfront.net.
26	www.google-analytics.com	k99.com www.google-analytics.com
16	simage2.pubmatic.com	ads.pubmatic.com
14	images.taboola.com
14	townsquare.media	k99.com dbejeqv8nk3po.cloudfront.net.
10	cm.g.doubleclick.net	8 redirects
10	match.adsrvr.org	js-sec.indexww.com ads.pubmatic.com imprammp.taboola.com am-match.taboola.com
8	fonts.gstatic.com	fonts.googleapis.com
8	cdn.taboola.com	k99.com dbejeqv8nk3po.cloudfront.net.
7	image2.pubmatic.com	ads.pubmatic.com
7	stats.g.doubleclick.net	k99.com www.google-analytics.com
6	taboola-supply-partners.tremorhub.com	imprammp.taboola.com am-match.taboola.com
6	sync.1rx.io	6 redirects
6	eus.rubiconproject.com	dbejeqv8nk3po.cloudfront.net. eus.rubiconproject.com am-match.taboola.com
6	ads.pubmatic.com	dbejeqv8nk3po.cloudfront.net. k99.com
5	ups.analytics.yahoo.com	5 redirects
5	match.prod.bidr.io	5 redirects
5	vidstat.taboola.com	dbejeqv8nk3po.cloudfront.net.
5	pixel.rubiconproject.com	2 redirects eus.rubiconproject.com
5	sync.crwdcntrl.net	ads.pubmatic.com
5	image6.pubmatic.com	1 redirects ads.pubmatic.com
5	g2.gumgum.com	cdn.production.townsquareblogs.com
5	ib.adnxs.com	1 redirects cdn.production.townsquareblogs.com
5	fastlane.rubiconproject.com	cdn.production.townsquareblogs.com
5	securepubads.g.doubleclick.net	www.googletagservices.com k99.com securepubads.g.doubleclick.net
5	js-sec.indexww.com	k99.com dbejeqv8nk3po.cloudfront.net.
4	sync.taboola.com	imprammp.taboola.com am-match.taboola.com
4	am-match.taboola.com	dbejeqv8nk3po.cloudfront.net.
4	token.rubiconproject.com	4 redirects
4	aax-eu.amazon-adsystem.com	2 redirects ads.pubmatic.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	id5-sync.com	ads.pubmatic.com
4	eb2.3lift.com	dbejeqv8nk3po.cloudfront.net.
4	u.openx.net	dbejeqv8nk3po.cloudfront.net.
4	static.xx.fbcdn.net	www.facebook.com
4	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
4	hbopenbid.pubmatic.com	cdn.production.townsquareblogs.com
4	townsquaremedia-d.openx.net	cdn.production.townsquareblogs.com
4	htlb.casalemedia.com	cdn.production.townsquareblogs.com
4	apex.go.sonobi.com	cdn.production.townsquareblogs.com
4	tlx.3lift.com	cdn.production.townsquareblogs.com
4	platform.twitter.com	k99.com dbejeqv8nk3po.cloudfront.net.
4	cdn.production.townsquareblogs.com	k99.com cdn.production.townsquareblogs.com
3	ad.turn.com	3 redirects
3	x.bidswitch.net	3 redirects
3	um.simpli.fi	2 redirects
3	secure.adnxs.com	2 redirects dbejeqv8nk3po.cloudfront.net.
3	static.solutionshindsight.net	dbejeqv8nk3po.cloudfront.net.
3	www.facebook.com	dbejeqv8nk3po.cloudfront.net.
3	fundingchoicesmessages.google.com	dbejeqv8nk3po.cloudfront.net.
3	sb.scorecardresearch.com	1 redirects dbejeqv8nk3po.cloudfront.net. k99.com
3	c.amazon-adsystem.com	k99.com c.amazon-adsystem.com
2	ioms.bfmio.com	vidstat.taboola.com
2	secure-assets.rubiconproject.com	2 redirects
2	wf.taboola.com	vidstat.taboola.com
2	imprammp.taboola.com	dbejeqv8nk3po.cloudfront.net.
2	ads.playground.xyz	2 redirects
2	cm-supply-web.gammaplatform.com	2 redirects
2	cm.adgrx.com	ads.pubmatic.com
2	pixel-eu.onaudience.com	2 redirects
2	green.erne.co	2 redirects
2	ipac.ctnsnet.com	ads.pubmatic.com
2	s.tribalfusion.com	ads.pubmatic.com
2	a.tribalfusion.com	2 redirects
2	matching.truffle.bid	ads.pubmatic.com
2	sync.targeting.unrulymedia.com	2 redirects
2	cr.frontend.weborama.fr	2 redirects
2	a.audrte.com	1 redirects
2	uipglob.semasio.net	1 redirects
2	sync-tm.everesttech.net	2 redirects
2	trc.taboola.com	cdn.taboola.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	s.amazon-adsystem.com	1 redirects
2	pr-bh.ybp.yahoo.com	1 redirects
2	cdn.confiant-integrations.net	k99.com
2	pool.admedo.com	2 redirects
2	visitor.fiftyt.com	2 redirects
2	loada.exelator.com	2 redirects
2	pixel.onaudience.com	2 redirects
2	d5p.de17a.com	2 redirects
2	funes.solutionshindsight.net	dbejeqv8nk3po.cloudfront.net.
2	k.p-n.io	dbejeqv8nk3po.cloudfront.net.
2	web.facebook.com	2 redirects
2	cdn.p-n.io	dbejeqv8nk3po.cloudfront.net.
2	action.media6degrees.com	k99.com
2	action.dstillery.com	2 redirects
2	prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	c.amazon-adsystem.com
2	www.google.co.uk	k99.com
2	region1.analytics.google.com	k99.com
2	syndication.twitter.com	platform.twitter.com k99.com
2	i.clean.gg	dbejeqv8nk3po.cloudfront.net.
2	connect.facebook.net	k99.com dbejeqv8nk3po.cloudfront.net.
2	www.googletagmanager.com	k99.com dbejeqv8nk3po.cloudfront.net.
2	assets.pinterest.com	k99.com assets.pinterest.com
2	fonts.googleapis.com	k99.com dbejeqv8nk3po.cloudfront.net.
1	pips.taboola.com	cdn.taboola.com
1	vidstatb.taboola.com
1	am-vid-events.taboola.com
1	match.adsby.bidtheatre.com	1 redirects
1	pixel-sync.sitescout.com
1	pubmatic-match.dotomi.com
1	image4.pubmatic.com
1	idsync.frontend.weborama.fr
1	mwzeom.zeotap.com
1	core.iprom.net	ads.pubmatic.com
1	csync.loopme.me	1 redirects
1	rtb-csync.smartadserver.com	1 redirects
1	bh.contextweb.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	id.crwdcntrl.net	ads.pubmatic.com
1	lexicon.33across.com	ads.pubmatic.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	px.ads.linkedin.com
1	aud.pubmatic.com
1	cms.quantserve.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	sync.mathtag.com	1 redirects
1	storage.googleapis.com	k99.com
1	btloader.com	dbejeqv8nk3po.cloudfront.net.
1	a.teads.tv	dbejeqv8nk3po.cloudfront.net.
1	www.google.com	k99.com
1	log.pinterest.com	k99.com
1	pagead2.googlesyndication.com	dbejeqv8nk3po.cloudfront.net.
1	as-sec.casalemedia.com	js-sec.indexww.com
1	api.rlcdn.com	js-sec.indexww.com ads.pubmatic.com
1	secure.cdn.fastclick.net	dbejeqv8nk3po.cloudfront.net.
1	www.instagram.com	k99.com
1	platform.instagram.com	1 redirects
1	apis.google.com	k99.com
1	www.googletagservices.com	k99.com
1	dbejeqv8nk3po.cloudfront.net.	k99.com
0	cds.taboola.com Failed	cdn.taboola.com
364	134

This site contains links to these domains. Also see Links.

Domain
music.apple.com
www.facebook.com
twitter.com
www.instagram.com
www.uscourts.gov
bbbfoundation.images.worldnow.com
stacker.com
www.usatoday.com
www.give.org
www.bbb.org
www.fcc.gov
www.consumer.ftc.gov
www.lifelock.com
www.wowt.com
www.theglobeandmail.com
www.cbc.ca
www.apartmentlist.com
www.grants.gov
www.cnn.com
consumer.ftc.gov
nj1015.com
999thepoint.com
publicfiles.fcc.gov
www.townsquaremedia.com

Subject Issuer	Validity	Valid
www1.townsquaremedia.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-30` - `2023-10-23`	a year	crt.sh
www6.townsquaremedia.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-10-06` - `2023-10-05`	a year	crt.sh
www8.townsquaremedia.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-09` - `2023-10-30`	10 months	crt.sh
*.apis.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-28` - `2023-08-08`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-23` - `2023-02-21`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
i.clean.gg GTS CA 1D4	`2023-01-28` - `2023-04-28`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-12-30` - `2024-01-28`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-01` - `2023-10-01`	a year	crt.sh
www.google.co.uk GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
secure.cdn.fastclick.net DigiCert TLS RSA SHA256 2020 CA1	`2022-12-02` - `2023-12-02`	a year	crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev Amazon RSA 2048 M02	`2022-12-27` - `2024-01-25`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M01	`2023-02-10` - `2023-06-11`	4 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2022-12-06` - `2024-01-07`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
gumgum.com Amazon	`2022-09-06` - `2023-10-05`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
solutionshindsight.net Amazon	`2022-12-21` - `2024-01-19`	a year	crt.sh
teads.tv R3	`2023-01-20` - `2023-04-20`	3 months	crt.sh
pushlycdn.com Amazon	`2023-01-15` - `2024-02-13`	a year	crt.sh
*.p-n.io Amazon RSA 2048 M01	`2023-02-10` - `2024-01-21`	a year	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
storage.googleapis.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-03-31`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-01-27` - `2024-01-27`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.confiant-integrations.net GTS CA 1P5	`2023-01-27` - `2023-04-27`	3 months	crt.sh
lexicon.33across.com GTS CA 1D4	`2022-12-21` - `2023-03-21`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.iprom.net R3	`2022-12-05` - `2023-03-05`	3 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-05-03`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
truffle.bid R3	`2022-12-21` - `2023-03-21`	3 months	crt.sh
*.ctnsnet.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-04` - `2023-11-06`	10 months	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-01` - `2023-03-28`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.bfmio.com Amazon	`2022-04-16` - `2023-05-15`	a year	crt.sh

This page contains 61 frames:

Primary Page: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Frame ID: 4CF3E53A63D6B430AAC353D7D2EF0E84
Requests: 222 HTTP requests in this frame

Frame: https://cdn.production.townsquareblogs.com/aleph/
Frame ID: EB0585B17BFB8F005878F71907490486
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fk99.com
Frame ID: 2377584C23810CC655C75C584176FDCF
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/follow_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 71DA553A04C587A0323F73F19D3B89CD
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FK99Colorado&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&width=47px&_rdc=1&_rdr
Frame ID: C7336CA110DF9FC6CB838BC7B5291039
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 1B88DD87075BFCE6F5B1BBF20B86F1EC
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: BC1419CF407352FBBF8A46AA6D6517B5
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 72A9EA6E785C70E7BF367D6B290E3347
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Frame ID: DF7032385EDE2B0158DD18044F29661F
Requests: 12 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 1CA928CB6787E1780E16EB5C5BD85A4F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Frame ID: 8FC28D83CDDE4E4FC2C39C797537E607
Requests: 12 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 55B54BA6D7506F09211797319FF74B8E
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: C1D7D2F5F8CA5C851649EF9679A05129
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 0305CFBDEC5D5B95AFF5C9C5FD0224F0
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: CA28156903B9383248ED4FD148F51359
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 2FA1AB02C401F928CFA40B17741608C5
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: C744DEC125F4BDA164171758F8D79F15
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 4E03E48AE98D606015ACE99A20F83DBB
Requests: 10 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 33C2CCEAA30E5CFF9EC98D0DBC3E181B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Frame ID: 0437B5C7FEFECB6FF6095C15E83C6B68
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Frame ID: CC46809391C99E3FA76ABABBED05BDF3
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: F2ED715358A27B66172DE27EA8F9E840
Requests: 16 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 3BC61ED7774C79AA21907D5BA7333124
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=
Frame ID: F43DF7861229F5033912FE02669B3D61
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&gdpr=0&gdpr_consent=
Frame ID: 54664E61BC12AE9348F9CBC3F4A26D1A
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4567604272942700702
Frame ID: B533B87EB8ACBD79F398B2BC9532B6DE
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 41CAEB139401C005DE8CF5B1C575DD11
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI
Frame ID: C551AB68ED901048CF43BA7630F5D859
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: 2AA479EBAEA013F7D871AD9E280FC5CA
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5686683875299866847&gdpr=0&gdpr_consent=
Frame ID: A3FDD9B38E1AD0110F09E4D7C36299DE
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=51&href=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&_rdc=1&_rdr
Frame ID: A845497B7787A35AABBAE5EDEEAF6106
Requests: 3 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7199861975615142028&gdpr=0&gdpr_consent=
Frame ID: 541B6A098B5CE63B2B80AF2826A47A59
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=xbZUJsFNRbB9eJ9xtOsh5tmKxGM&gdpr=0&gdpr_consent=
Frame ID: 0C43A3D82B17C80F310F4C8640924A3F
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJZ_E7H1hkAACDF2D4c6A&gdpr=0&gdpr_consent=
Frame ID: 5C6BB97854DB492CD2DF5DD895D85021
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y_sMUgAG8g1NIAAF&gdpr=1&gdpr_consent=&_test=Y_sMUgAG8g1NIAAF
Frame ID: BA53253772667983FABB46CB3A2F30EC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: F3AFD5C04518D3F4CB5F15EC425E4CC8
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: 034A4955C7879E18A4A29DE9D30D24C0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003
Frame ID: 138185EFFABE4B3B3FC5E6F79242B6A3
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: 3B077E88A25791CFE300F848DEA69ED8
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: EC639D5C6FF9C1B3B084B9EDED9B80F3
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: 35DB58E38AC289C92D2BF6CD3396CCE7
Requests: 1 HTTP requests in this frame

Frame: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D
Frame ID: 844935E74353E8AC32360DFB05DCC3FA
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 47FC54E6B1790719FB321DAE8A464315
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=pqze2d14te4p
Frame ID: 519B2AC1B9D6D04B4E54F4420AA4EA6E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=
Frame ID: 66DDFE68BA186B9DFB862E7285199CC0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003
Frame ID: 6A4CB988AD5F53321CA658E00C749005
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: 58B722EFBF8FFA0CC19B90C5A414B927
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 6E7F473F9895EF8F9AACAAD9146C04DF
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: EB0198BF37F2A6F8CFD650FC347CB796
Requests: 1 HTTP requests in this frame

Frame: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D
Frame ID: A092E559075F1269D2A150C5950AC9D4
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: AE798A2A798172CD9EAE7FD2AD2EFAFD
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qm92zfvbwzq
Frame ID: 2CD7D50FEADE8913E4FA13C3D41869B0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=
Frame ID: 0561D5A4D3FE6AC1188D8E71FE325B48
Requests: 1 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&cmcv=&pix=undefined&cb=1676348498417&uv=3253&tms=1676348498417&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=974bd704-47fe-4b87-8f7f-59eb16dd1dc1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: 8F92B645DD47EAC99275DC516C9408DB
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: 994E43C4499282C7B7C10F6CA6FD0178
Requests: 4 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&cmcv=&pix=undefined&cb=1676348498434&uv=3253&tms=1676348498434&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=0a9fd51d-79e8-47c1-9a51-579faa5f1ef4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: FF2F392BD4C44ABDBCD24D7A04DC6EC1
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: A2A002FD85D17F5927CBCF55A4584F09
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Frame ID: DACE061F087192B5D0595F882AAC8641
Requests: 3 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: 3EEE4AFD79492185424A80ABCB4E1955
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: DE90EEA9F4CBEF7639AEA88E64014301
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Frame ID: DBA2DF8D6D7F005DCB9B8BF4E130FDAB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Warning: This Colorado Email Scam Going Around. Don't Fall For It

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/platform\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Pinterest (Widgets) Expand

Overall confidence: 100%
Detected patterns

//assets\.pinterest\.com/js/pinit\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

364
Requests

90 %
HTTPS

31 %
IPv6

86
Domains

134
Subdomains

90
IPs

11
Countries

4149 kB
Transfer

12424 kB
Size

91
Cookies

57 Outgoing links

These are links going to different origins than the main page.

URL: https://music.apple.com/us/album/drunk-and-i-dont-wanna-go-home/1553937690?i=1553937695&uo=4
Title: Elle King And Miranda Lambert

Search URL Search Domain Scan URL

URL: https://music.apple.com/us/album/free-and-easy-down-the-road-i-go/1440839133?i=1440839400&uo=4
Title: Dierks Bentley

Search URL Search Domain Scan URL

URL: https://music.apple.com/us/album/handle-on-you/1636765212?i=1636765667&uo=4
Title: Parker Mccollum

Search URL Search Domain Scan URL

URL: https://music.apple.com/us/album/wasted-time/1440845766?i=1440846080&uo=4
Title: Keith Urban

Search URL Search Domain Scan URL

URL: https://music.apple.com/us/album/wild-as-her/1629738322?i=1629738611&uo=4
Title: Corey Kent

Search URL Search Domain Scan URL

URL: https://www.facebook.com/K99Colorado
Title: Visit us on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/k99colorado
Title: Visit us on Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/k99colorado
Title: Visit us on Instagram

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=http%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%3Ftrackback%3Dfbshare_mobile
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/intent/tweet?text=Warning%3A%20This%20Email%20Scam%20Is%20Going%20Around%20Colorado.%20Please%20Don%E2%80%99t%20Fall%20For%20It%20http%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%3Ftrackback%3Dtwitter_mobile%20%40k99colorado
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.uscourts.gov/news/2014/01/13/public-alert-scam-emails-about-phony-court-cases-carry-computer-virus
Title: uscourts.gov

Search URL Search Domain Scan URL

URL: https://bbbfoundation.images.worldnow.com/library/259c7333-0fb3-4bc0-a059-4b116594c473.pdf
Title: BBB Scam Tracker Annual Risk Report

Search URL Search Domain Scan URL

URL: https://stacker.com/
Title: Stacker

Search URL Search Domain Scan URL

URL: https://www.usatoday.com/story/news/nation/2018/12/25/gofundme-gives-400-000-refunds-alleged-homeless-vet-scam/2411744002/
Title: created a GoFundMe page

Search URL Search Domain Scan URL

URL: https://www.give.org/
Title: BBB Wise Giving Alliance

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/tips/13995-bbb-tip-tax-collection-scams
Title: Tax scams

Search URL Search Domain Scan URL

URL: https://www.fcc.gov/covid-scams
Title: COVID-19-related scams

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16916-bbb-tip-healthcare-scams
Title: Health care scams

Search URL Search Domain Scan URL

URL: https://www.consumer.ftc.gov/articles/0259-robocalls
Title: robocalls

Search URL Search Domain Scan URL

URL: https://stacker.com/stories/20519/15-cars-have-depreciated-most-2021
Title: 15 cars that depreciated the most last year

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16917-bbb-tip-moving-scams
Title: finding out you've been scammed

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16918-bbb-tip-emergency-scams
Title: Family/friend emergency scams

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16907-bbb-tip-utility-imposter-scam
Title: Utility scams

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16915-bbb-tip-foreign-money-exchange-scams
Title: Foreign money exchange

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16909-bbb-tip-credit-card-scams
Title: Credit card scams

Search URL Search Domain Scan URL

URL: https://stacker.com/stories/3923/states-where-food-stamps-are-used-most
Title: States where food stamps are used the most

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/13249-bbb-tip-phony-debt-collection
Title: debt-collection scams

Search URL Search Domain Scan URL

URL: https://www.lifelock.com/learn-identity-theft-resources-how-common-is-identity-theft.html
Title: 16.7 million individuals

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16951-bbb-tip-identity-theft
Title: can be hard to uncover

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16923-bbb-tip-sweepstakes-lottery-and-prize-scams
Title: contest, sweepstakes, or lottery

Search URL Search Domain Scan URL

URL: https://www.wowt.com/content/news/Victims-left-with-nothing-after-lottery-scammers-strike-504407601.html
Title: avoid falling prey

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16910-bbb-tip-counterfeit-product-scams
Title: counterfeit product scam

Search URL Search Domain Scan URL

URL: https://www.theglobeandmail.com/report-on-business/small-business/sb-growth/my-christmas-goose-dont-get-scammed-like-i-did/article16088567/
Title: through reputable sites

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/17012-bbb-tip-romance-scams
Title: Romance scams

Search URL Search Domain Scan URL

URL: https://www.cbc.ca/news/canada/toronto/senior-wires-life-savings-through-td-bank-in-romance-scam-1.4980649
Title: make their move

Search URL Search Domain Scan URL

URL: https://stacker.com/stories/5544/iconic-car-debuts-year-you-were-born
Title: Iconic car debuts from the year you were born

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16908-bbb-tip-rental-scam
Title: Scammers prey on these situations,

Search URL Search Domain Scan URL

URL: https://www.apartmentlist.com/rentonomics/how-common-is-rental-fraud-scams/
Title: reported that 43.1% of renters

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/scams/21384-appendix-a-glossary-of-scam-type-definitions
Title: Phishing scams

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16913-bbb-tip-travel-and-vacation-scams
Title: travel and vacation scams

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16553-bbb-tip-tech-support-scams
Title: tech support scams

Search URL Search Domain Scan URL

URL: https://stacker.com/stories/3041/50-most-popular-chain-restaurants-america
Title: 50 most popular chain restaurants in America

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16920-bbb-tip-government-grant-scam
Title: government grant scam over

Search URL Search Domain Scan URL

URL: https://www.grants.gov/
Title: only official list

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16919-bbb-tip-advance-fee-loan-scams
Title: advance fee loan scams

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/scams/14042-bbb-tip-fake-check-scams
Title: Fake check and money order scams

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16921-bbb-tip-investment-scams
Title: scams are the best example

Search URL Search Domain Scan URL

URL: https://www.cnn.com/2013/03/11/us/bernard-madoff-fast-facts/index.html
Title: Bernard L. Madoff Investment Securities

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16924-bbb-tip-home-improvement-scams
Title: home improvement scam

Search URL Search Domain Scan URL

URL: https://stacker.com/stories/37562/marijuana-violations-have-taken-over-10000-truck-drivers-road-year-adding-more-supply
Title: Marijuana violations are taking truck drivers off the road, adding more supply chain disruptions

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/tips/12261-bbb-tip-employment-scams
Title: Employment scams

Search URL Search Domain Scan URL

URL: https://consumer.ftc.gov/articles/what-know-about-cryptocurrency-and-scams#scams
Title: FTC

Search URL Search Domain Scan URL

URL: https://www.bbb.org/article/news-releases/16925-bbb-tip-online-purchase-scams
Title: Online purchase scams

Search URL Search Domain Scan URL

URL: https://nj1015.com/author/mikebrant/
Title: Mike Brant

Search URL Search Domain Scan URL

URL: https://999thepoint.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Search URL Search Domain Scan URL

URL: https://publicfiles.fcc.gov/fm-profile/KUAD-FM
Title: Public File

Search URL Search Domain Scan URL

URL: https://www.townsquaremedia.com/
Title: , Townsquare Media, Inc

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://platform.instagram.com/en_US/embeds.js HTTP 301
https://www.instagram.com/embed.js

Request Chain 52

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1676348491174&ns_c=UTF-8&c7=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&c8=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1676348491174&ns_c=UTF-8&c7=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&c8=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&c9=

Request Chain 170

https://action.dstillery.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=KUADFM&ncv=24 HTTP 302
https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=KUADFM&ncv=24

Request Chain 171

https://action.dstillery.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=all_tsm_sv&ncv=24 HTTP 302
https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=all_tsm_sv&ncv=24

Request Chain 177

https://web.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FK99Colorado&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&width=47px HTTP 302
https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FK99Colorado&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&width=47px&_rdc=1&_rdr

Request Chain 213

https://c1.adform.net/serving/cookie/match?party=14&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=

Request Chain 214

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&gdpr=0&gdpr_consent=

Request Chain 215

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4567604272942700702

Request Chain 217

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI

Request Chain 218

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 219

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5686683875299866847&gdpr=0&gdpr_consent=

Request Chain 220

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qsPglj01Qdq7eunk6yHXwQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qsPglj01Qdq7eunk6yHXwQ%3D%3D&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 221

https://pixel.onaudience.com/?partner=214&mapped=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent= HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0 HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1 HTTP 302
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=a19efcd71d16a17380b80070952ec82e&gdpr=0 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=34e16849e5e3e587/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D

Request Chain 222

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&addseg=11,34,40

Request Chain 223

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUFDM0UwOTYtM0QzNS00MURBLUJCN0EtRTlFNEVCMjFEN0Mx&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUFDM0UwOTYtM0QzNS00MURBLUJCN0EtRTlFNEVCMjFEN0Mx&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 224

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEALEztouxHUxjaHYwWtE1oQ&google_cver=1

Request Chain 226

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3776810609572782859

Request Chain 228

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=93a2652c-2fdf-49cc-a207-eea8ed811ccd HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=93a2652c-2fdf-49cc-a207-eea8ed811ccd HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=6d8f80cc-f108-4b17-9d3f-f4186fabd0e3&user_group=1&ssp=pubmatic&bsw_param=93a2652c-2fdf-49cc-a207-eea8ed811ccd HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a2652c-2fdf-49cc-a207-eea8ed811ccd&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 234

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/Ulquadnz6k7WMkDA9nFuR8n5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-JfUJBM5E2oKbvwwBmYHqo4hwTwvk6NuPXAISTQ--~A

Request Chain 235

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjM2YTFhMDRiZGMyOWY3NzFkZTEyZTdkMTE0NmM4OGZmNmE0OGFkZQ

Request Chain 236

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=238ATgEeRe6FEgqQ0MYw8w&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=238ATgEeRe6FEgqQ0MYw8w

Request Chain 237

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=8h0PNCK0RgqLcCxFebsZYg&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=8h0PNCK0RgqLcCxFebsZYg

Request Chain 238

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN4Nf5BdSai1igBEhzkVtmk&google_cver=1

Request Chain 240

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LE3QLYP5-13-D9AQ

Request Chain 241

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEUzUUxZUDUtMTMtRDlBUQ==

Request Chain 246

https://web.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=51&href=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large HTTP 302
https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=51&href=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&_rdc=1&_rdr

Request Chain 259

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fk99.com%2F&domain=k99.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=vwvEpnxBTis3UmVHV2VwQ293d0p5TXp0cWYrWFJvR3Juam44cEEvdENHS3dYejkzKzhLVnMrMTRUajBaMzEvbkVVdlZVWGlFTHRIQUxmVjJ6dmlMOEhQME8yMG9DdUV1OW05VWNaZGdlT3Qwb0VLeitpS25zS1JDTnRqc3ZMbVd6eGFBeEZxQ0xKcE45UksyaDI5UjhmZEJyVGJSdHNiSUsreFdHdVV0ZDZQdTdqaVpLUU1tMUtiT3lxa2dzQ1VOdTFoeENoVmN0Y1QwY1U1dllpL2NhamdiK3V3N2tQckczdk84b2JiOWhhWjRyWWNJPXw&cppv=2

Request Chain 285

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7199861975615142028&gdpr=0&gdpr_consent=

Request Chain 286

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=xbZUJsFNRbB9eJ9xtOsh5tmKxGM&gdpr=0&gdpr_consent=

Request Chain 287

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFKWl9FN0gxaGtBQUNERjJENGM2QQ&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAJZ_E7H1hkAACDF2D4c6A&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAJZ_E7H1hkAACDF2D4c6A&pid=558502&do=add&gdpr=0 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAJZ_E7H1hkAACDF2D4c6A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3456158688862897464&gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJZ_E7H1hkAACDF2D4c6A&gdpr=0&gdpr_consent=

Request Chain 288

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=Y_sMUgAG8g1NIAAF HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y_sMUgAG8g1NIAAF&gdpr=1&gdpr_consent=&_test=Y_sMUgAG8g1NIAAF

Request Chain 289

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 291

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 293

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1 HTTP 302
https://a.audrte.com/p

Request Chain 294

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1129555489 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1

Request Chain 296

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-4SbwtXtE2uVVlmgkfbP1XJNegvJsZ4I-~A&gdpr=0

Request Chain 299

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7072373608791860953&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 300

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:d1672c55-02f1-4cb7-97bb-323e5194e56d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 302

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1676348498353 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=1685177042 HTTP 302
https://sync.1rx.io/usersync/turn/7072373608791860953?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003

Request Chain 304

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 306

https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent= HTTP 302
https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid%26gdpr%3D0%26gdpr_consent%3D%25_gdpr_consent HTTP 302
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D

Request Chain 308

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=pqze2d14te4p

Request Chain 309

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=

Request Chain 311

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847

Request Chain 314

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1676348498352 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=3016789539 HTTP 302
https://sync.1rx.io/usersync/turn/7072373608791860953?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003

Request Chain 315

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847

Request Chain 317

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 319

https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent= HTTP 302
https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid%26gdpr%3D0%26gdpr_consent%3D%25_gdpr_consent HTTP 302
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D

Request Chain 321

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qm92zfvbwzq

Request Chain 322

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=

Request Chain 333

https://ups.analytics.yahoo.com/ups/58534/occ HTTP 302
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

Request Chain 337

https://ups.analytics.yahoo.com/ups/58534/occ HTTP 302
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

Request Chain 340

https://ups.analytics.yahoo.com/ups/58534/occ HTTP 302
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

Request Chain 343

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP 301
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

Request Chain 351

https://ups.analytics.yahoo.com/ups/58534/occ HTTP 302
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

Request Chain 355

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP 301
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

364 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/ 175 KB
38 KB 1933ms
252ms Document
text/html 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

ff17b81c59041af25d3ee0e5eb12898066d76f2b36cfa7e2ad8f49b9f7f71b7d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-cache
content-encoding: gzip
content-length: 38377
content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 04:21:28 GMT
etag: W/"2bc05-4Ls4paJjsS2MfDPj0xhuQg"
expires: Tue, 14 Feb 2023 04:21:27 GMT
gdpr-source: GB
server: nginx
vary: Accept-Encoding
via: 1.1 varnish
x-abgroup: A
x-cache: MISS
x-device: desktop
x-frame-options: SAMEORIGIN
x-powered-by: Express
x-ua-device: desktop
x-varnish: 2712258160

GET
H2 200 base.css
k99.com/styles/desktop/ 534 KB
115 KB 62ms
61ms Stylesheet
text/css 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/styles/desktop/base.css?ver=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/63D9) / Express

Resource Hash

73cfa30aebd6f88c7973d442b5377a00fdef093ce9b63dc4508a766d8d8d6cf4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:29 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 117705
last-modified: Mon, 13 Feb 2023 17:12:30 GMT
server: ECS (lhb/63D9)
etag: W/"85928-rxofb2INlseB8ss/61X1dQ"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
x-varnish: 2703165743
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:28 GMT

GET
H2 200 main.bundle.6adf22779f1762b757b57f988c1210c174787a1b.js Show response
townsquare.media/public/dist/desktop/ 913 KB
237 KB 1922ms
167ms Script
application/javascript 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://townsquare.media/public/dist/desktop/main.bundle.6adf22779f1762b757b57f988c1210c174787a1b.js?mver=104&gver=3

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/99A0) / Express

Resource Hash

fc9ca5672114fd508129bac80b6a806e77960e36fe0e70837936b5d2c3bbe2aa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40141
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 241945
last-modified: Mon, 13 Feb 2023 17:11:25 GMT
server: ECS (nag/99A0)
etag: W/"e45b1-1864bc287c9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703165578
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 22 KB
2 KB 163ms
58ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,300italic,300%7CRoboto+Condensed:300,400,700&display=swap

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0d05aa7fda69e5a6629806fe1b77d18eb6ce5a777eed211f77b51b728f62b4a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Feb 2023 04:21:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 04:03:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 216ms
60ms Script
text/javascript 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 03:12:06 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 4164
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Tue, 14 Feb 2023 05:12:06 GMT

GET
H2 200 autotrack.carbon.js Show response
townsquare.media/public/resources/js/ 4 KB
2 KB 997ms
664ms Script
application/javascript 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://townsquare.media/public/resources/js/autotrack.carbon.js

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/9998) / Express

Resource Hash

17c048bfb0138677a5774ee0301b7858b6d3fa8620fcaf62b6b81a0b5a37996a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: gzip
via: 1.1 varnish
age: 23598
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 2031
last-modified: Thu, 03 Oct 2019 20:12:19 GMT
server: ECS (nag/9998)
etag: W/"119a-16d93407ae3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3224811025 3219521340
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 script.js Show response
dbejeqv8nk3po.cloudfront.net./ 122 KB
43 KB 305ms
139ms Script
application/javascript 2600:9000:2304:4200:0:b015:b300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2304:4200:0:b015:b300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9382d8c93fda5e4fe9eb44a1f84b89880027b481ead12692e74643bd685c63c4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: qAb7JE3xfkv26WK9T4ep0lYGhqHDMjlI
content-encoding: gzip
via: 1.1 8c71fe23914182493dae4cb15c841346.cloudfront.net (CloudFront)
date: Tue, 14 Feb 2023 04:21:30 GMT
last-modified: Mon, 13 Feb 2023 22:03:49 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-P1
age: 218
etag: W/"db33142b8c84eeb9c0f6f2cd9644a220"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=600,public,must-revalidate
x-amz-cf-id: MI6q1nZSFO7TXa2KmCHqJ7k33js5nBxgSAK8OOY7yxTglB5L1lH5VA==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 79 KB
27 KB 158ms
55ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e1c7e09fc6673f2b0138d8a1131b1d32a32ad4562fe6d3a1c65c944e66d1b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27260
x-xss-protection: 0
server: sffe
etag: "1482 / 903 of 1000 / last-modified: 1676329613"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 186854-113710634486999.js Show response
js-sec.indexww.com/ht/p/ 37 KB
13 KB 728ms
584ms Script
text/javascript 172.64.151.162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/186854-113710634486999.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1f87b6ebedfe2a978cb946c520baf745f8e3a4b47c690f9c7b353a84f7b53ca

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
last-modified: Tue, 14 Feb 2023 04:21:13 GMT
server: cloudflare
etag: W/"764e0c-930b-5f4a14b4bfbc7"
vary: Accept-Encoding
content-type: text/javascript
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=14400
cf-ray: 79930472486c1893-MAN
expires: Tue, 14 Feb 2023 08:21:31 GMT

GET
H2 200 pb.js Show response
cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/ 336 KB
101 KB 1295ms
69ms Script
application/javascript 192.229.233.218
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.218 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/6286) / Express

Resource Hash

d6436bf86160892956d5fb4180b81629a61528ba7000cd334973c23ecaa9c9d4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 40101
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop, desktop
x-device: carbon, carbon
content-length: 103037
last-modified: Mon, 13 Feb 2023 17:48:29 GMT
server: ECS (lhb/6286)
etag: W/"53f5b-JH3FS82mlAuW0GEK/ECpQw"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-varnish: 3215749082, 3216262174 3215749077
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 platform.js Show response
apis.google.com/js/ 54 KB
21 KB 262ms
117ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d68890ba4c6bfa2417c5b97ab63489256913dcae1f94f232204b05d8fa4f5b1

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 04:21:30 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20950
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "03884666a30c671f"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2

200

embed.js Show response
www.instagram.com/
Redirect Chain

https://platform.instagram.com/en_US/embeds.js
https://www.instagram.com/embed.js

54 KB
20 KB

236ms
100ms

Script
application/x-javascript

2a03:2880:f22d:e5:face:b00c:0:4420
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.instagram.com/embed.js

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Server

2a03:2880:f22d:e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8b75fb59640d95ff3485e1a4851f392c25a31f52effd7d63e9b6ebb3e223410f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: br
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 04:21:30 GMT
content-md5: Wso3DO/YMKPPOkH7QUM6Yg==
document-policy: force-load-at-top
edge-control: cache-maxage=1200s
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 19350
reporting-endpoints: coep_report="https://www.facebook.com/browser_reporting/?minimize=0", default="https://www.instagram.com/error/ig_web_error_reports/?device_level=unknown"
x-fb-debug: MNa99gAOh44S4/7bxu0RAFevsZd0TTS4qaSFEO0/Tfkmbg9IHMFOilszkK6+lEmqJUho59q8gqsr1oNkiKTrNg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
x-fb-content-md5: c98a287f3679fed57e1ab4e872347387
cross-origin-opener-policy: same-origin-allow-popups
etag: "0a9f3c371dcbd842b985faa063a0b8fb"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.instagram.com\/error\/ig_web_error_reports\/?device_level=unknown"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Tue, 14 Feb 2023 04:41:30 GMT

Redirect headers

location: https://www.instagram.com/embed.js
date: Tue, 14 Feb 2023 04:21:30 GMT
x-fb-trip-id: 1425083115
server: proxygen-bolt
content-length: 0
content-type: text/plain

GET
H2 200 pinit.js Show response
assets.pinterest.com/js/ 361 B
485 B 224ms
59ms Script
application/javascript 2a04:4e42:41::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pinterest.com/js/pinit.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:41::84 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: br
x-cdn: fastly
etag: "62d32c28f14783b94192cd8d35bc010d"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=300
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
content-length: 203

GET
H2 200 attachment-kuad_notag.png
townsquare.media/site/48/files/2022/04/ 281 KB
282 KB 995ms
664ms Image
image/png 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/48/files/2022/04/attachment-kuad_notag.png

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/998C) / Express

Resource Hash

ecfbab4e4ef70f9acb5205781ad4c28106f8bbbb14f7a89e4cd7682108c388ce

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:30 GMT
via: 1.1 varnish
age: 25110373
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 288004
last-modified: Fri, 22 Apr 2022 15:32:43 GMT
server: ECS (nag/998C)
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-varnish: 1100365654
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 attachment-attachment-Scam-Alert.jpg
townsquare.media/site/50/files/2023/02/ 95 KB
96 KB 995ms
663ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/50/files/2023/02/attachment-attachment-Scam-Alert.jpg?w=980&q=75

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/998A) / Express

Resource Hash

88368035e4c3b2291254de9b8fa5a652b0b78e2260a2b4bda89c0347fc31db00

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:30 GMT
via: 1.1 varnish
age: 297028
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 97645
last-modified: Fri, 10 Feb 2023 16:52:33 GMT
server: ECS (nag/998A)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 2653439536
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 attachment-900.jpg
townsquare.media/site/48/files/2022/04/ 6 KB
6 KB 976ms
663ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/48/files/2022/04/attachment-900.jpg?w=100

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/999E) / Express

Resource Hash

e9b56dd1ce180db739cf165777f58149699af061708902e22eb955c5389c3799

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:30 GMT
via: 1.1 varnish
age: 16279179
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 6526
last-modified: Fri, 22 Apr 2022 15:33:59 GMT
server: ECS (nag/999E)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 683444834
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 point40.jpg
townsquare.media/site/50/files/2022/01/ 577 B
683 B 649ms
648ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/50/files/2022/01/point40.jpg?w=999&h=30&zc=1

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/999E) / Express

Resource Hash

ec5fe4cd5b4e7319fe8f859b0658cb89c7fc90f2938e5f529fd2ccf0a1fd3c4d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:30 GMT
via: 1.1 varnish
age: 26298623
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 577
last-modified: Fri, 15 Apr 2022 19:01:42 GMT
server: ECS (nag/999E)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 888359579 885947135
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

POST
H2 200 cogitoergosum Show response
k99.com/rest/high/api/ 128 B
498 B 179ms
179ms XHR
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/high/api/cogitoergosum

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

ae08f2abf5f3de4421e95c6a9dda1c17a03627100c6839d780f8459b05acf06c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:29 GMT
server: nginx
etag: W/"80-S0F5ShY4cVMvGD3SDTRhaH1eARc"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
content-length: 128
expires: Tue, 14 Feb 2023 04:21:28 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 184 KB
63 KB 165ms
58ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K346HJZ

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6acbd9dd43ab1a404602ebb4f256aedab19fb560e06e8fcfbdc8e5d1b193686

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63680
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 193 KB
47 KB 259ms
88ms Script
application/javascript 18.66.23.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-213.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a661f8f8090e763d9e46c3b0745a402070fc823d3cf116aba6c2ad0287282d62

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:16:24 GMT
content-encoding: gzip
via: 1.1 cb0a9b0d01a1b0cc9278d9875ce23c92.cloudfront.net (CloudFront), 1.1 92835d2f5794bba6bff3a83645bbf4c4.cloudfront.net (CloudFront)
last-modified: Wed, 08 Feb 2023 21:24:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, VIE50-P1
age: 307
x-amz-server-side-encryption: AES256
etag: W/"0d9f2b192f61b596888847da998647d3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: ovoxs8K6YDslnx-rSy2gvMTs_1n5Eb3rnNlTocQ8Ul1GCEQybngHFw==

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 217ms
55ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B8A) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 04:21:30 GMT
Content-Encoding: gzip
Age: 806
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
x-amzn-internal-status: 304
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (amb/6B8A)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 145ms
48ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50317b9039d375bb37c61cc6e0ea3c977b69c4ca6f3003398e20928834308b7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 04:21:30 GMT
content-md5: RPCEiQ6xwYr6Tw80J0BMnA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: HQQQA0p85t8mRGIg/T+Y7nY2Xk+KuYoVu67xHEAkBpMRnaDRCFIpRPJ816v3LEP9fz2flro3lAUAoWVtPKUBnQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
x-fb-content-md5: 58e05dd0f70d2d16af9f2c257af65223
cross-origin-opener-policy: same-origin-allow-popups
etag: "b28428e5d24fba9a7c64166e0ee67823"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Tue, 14 Feb 2023 04:28:09 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/townsquaremediatsm-network/ 154 KB
42 KB 155ms
37ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/townsquaremediatsm-network/loader.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d325e9c90c96d1084dd9a729dd497b86f9a8665116e3bd6f3eab8ff130e7487c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: 4otgcvdkSaXgGfmsXw75lxAftRCsQqeW
content-encoding: gzip
via: 1.1 varnish
date: Tue, 14 Feb 2023 04:21:30 GMT
x-amz-request-id: H671ZMG1F2VJM5V8
age: 10153
x-cache: HIT
x-from-cache: 1
x-envoy-upstream-service-time: 5
x-amz-replication-status: FAILED
content-length: 42743
x-amz-id-2: PFRDEYno8F/6g2mvampSnAz/zB/FS6n3IUtcAcx5d1NAMeoxbsWAKoEflWf/EoJUia2MvxNI8Gk=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Mon, 13 Feb 2023 20:29:54 UTC
server: nginx
x-timer: S1676348491.812462,VS0,VE1
etag: "0033363415370f75886213c8289e57e61277d4a4"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
abp: 3
cache-control: private,max-age=14400
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 / Show response
cdn.production.townsquareblogs.com/aleph/ Frame EB05 2 KB
862 B 56ms
56ms Document
text/html 192.229.233.218
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.production.townsquareblogs.com/aleph/
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.233.218 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B92) / Express
Resource Hash: e455c9481ab43afb3fe882d539f47ad82eb560651f6c68a99f4dfb8ff4249d88

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 295
cache-control: no-cache
content-encoding: gzip
content-length: 708
content-type: text/html; charset=UTF-8
date: Tue, 14 Feb 2023 04:21:30 GMT
etag: W/"7dd-17eb77f56cd"
expires: Tue, 14 Feb 2023 04:21:29 GMT
gdpr-source: GB
last-modified: Tue, 01 Feb 2022 22:54:42 GMT
server: ECS (amb/6B92)
vary: Accept-Encoding
via: 1.1 varnish
x-abgroup: B
x-cache: HIT
x-powered-by: Express
x-varnish: 3224786563 3224758565

GET
H2 200 attachment-1920-kuad-gradient-background.jpg
townsquare.media/site/48/files/2022/04/ 44 KB
45 KB 975ms
662ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/48/files/2022/04/attachment-1920-kuad-gradient-background.jpg

Requested by

Host: k99.com
URL: https://k99.com/styles/desktop/base.css?ver=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/99A3) / Express

Resource Hash

37a4f736b5d18a99138bddce0553e27780d9beacdd264b5dd7dc77d52c3250f9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:30 GMT
via: 1.1 varnish
age: 25110373
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 45536
last-modified: Wed, 27 Apr 2022 15:36:25 GMT
server: ECS (nag/99A3)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 581482347
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 204ms
60ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,300italic,300%7CRoboto+Condensed:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 11:48:56 GMT
x-content-type-options: nosniff
age: 59554
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Feb 2024 11:48:56 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 272ms
128ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,300italic,300%7CRoboto+Condensed:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 12:49:17 GMT
x-content-type-options: nosniff
age: 315133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15660
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Feb 2024 12:49:17 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 335ms
191ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,300italic,300%7CRoboto+Condensed:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 19:24:44 GMT
x-content-type-options: nosniff
age: 32206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15700
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Feb 2024 19:24:44 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 297ms
167ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,300italic,300%7CRoboto+Condensed:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 02:07:02 GMT
x-content-type-options: nosniff
age: 440068
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 02:07:02 GMT

GET
DATA 200
OK truncated
/ 50 KB
50 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3400c27c9329fc2805aa324d61c60db41f90c338450da456b31cde72fd83122c

Request headers

Referer
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type: font/opentype;charset=utf-8

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 277ms
150ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,300italic,300%7CRoboto+Condensed:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 08:26:15 GMT
x-content-type-options: nosniff
age: 330915
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15528
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:53:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Feb 2024 08:26:15 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 126ms
75ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,300italic,300%7CRoboto+Condensed:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 01:07:00 GMT
x-content-type-options: nosniff
age: 11670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 01:07:00 GMT

POST
H2 200 cogitoergosum Show response
cdn.production.townsquareblogs.com/rest/high/api/ Frame EB05 128 B
456 B 143ms
143ms Fetch
application/json 192.229.233.218
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.production.townsquareblogs.com/rest/high/api/cogitoergosum

Requested by

Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/aleph/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.218 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

41a14daee8711278ad1b9457c6a2f336dee2419916bc47a82dcbe70a79bfbe43

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://cdn.production.townsquareblogs.com/aleph/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
server: nginx
etag: W/"80-5FkCVvmqCLIwDQaCQRqz90n0+FE"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: carbon
content-length: 128
expires: Tue, 14 Feb 2023 04:21:29 GMT

POST
H2 200 cogitoergosum Show response
cdn.production.townsquareblogs.com/rest/high/api/ Frame EB05 128 B
430 B 143ms
143ms Fetch
application/json 192.229.233.218
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.production.townsquareblogs.com/rest/high/api/cogitoergosum

Requested by

Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/aleph/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.218 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

41a14daee8711278ad1b9457c6a2f336dee2419916bc47a82dcbe70a79bfbe43

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://cdn.production.townsquareblogs.com/aleph/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
server: nginx
etag: W/"80-5FkCVvmqCLIwDQaCQRqz90n0+FE"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: carbon
content-length: 128
expires: Tue, 14 Feb 2023 04:21:29 GMT

GET
H2 200 pubads_impl_2023020701.js Show response
securepubads.g.doubleclick.net/gpt/ 386 KB
131 KB 209ms
60ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020701.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa19ab413493b004c5957325db711ffde124c52cb5007049f1331dd1302bc774

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 20:44:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27397
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133135
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 09:35:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 13 Feb 2024 20:44:53 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 763 B
901 B 254ms
83ms XHR
application/json 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=k99.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

757b00def4ee826bb13ad1cea6a2a2581de1d2487e7ce3b1fe0a0389156c6137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 358
x-xss-protection: 0
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 pinit_main.js Show response
assets.pinterest.com/js/ 66 KB
18 KB 60ms
59ms Script
application/javascript 2a04:4e42:41::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pinterest.com/js/pinit_main.js?0.402731134591483
Requested by: Host: assets.pinterest.com
URL: https://assets.pinterest.com/js/pinit.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:41::84 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: br
x-cdn: fastly
etag: "3725764cf05d1a0938de73d398772331"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=300
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
content-length: 18679

POST
H2 200 1a Show response
i.clean.gg/ 0
104 B 116ms
115ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 234ms
121ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://k99.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 14 Feb 2023 04:21:31 GMT
server: nginx/1.21.6
via: 1.1 google

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 103ms
50ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=2d7a92b40fbb663036e62efc99ed8168

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b8d9e78bca2aef0dd48377a7985beca9968ce51fe9a84805a8a258a2af86c89d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://k99.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 04:21:30 GMT
content-md5: Nxx2784DNZr3f5rJnLztkw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87036
x-fb-rlafr: 0
x-fb-debug: qtKg0d0oUBJuYh3SThSWT6GcxwZM2EjdS3j4UQU87zadX8rlwJ8r6bnvB3GlFKU2hJXyhuM/5sv78695c6LXXw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: bebcf0229c05b95523d42f2890d59d28
cross-origin-opener-policy: same-origin-allow-popups
etag: "0a60e22d66f5a15893ff98d2c44d2754"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Wed, 14 Feb 2024 03:49:07 GMT

GET
H2 200 impl.20230212-24-RELEASE.js Show response
cdn.taboola.com/libtrc/ 727 KB
191 KB 35ms
35ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20230212-24-RELEASE.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39920847eb4f898415c17888b755ed1727c92005ff60039b2d43f0102cea0d88

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: cxkYZo6sh1oqt_kTekUHiUDYEbL5hPix
content-encoding: gzip
via: 1.1 varnish
date: Tue, 14 Feb 2023 04:21:30 GMT
x-amz-request-id: FWBQQPYHTK5MYYG0
age: 112
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 195243
x-amz-id-2: YBPb71fdGWmcH6t0gWapj+yzcqFYrg6WsnSlu2QKH8Mm8vwHVJNNN7UXx/pwkonXvgRugHW7/D4=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Mon, 13 Feb 2023 14:32:03 GMT
server: AmazonS3
x-timer: S1676348491.902409,VS0,VE0
etag: "490d0fe0c3de90136742fd7da275f2db"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 50
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 4

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 212ms
51ms Script
application/javascript 99.86.4.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-3.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 05:29:13 GMT
content-encoding: gzip
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 82339
x-amz-server-side-encryption: AES256
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: eApuqkTbGyvIVP9uBmOjr5HwVLIKACSG3Dq9aqs34AzaJNQCkC19FA==

GET
H2 200 tr5
cdn.taboola.com/libtrc/ 3 B
78 B 102ms
101ms Image
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=crossorigin_test_2_ctrl
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600047-LCY
date: Tue, 14 Feb 2023 04:21:30 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1676348491.904222,VS0,VE0
x-cache: HIT
content-type: text/html
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 2377 320 KB
104 KB 54ms
53ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fk99.com
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BB8) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1751895
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Feb 2023 04:21:30 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BB8)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
78 KB 58ms
57ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-GGT2X929YG&l=dataLayer&cx=c

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

247a8033d5ac9ae54e9bcdf19121ec5af03b523c3273fc6e530d4cc487ed929e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80060
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 336 B
681 B 168ms
167ms XHR
application/json 18.66.23.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3227&u=https%3A%2F%2Fk99.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-213.vie50.r.cloudfront.net
Software: Server /
Resource Hash: f4f014cb74f3b341e5b43171bf87d57f3a7b878653f4a164d966cd6eea535a82

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:30 GMT
via: 1.1 92835d2f5794bba6bff3a83645bbf4c4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: VIE50-P1
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://k99.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 336
x-amz-cf-id: 5Z5t_4HBAozBszDb3twb65mFtpkF91gb5j0i9Su5R_RMFGUtVjbXXA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 191ms
73ms XHR
application/javascript 18.66.23.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-213.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 03:43:33 GMT
x-amz-version-id: zv0zkgF8NnUlHbYAYVWZBKSRYlhapW6k
content-encoding: gzip
via: 1.1 6183f44271d091c21804d467f8a4ce20.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
age: 2279
x-cache: Hit from cloudfront
last-modified: Wed, 08 Feb 2023 10:05:52 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: M-DexZUE50Bu6H__8Xh7Q-eKESPVG-Et2hCZOyQeUhn3dVhVqQrlaQ==

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 2377 919 B
646 B 258ms
142ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=3ad904b05c05d96eab546af0735e015dd2e98080

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fk99.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ee80cf3b15ea6f7dd08ba1b6bbb065994092b94415845536e0db3476ea80fad4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-response-time: 106
date: Tue, 14 Feb 2023 04:21:30 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Tue, 14 Feb 2023 04:21:31 GMT
server: tsa_f
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 37bfdbf0bc61af21
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 9c5caca9f7a49df5ba00aa1ae08da9fd14eeede655c5019cbbe90c2fef5a659c
content-length: 326

POST
H2 204 collect
region1.analytics.google.com/g/ 0
239 B 138ms
41ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-ZMFLV5H3DE&gtm=45je32d0&_p=897511486&_gaz=1&cid=1819075421.1676348491&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676348491&sct=1&seg=0&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&uid=66ea9dee-1b25-5849-ac92-b3e10470d5cb&en=page_view&_fv=1&_ss=1&ep.call_sign=KUADFM&ep.site_classification=Local&ep.genre=country&ep.market=Fort%20Collins&ep.site_type=Local&ep.tags=999thepoint-xpost&ep.categories=articles&ep.gtm_version=49&ep.page_type=post&ep.author=bigrob&ep.publish_date=2023-02-12%2001%3A06%3A00.000%2B0000&ep.view_type=standard&up.user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&up.aleph_id=66ea9dee-1b25-5849-ac92-b3e10470d5cb
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 138ms
42ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-GGT2X929YG&gtm=45je32d0&_p=897511486&_gaz=1&cid=1819075421.1676348491&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676348491&sct=1&seg=0&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&uid=66ea9dee-1b25-5849-ac92-b3e10470d5cb&en=page_view&_fv=1&_ss=1&ep.call_sign=KUADFM&ep.site_classification=Local&ep.genre=country&ep.market=Fort%20Collins&ep.site_type=Local&ep.tags=999thepoint-xpost&ep.categories=articles&ep.gtm_version=49&ep.page_type=post&ep.author=bigrob&ep.publish_date=2023-02-12%2001%3A06%3A00.000%2B0000&ep.view_type=standard&up.user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&up.aleph_id=66ea9dee-1b25-5849-ac92-b3e10470d5cb
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
248 B 124ms
41ms Ping
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GGT2X929YG&cid=1819075421.1676348491&gtm=45je32d0&aip=1&uid=66ea9dee-1b25-5849-ac92-b3e10470d5cb
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
408 B 232ms
86ms Image
image/gif 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GGT2X929YG&cid=1819075421.1676348491&gtm=45je32d0&aip=1&uid=66ea9dee-1b25-5849-ac92-b3e10470d5cb&z=243358143

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 8328825 Show response
fundingchoicesmessages.google.com/i/ 124 KB
43 KB 195ms
92ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/8328825?ers=3

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f23ebc55cd8db69deb7a4c91c4ee2bc43e7faa51798c6ceec99d5955ac704cc

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-0do2HAPfg3PKvRI-C5dShA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-0do2HAPfg3PKvRI-C5dShA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin; report-to="ContributorServingWebSwitchboardHttp"
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingWebSwitchboardHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingWebSwitchboardHttp/external"}]}
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1676348491174&ns_c=UTF-8&c7=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-d...
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1676348491174&ns_c=UTF-8&c7=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-...

0
188 B

52ms
51ms

Image
text/plain

99.86.4.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1676348491174&ns_c=UTF-8&c7=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&c8=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&c9=
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Server: 99.86.4.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-3.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 73godrLvywPI0eXYWQn2ESoLcdSPbwpKyZcxSJeZ8Hvbg1TTCpTnwA==
x-cache: Miss from cloudfront

Redirect headers

location: /b2?c1=7&c2=34354936&c3=1&cs_it=b3&cv=3.8.0.210223&ns__t=1676348491174&ns_c=UTF-8&c7=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&c8=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&c9=
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
content-length: 0
x-amz-cf-id: rXYuo3NqhK_z4tNv4nqU_rDutkhdEHimF0rOSsIOQ54NiRYflX_Kcg==
x-cache: Miss from cloudfront

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 54 KB
17 KB 216ms
46ms Script
application/javascript 2.19.44.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.44.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-44-144.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
server: Apache
etag: "d734-5f2f3919e751f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17407
expires: Tue, 14 Feb 2023 04:36:31 GMT

POST
H2 200 recordVendorsLoaded Show response
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 0
455 B 121ms
121ms XHR
text/plain 44.209.82.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.209.82.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-209-82-109.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 14 Feb 2023 04:21:31 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

OPTIONS
H2 200 recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 0
0 386ms
121ms Preflight 44.209.82.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.209.82.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-209-82-109.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://k99.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Tue, 14 Feb 2023 04:21:31 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 451 identity Show response
api.rlcdn.com/api/ 44 B
354 B 129ms
43ms XHR
text/plain 34.120.133.55
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity?pid=2&rt=envelope

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186854-113710634486999.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

55.133.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://k99.com
access-control-allow-credentials: true
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length: 44
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
384 B 177ms
46ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=186854
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186854-113710634486999.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 60b7a9b8cc82be065ce8e42a6c9fa3fe1b6964e543b1bf30ad7f4e93eada2406

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Thu, 16 Mar 2023 04:21:31 GMT

POST
H2 200 headerstats Show response
as-sec.casalemedia.com/ 0
494 B 155ms
59ms XHR
text/plain 172.64.154.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/headerstats?s=254982&u=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&v=3
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186854-113710634486999.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iiqtP1zNWzpU2mDYs7hzd2FrNKsOPVZjYTYliRXJtD8ie4TgA8bIzV3TBHuPvHQ9fhUtoorcxI188PDP7dgO%2BSSyRJgH%2FpigB5Y3Fatc08I3%2FCrDfR0SAVAIjC6VzeYJGuDlyhDzrTw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://k99.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 79930477df7f3622-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 AGSKWxUzS4c67bm2sHHpYsftgjyljJ-vNkaG5Er3KIfFFWWwKdkxCGn4H58hg82XEqb0rAG4clpIDKhVrtzAbTCOz-4= Show response
fundingchoicesmessages.google.com/f/ 337 KB
47 KB 120ms
119ms Script
application/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUzS4c67bm2sHHpYsftgjyljJ-vNkaG5Er3KIfFFWWwKdkxCGn4H58hg82XEqb0rAG4clpIDKhVrtzAbTCOz-4=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjc2MzQ4NDkxLDUyNjAwMDAwMF0sIjc2MzQxMkUwLUQ3MTYtNDE4Ri05REU3LTA4QkIyMEFFQ0U5QSIsbnVsbCxudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vazk5LmNvbS93YXJuaW5nLXRoaXMtZW1haWwtc2NhbS1pcy1nb2luZy1hcm91bmQtY29sb3JhZG8tcGxlYXNlLWRvbnQtZmFsbC1mb3ItaXQvIixudWxsLFtbOCwiU19ueGRQanI2RmciXSxbOSwiZW4tR0IiXV1d

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

75d51f26daee6a91e51108c8ab3f949200fc82ae004416eb7fec21c3a7df58a1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5tT-k-WpYspNrg592rahIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-5tT-k-WpYspNrg592rahIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 cogitoergosum Show response
k99.com/rest/high/api/ 128 B
340 B 149ms
148ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/high/api/cogitoergosum

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

50aad904a7f417f5ab6734b1d980f97e70636bcd92c5e59288d7a8286f42a88b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
server: nginx
etag: W/"80-+aVy8CkKsdvkuVcJVE+pCI7Q3OU"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
content-length: 128
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 189ms
84ms Fetch
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=1594907847365407&input_token&origin=1&redirect_uri=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
document-policy: force-load-at-top
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: t0BYWZ+qFv/VYtZx0jicE1kjzt4jtlDYnkFES/Z+cafeERfqR+eUGH7Y5va0LQbSSXvgcToe8WrqvfTFIuUsdQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://k99.com
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 chunk-5.5bb797fa2d805bd583e9.1676307290547.js Show response
k99.com/public/dist/chunks/ 6 KB
2 KB 60ms
60ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-5.5bb797fa2d805bd583e9.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BBE) / Express

Resource Hash

b950d16a0492939244e9fe71c1e712ab103c04d1f39a5b142dbf2ff759a7fced

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 2149
last-modified: Mon, 13 Feb 2023 17:11:25 GMT
server: ECS (amb/6BBE)
etag: W/"178a-1864bc28676"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703166637
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-20.f7841577ce3521f569b1.1676307290547.js Show response
k99.com/public/dist/chunks/ 806 B
932 B 61ms
61ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-20.f7841577ce3521f569b1.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/63B8) / Express

Resource Hash

d609579049e96077cf5a6d30886236efcb9a5a125e6901aa6e8502a5c81aa610

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 806
last-modified: Mon, 13 Feb 2023 17:11:22 GMT
server: ECS (lhb/63B8)
etag: W/"326-1864bc27cfd"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703166537
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-22.6de938cd8afec09171b6.1676307290547.js Show response
k99.com/public/dist/chunks/ 1 KB
975 B 55ms
54ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-22.6de938cd8afec09171b6.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BAE) / Express

Resource Hash

ce8778046a97918590245900c0a7e253cf0d924d6410a5d925b5fe6c34925c9d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 784
last-modified: Mon, 13 Feb 2023 17:11:25 GMT
server: ECS (amb/6BAE)
etag: W/"514-1864bc2866e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733289
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-21.ae23111e1c6601947422.1676307290547.js Show response
k99.com/public/dist/chunks/ 1016 B
1 KB 61ms
61ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-21.ae23111e1c6601947422.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/635C) / Express

Resource Hash

50cc8f91517092b24611b19b4c178ec00ea2a1caa4189d77d91d4516f8c9bc99

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 1016
last-modified: Mon, 13 Feb 2023 17:11:24 GMT
server: ECS (lhb/635C)
etag: W/"3f8-1864bc2853d"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733191
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-34.0c9bac494d3cbc4bbcec.1676307290547.js Show response
k99.com/public/dist/chunks/ 40 KB
12 KB 54ms
54ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-34.0c9bac494d3cbc4bbcec.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BB3) / Express

Resource Hash

e34af1e6e75af697e115fba76f25e458c0d5542c819f4ef6b9e553e613f5fadb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 12012
last-modified: Mon, 13 Feb 2023 17:11:25 GMT
server: ECS (amb/6BB3)
etag: W/"a09a-1864bc28672"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703166647
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-14.f317d8bc4953e49303e7.1676307290547.js Show response
k99.com/public/dist/chunks/ 27 KB
8 KB 61ms
60ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-14.f317d8bc4953e49303e7.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/62B5) / Express

Resource Hash

cb91bf2487214c9142094afed3bbd81869e8970c03d31971208f7f1d3210004f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 7887
last-modified: Mon, 13 Feb 2023 17:11:25 GMT
server: ECS (lhb/62B5)
etag: W/"6ae3-1864bc2866e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733197
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-51.4a70d0cfbab9bb27bd7e.1676307290547.js Show response
k99.com/public/dist/chunks/ 2 KB
911 B 61ms
61ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-51.4a70d0cfbab9bb27bd7e.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/632D) / Express

Resource Hash

29ac11b8aca81dd78c09c546feae3524320cef85b8e9b445b099c0208b5850c1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 806
last-modified: Mon, 13 Feb 2023 17:11:25 GMT
server: ECS (lhb/632D)
etag: W/"663-1864bc28676"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733193
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 wo Show response
k99.com/rest/carbon/api/nowplaying/playertype/ 5 KB
1 KB 61ms
60ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/carbon/api/nowplaying/playertype/wo

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/6343) / Express

Resource Hash

dd50f9428071ad6b43c5d41627978cb0f870c4ca1fd08a2621ae741029842699

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
age: 278
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 1406
last-modified: Tue, 14 Feb 2023 04:16:53 GMT
server: ECS (lhb/6343)
etag: W/"1246-nthEX2GSh8qKqvYn66dPGVHLR0o"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-33.b3dc786da2d080b5fb3b.1676307290547.js Show response
k99.com/public/dist/chunks/ 15 KB
6 KB 97ms
96ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-33.b3dc786da2d080b5fb3b.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B7E) / Express

Resource Hash

b8c65c14e854c7d0839b89e1b08d0013222a5c72ff28217190d6c07ae17255de

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40129
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 6358
last-modified: Mon, 13 Feb 2023 17:11:24 GMT
server: ECS (amb/6B7E)
etag: W/"3c81-1864bc2853d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703171399
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-52.32a5ab21c0f47ce019cc.1676307290547.js Show response
k99.com/public/dist/chunks/ 1 KB
754 B 98ms
97ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-52.32a5ab21c0f47ce019cc.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B9F) / Express

Resource Hash

b28c5652fc544d473355d16847ae922cfbad8f9951ba1f99b7ae1bd74308f980

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40129
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 650
last-modified: Mon, 13 Feb 2023 17:11:22 GMT
server: ECS (amb/6B9F)
etag: W/"5e1-1864bc27c11"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215738106
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

POST
H2 200 cogitoergosum Show response
k99.com/rest/high/api/ 22 B
90 B 145ms
144ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/high/api/cogitoergosum

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

38e1e6c680ef39235e64726496ece6b39355e5fb5d2ff9f94881393427ef9d67

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
server: nginx
etag: W/"16-hwbt/zjXQQMHygKQH7w48NgHuys"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
content-length: 22
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-30.3cdd23acc11e2ab38cb5.1676307290547.js Show response
k99.com/public/dist/chunks/ 5 KB
2 KB 92ms
92ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-30.3cdd23acc11e2ab38cb5.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/628A) / Express

Resource Hash

4a6421b0ce55b960330c08562dbd6b0bfed5b221b83e2cfa574252ba1cb72932

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40129
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 1955
last-modified: Mon, 13 Feb 2023 17:11:26 GMT
server: ECS (lhb/628A)
etag: W/"141b-1864bc28a46"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215738004
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-3.42d608cc8fea5326b4b3.1676307290547.js Show response
k99.com/public/dist/chunks/ 26 KB
8 KB 85ms
85ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-3.42d608cc8fea5326b4b3.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B92) / Express

Resource Hash

c3163918bc5ba25383043400f7245a65a265b47d213a25afb5916b41af878bdb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40129
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 8353
last-modified: Mon, 13 Feb 2023 17:11:22 GMT
server: ECS (amb/6B92)
etag: W/"695e-1864bc27cfd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703171405
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-48.badaadfee02b3bb929af.1676307290547.js Show response
k99.com/public/dist/chunks/ 4 KB
2 KB 86ms
86ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-48.badaadfee02b3bb929af.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BAD) / Express

Resource Hash

127a016ebd771e91ec433ba7e76a6f77ef527e79dfa2eaf5f57863c879324867

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40139
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 1433
last-modified: Mon, 13 Feb 2023 17:11:24 GMT
server: ECS (amb/6BAD)
etag: W/"f1c-1864bc28541"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733425
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
501 B 295ms
139ms XHR
application/json 18.196.218.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.9.0&referrer=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&tmax=2000

Requested by

Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.218.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-218-148.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
accept-ch: user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink
content-type: application/json; charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 94 B
837 B 568ms
136ms XHR
application/json 69.166.1.15
AS-XFERNET

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22842b42daaeb069%22%3A%22453c76e3ae70a2c82d2a%7C728x90%2C970x90%2C970x250%7Cgpid%3D%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Fpost%22%7D&ref=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&s=934e807a-2f01-4907-a061-d6d37bd2e74b&pv=2d15ede3-8b35-45b2-9b12-ce0571982a06&vp=desktop&lib_name=prebid&lib_v=6.9.0&us=5&ius=1&coppa=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

dacab018d3e9d9587f247411ce59f73226120184b0bc539cdeac51a15a2d1a43

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:32 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-181
Content-Type: application/json
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Length: 119
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
311 B 141ms
66ms XHR
application/json 104.18.33.19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=272481&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2211858c7d7e94915%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A2%2C%22msi%22%3A2%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.9.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221237341c5da5ce%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22272481%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22272481%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22272481%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%7D
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.33.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 739fc88e0e68f78146d0f9d6740cb27801a2648d5e2bceddbbca2a8e71d2819f

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FYSQVBI%2FmPjuconDBdfN1OLfu19zWnpQmnfExyJ0pKDcDvEam5j6EToeDlQ%2BPGajRem0KcfHwG589spOuykQrSQAND5jvzMg3bpoMUynUdDOqrucc2KE4GnJbZry26%2FQQ6Ux5%2FwX"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://k99.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 79930479ecdab2eb-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 9 KB
5 KB 414ms
200ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11266&site_id=173188&zone_id=836540&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&kw=in-between-article-728&tk_flint=pbjs_lite_v6.9.0&x_source.tid=1de8fd42-eb59-49c6-af7e-d7d169fdd5d7&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8375248535722974
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b6457007c9025c5dd20c103fb2a0b140f59c67eb59e58cc03b260b768bdb07f0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://k99.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
townsquaremedia-d.openx.net/w/1.0/ 73 B
148 B 195ms
43ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://townsquaremedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=1de8fd42-eb59-49c6-af7e-d7d169fdd5d7&nocache=1676348491741&aus=728x90%2C970x90%2C970x250&divids=tsm-ad-728c-1&aucs=&auid=539829446
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: f978eafd1272979e62fd28b40d37e4b28d24ba2b9e2e4450c57d38cea109a2b2

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://k99.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 223ms
132ms XHR
application/json 185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cf2fe539878b6a01a2a43d269816fe0e6aeaf25436b0e0824d393acfcea5141f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:31 GMT
AN-X-Request-Uuid: 192b723c-ee07-41ef-ae0e-6a171e310174
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 836 B
1 KB 170ms
61ms XHR
application/json 34.252.119.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1676348491745&to=0&aun=tsm-ad-728c-1&maxw=970&maxh=250&si=9154&pi=3&bf=728x90%2C970x90%2C970x250&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.9.0%22%7D&ogu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ns=10240
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.119.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-119-156.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b19df53413248256037627c74af6c685d1bbf2b695a804bf9dbd6a925f2c3380

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://k99.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
110 B 287ms
89ms XHR
text/plain 185.64.190.77
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.77 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://k99.com
date: Tue, 14 Feb 2023 04:21:30 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 64 B
495 B 530ms
376ms XHR
text/javascript 13.224.191.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3227&u=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&pid=Wjd0V1ngJa2sM&cb=0&ws=1600x1200&v=23.203.336&t=2000&slots=%5B%7B%22sd%22%3A%22tsm-ad-728c-1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Ftsm-ad-728c-1%22%2C%22kv%22%3A%7B%7D%7D%5D&pj=%7B%22us_privacy%22%3A%221---%22%7D&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.191.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-191-98.fra2.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: JB3HXB8BKH74CBHN2YWF
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://k99.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: t5a2F-MQXDOj3TjRBIaAMfBBBIavpKag5NL6Wveg_t4i1zx9-eAF0A==

GET
H2 200 chunk-19.80e5c2ea58d21dc38155.1676307290547.js Show response
k99.com/public/dist/chunks/ 65 KB
16 KB 60ms
55ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-19.80e5c2ea58d21dc38155.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BC6) / Express

Resource Hash

60e3c2b60da1f5a65f156fa8cabaa080ab990a36954566c94dd33bcbed704ac3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 16770
last-modified: Mon, 13 Feb 2023 17:11:25 GMT
server: ECS (amb/6BC6)
etag: W/"10557-1864bc2866e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703166539
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-15.087fcd49df0d13f10ecb.1676307290547.js Show response
k99.com/public/dist/chunks/ 5 KB
2 KB 57ms
56ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-15.087fcd49df0d13f10ecb.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BBA) / Express

Resource Hash

970454e343ea0ae275695f9d147287d5879189d0544b80040deab7f53d59f3fb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 2020
last-modified: Mon, 13 Feb 2023 17:11:24 GMT
server: ECS (amb/6BBA)
etag: W/"13d9-1864bc28539"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733192
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-18.d1ef0c9dc79331039e33.1676307290547.js Show response
k99.com/public/dist/chunks/ 64 KB
14 KB 58ms
57ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-18.d1ef0c9dc79331039e33.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BB9) / Express

Resource Hash

183e1297a8547a306c16779549def090e927ca2b3b6bdd33fb67183c827afa8d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 14141
last-modified: Mon, 13 Feb 2023 17:11:22 GMT
server: ECS (amb/6BB9)
etag: W/"1014f-1864bc27cf9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703166544
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-11.382183c7bf86287800a3.1676307290547.js Show response
k99.com/public/dist/chunks/ 967 B
1 KB 56ms
55ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-11.382183c7bf86287800a3.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B91) / Express

Resource Hash

73f6586738f8281c97b6261e8fe281f75524ec2f8264cda85cc10c3001f9faa9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 967
last-modified: Mon, 13 Feb 2023 17:11:23 GMT
server: ECS (amb/6B91)
etag: W/"3c7-1864bc28196"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733194
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 chunk-12.114fb8ea181e01e93ded.1676307290547.js Show response
k99.com/public/dist/chunks/ 4 KB
2 KB 61ms
61ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-12.114fb8ea181e01e93ded.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/63A6) / Express

Resource Hash

ef4325aa0f7c17efb2807f805efbab5f74ccf5299b1b0c44a73eb6499a5c1de9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 1496
last-modified: Mon, 13 Feb 2023 17:11:24 GMT
server: ECS (lhb/63A6)
etag: W/"e03-1864bc28539"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703166541
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 260 B
1 KB 213ms
126ms XHR
application/json 185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

850179bbc69c901378beb0700154b9ca68ac33eed8d105f2c862930a6c975e50

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:31 GMT
AN-X-Request-Uuid: 44b7f132-5197-43c1-9f0d-ca1b83c77aee
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 260
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
townsquaremedia-d.openx.net/w/1.0/ 73 B
371 B 161ms
41ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://townsquaremedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c03292f7-2c51-4c7b-9115-6d39eb146025%2C7e626378-ffc0-4a0e-a974-97a43caa8ca0&nocache=1676348491773&aus=728x90%7C728x90&divids=tsm-ad-728a%2Ctsm-ad-728b&aucs=%2C&auid=539829446%2C539829446
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 818707aa9cdc4aa00fbcf81afaf925d29a557db23682bf84cf0dd0bb35f6dc40

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://k99.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 836 B
1 KB 140ms
59ms XHR
application/json 34.252.119.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1676348491774&to=0&aun=tsm-ad-728a&maxw=728&maxh=90&si=9152&pi=3&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.9.0%22%7D&ogu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ns=10240
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.119.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-119-156.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 013717dcbb20dee352aedeea3ebc3f0c7979febd6f2775b75791824f75e77b13

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://k99.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 836 B
1 KB 143ms
63ms XHR
application/json 34.252.119.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1676348491774&to=0&aun=tsm-ad-728b&maxw=728&maxh=90&si=9153&pi=3&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.9.0%22%7D&ogu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ns=10240
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.119.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-119-156.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2153b02b3bfbe20cc61053163c5f2960de67992d90288d85373179377b0ed2ea

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://k99.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 6 KB
3 KB 329ms
218ms XHR
application/json 18.196.218.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.9.0&referrer=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&tmax=2000

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.218.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-218-148.eu-central-1.compute.amazonaws.com

Software

Resource Hash

a1010649f9dc3f8d59dd902753332a28b11c3701a5325ebe921cb3c324e453ca

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
accept-ch: sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data
content-type: application/json; charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 2669
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 116 B
859 B 533ms
143ms XHR
application/json 69.166.1.15
AS-XFERNET

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22410ffdb6eea31bd%22%3A%22ea7911e26d411186eb66%7C728x90%7Cgpid%3D%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Fpost%22%2C%2242cb9f6f9defad5%22%3A%226e36ff2b933db31e890f%7C728x90%7Cgpid%3D%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Fpost%22%7D&ref=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&s=91e83446-8df9-40cd-b267-79a0da8c0410&pv=2d15ede3-8b35-45b2-9b12-ce0571982a06&vp=desktop&lib_name=prebid&lib_v=6.9.0&us=5&ius=1&coppa=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

4df46f6a6097d68ae9e4ebdb06b73986636291d89e6f89b4dfd35003cc8e707f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:32 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-114
Content-Type: application/json
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Length: 141
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 239 B
774 B 328ms
153ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11266&site_id=173188&zone_id=836540&size_id=2&rf=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&kw=tsm-ad-728a&tk_flint=pbjs_lite_v6.9.0&x_source.tid=c03292f7-2c51-4c7b-9115-6d39eb146025&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.1837947115547569
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9b1541d58e87461368f928fb9d891ef217e52d7776ce42a8a8f896bdd2b7096d

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://k99.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 239
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 239 B
552 B 364ms
189ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11266&site_id=173188&zone_id=836540&size_id=2&rf=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&kw=tsm-ad-728b&tk_flint=pbjs_lite_v6.9.0&x_source.tid=7e626378-ffc0-4a0e-a974-97a43caa8ca0&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4269909057844945
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e2018d819d93d87c31cd376129262a202e8c10208a771b2a9e89650d28786c1c

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://k99.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 239
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
561 B 93ms
60ms XHR
application/json 104.18.33.19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=272479&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2246f672f6fb41043%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A2%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A2%2C%22ren%22%3Afalse%2C%22version%22%3A%226.9.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2247922b1642a180b%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22272479%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%224849c5de5b3819d%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22272480%22%2C%22sid%22%3A%22728x90%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%7D
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.33.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df0ecaffc2a22d28682fd9420050bfbd70ad4df55be9e7fc9601ca6faf0a12e0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m0wGP8h1w85tGJ4lPHISiJRPWGy%2FJAkeqL%2FGviYnS%2Bl9VvDFlAFPgu0%2F7bpMze0Pi0wePngWvZ4twxh8leD9ACvLAkuJrLpf6oLayVTS%2Bth1F5jVcYikB9lcAda2A3MEcSMsVTJV"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://k99.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 79930479ecdbb2eb-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
54 B 408ms
243ms XHR
text/plain 185.64.190.77
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.77 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://k99.com
date: Tue, 14 Feb 2023 04:21:31 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 64 B
496 B 278ms
153ms XHR
text/javascript 13.224.191.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3227&u=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&pid=Wjd0V1ngJa2sM&cb=1&ws=1600x1200&v=23.203.336&t=2000&slots=%5B%7B%22sd%22%3A%22tsm-ad-728a%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Ftsm-ad-728a%22%2C%22kv%22%3A%7B%7D%7D%2C%7B%22sd%22%3A%22tsm-ad-728b%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Ftsm-ad-728b%22%2C%22kv%22%3A%7B%7D%7D%5D&pj=%7B%22us_privacy%22%3A%221---%22%7D&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.191.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-191-98.fra2.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: SGBWWY6W33BGXJB5FAD3
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://k99.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: 31iVSa2zawmRwdBcEmplo1tREhS83iUrG2yAp4D86xl2Y-29EFlEww==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 199ms
92ms Fetch
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

633cb8b2602677e3088b2bcb1a2628ae40b9ba36d60f9b352e4bb92b97ecfe43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49799
x-xss-protection: 0
server: cafe
etag: 1245201839703162876
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 14 Feb 2023 04:21:31 GMT

GET
H2 200 / Show response
k99.com/internal-ad-api/ 2 KB
733 B 399ms
398ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/internal-ad-api/?kw[]=bigrob&kw[]=warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it&kw[]=articles&kw[]=999thepoint-xpost&kw[]=pagetype-post&kw[]=post-669796&kw[]=hasonair&kw[]=device-desktop

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx /

Resource Hash

4b4c098d08cbcf90cc2ba1b062eb22014f0e07bd9ae3fb910a48459a60f2760a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
via: 1.1 varnish
age: 0
x-cache: MISS
x-ua-device: desktop
x-device: desktop
content-length: 661
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-varnish: 2712258680
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:31 GMT

GET
H/1.1 200
OK button.e7f9415a2e000feaab02c86dd5802747.js Show response
platform.twitter.com/js/ 8 KB
3 KB 54ms
54ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B8A) /
Resource Hash: ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 04:21:31 GMT
Content-Encoding: gzip
Age: 1751891
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2618
Last-Modified: Tue, 24 Jan 2023 21:41:06 GMT
Server: ECS (amb/6B8A)
Etag: "506673dbdb9085e7201e137e893cc152+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 /
log.pinterest.com/ 0
334 B 138ms
55ms Image
text/plain 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.pinterest.com/?type=pidget&guid=Cfu4VzgfJiLS&tv=2021110201&event=init&sub=www&button_count=0&follow_count=0&pin_count=0&profile_count=0&board_count=0&section_count=0&lang=en&nvl=en-US&via=https%3A%2F%2F999thepoint.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&viaSrc=canonical
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 varnish
x-cache: MISS
x-envoy-upstream-service-time: 4
x-pinterest-rid: 1668158268243370
content-length: 0
x-served-by: cache-lon420136-LON
pragma: no-cache
server: envoy
x-timer: S1676348492.955380,VS0,VE16
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
accept-ranges: bytes
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 attachment-BR-Headshot2.jpg
townsquare.media/site/50/files/2021/10/ 31 KB
31 KB 167ms
166ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/50/files/2021/10/attachment-BR-Headshot2.jpg?w=300&q=75

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/999C) / Express

Resource Hash

e5c31b1054e23be94e21eccc99699185d64ed342d401f658e26ffa0a80a6acc2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 varnish
age: 30024035
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 31241
last-modified: Thu, 21 Oct 2021 17:23:12 GMT
server: ECS (nag/999C)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 1841735530
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 attachment-attachment-DO-NOT-CLICK.jpg
townsquare.media/site/50/files/2023/02/ 35 KB
35 KB 168ms
167ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/50/files/2023/02/attachment-attachment-DO-NOT-CLICK.jpg?w=630&h=420&q=75

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/99A4) / Express

Resource Hash

300cb44bf8c57a7cdbf84584cb37670455bd576e51b4630e774d5ff499b86d62

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 varnish
age: 300539
x-powered-by: Express
x-cache: HIT
x-carbon-image: streamed-queue
x-ua-device: desktop
x-device: desktop
content-length: 35948
last-modified: Fri, 10 Feb 2023 17:51:05 GMT
server: ECS (nag/99A4)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 2653440186 2652567994
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

GET
H2 200 attachment-Email.jpg
townsquare.media/site/50/files/2023/02/ 25 KB
25 KB 169ms
168ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/50/files/2023/02/attachment-Email.jpg?w=630&h=271&q=75

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/99AA) / Express

Resource Hash

ee60d968695cd8086c83f174fdf82cb0bb5b239a4aa0ee7e6544cdc95e9cf70b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:31 GMT
via: 1.1 varnish
age: 297717
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 25805
last-modified: Fri, 10 Feb 2023 16:58:07 GMT
server: ECS (nag/99AA)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 2653441420 2653274217
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:30 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 43ms
42ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-1802013-1&cid=1819075421.1676348491&jid=23454469&gjid=2111817229&_gid=1206874785.1676348491&_u=6GBAgAADAAAAAE~&z=725703088

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
75 B 42ms
41ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-19109753-1&cid=1819075421.1676348491&jid=1250887472&gjid=1810777009&_gid=1206874785.1676348491&_u=6GDAgAADAAAAAE~&z=347782252

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 53ms
53ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-1802013-9&cid=1819075421.1676348491&jid=513117782&gjid=327162713&_gid=1206874785.1676348491&_u=6GDAgAADAAAAAE~&z=1722700503

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 45ms
45ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-28825804-1&cid=1819075421.1676348491&jid=1336232632&gjid=786120744&_gid=1206874785.1676348491&_u=6GDAgAADAAAAAE~&z=1134140741

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 56ms
55ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-45260060-5&cid=1819075421.1676348491&jid=399412126&gjid=1776737738&_gid=1206874785.1676348491&_u=6GDAgAADAAAAAE~&z=173698793

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 53ms
53ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-180756957-6&cid=1819075421.1676348491&jid=1090589058&gjid=559358421&_gid=1206874785.1676348491&_u=6GDAgAADAAAAAE~&z=803992479

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 14 Feb 2023 04:21:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 65ms
63ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=pageview&_s=1&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6GBAgAAD~&jid=23454469&gjid=2111817229&cid=1819075421.1676348491&tid=UA-1802013-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&cd1=bigrob&cd2=articles&cd3=999thepoint-xpost&cd4=post&cd5=Sat%20Feb%2011%202023&cd6=18%3A018&cd7=standard&cd8=193&cd9=A&cd10=yes&cd12=&cd13=&cd14=&cd15=&cd16=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&did=i5iSjo&z=1866479060

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 73ms
61ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=pageview&_s=1&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6GDAgAADAAAAAE~&jid=1250887472&gjid=1810777009&cid=1819075421.1676348491&tid=UA-19109753-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&cd1=bigrob&cd2=articles&cd3=999thepoint-xpost&cd4=post&cd5=Sat%20Feb%2011%202023&cd6=18%3A018&cd7=standard&cd8=193&cd9=A&cd10=yes&cd12=&cd13=&cd14=&cd15=&cd16=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&did=i5iSjo&z=349039076

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 77ms
63ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=pageview&_s=1&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6GDAgAADAAAAAE~&jid=513117782&gjid=327162713&cid=1819075421.1676348491&tid=UA-1802013-9&_gid=1206874785.1676348491&_av=2.4.1&_au=20&cd1=bigrob&cd2=articles&cd3=999thepoint-xpost&cd4=post&cd5=Sat%20Feb%2011%202023&cd6=18%3A018&cd7=standard&cd8=193&cd9=A&cd10=yes&cd12=&cd13=&cd14=&cd15=&cd16=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&did=i5iSjo&z=243843908

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 78ms
64ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=pageview&_s=1&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6GDAgAADAAAAAE~&jid=1336232632&gjid=786120744&cid=1819075421.1676348491&tid=UA-28825804-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&cd1=bigrob&cd2=articles&cd3=999thepoint-xpost&cd4=post&cd5=Sat%20Feb%2011%202023&cd6=18%3A018&cd7=standard&cd8=193&cd9=A&cd10=yes&cd12=&cd13=&cd14=&cd15=&cd16=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&did=i5iSjo&z=1388811467

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 78ms
65ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=pageview&_s=1&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6GDAgAADAAAAAE~&jid=399412126&gjid=1776737738&cid=1819075421.1676348491&tid=UA-45260060-5&_gid=1206874785.1676348491&_av=2.4.1&_au=20&cd1=bigrob&cd2=articles&cd3=999thepoint-xpost&cd4=post&cd5=Sat%20Feb%2011%202023&cd6=18%3A018&cd7=standard&cd8=193&cd9=A&cd10=yes&cd12=&cd13=&cd14=&cd15=&cd16=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&did=i5iSjo&z=2098304654

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 79ms
66ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=pageview&_s=1&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6GDAgAADAAAAAE~&jid=1090589058&gjid=559358421&cid=1819075421.1676348491&tid=UA-180756957-6&_gid=1206874785.1676348491&_av=2.4.1&_au=20&cd1=bigrob&cd2=articles&cd3=999thepoint-xpost&cd4=post&cd5=Sat%20Feb%2011%202023&cd6=18%3A018&cd7=standard&cd8=193&cd9=A&cd10=yes&cd12=&cd13=&cd14=&cd15=&cd16=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F110.0.5481.77%20Safari%2F537.36&did=i5iSjo&z=1675435818

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 79ms
66ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=2&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=shortcode&_u=6GDAgAADAAAAAEg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-1802013-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1327303762

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 79ms
67ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=2&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=shortcode&_u=6GDAgAADAAAAAEg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-19109753-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=836242984

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 80ms
67ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=2&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=shortcode&_u=6GDAgAADAAAAAEg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-1802013-9&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=748619623

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 80ms
68ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=2&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=shortcode&_u=6GDAgAADAAAAAEg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-28825804-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1641533831

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 118ms
109ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=2&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=shortcode&_u=6GDAgAADAAAAAEg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-45260060-5&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=2039530854

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 119ms
110ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=2&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=shortcode&_u=6GDAgAADAAAAAEg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-180756957-6&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=801106155

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 01:00:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12034
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 60 KB
4 KB 65ms
64ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a80933c717cce51df2b59fc76f4f3e81892fd743f4bff7945e8ec353ed32c649

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 04:21:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Feb 2023 04:21:32 GMT

POST
H2 200 cogitoergosum Show response
k99.com/rest/high/api/ 22 B
93 B 150ms
148ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/high/api/cogitoergosum

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

38e1e6c680ef39235e64726496ece6b39355e5fb5d2ff9f94881393427ef9d67

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
server: nginx
etag: W/"16-hwbt/zjXQQMHygKQH7w48NgHuys"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
content-length: 22
expires: Tue, 14 Feb 2023 04:21:31 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
140 B 82ms
81ms XHR
text/plain 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=897511486&t=event&_s=1&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=adblock&ea=detection&el=off&_u=6GDAAAADAAAAAGg~&jid=420754503&gjid=1681900689&cid=1819075421.1676348491&tid=UA-115003007-7&_gid=1206874785.1676348491&_r=1&_slc=1&did=i5iSjo&z=1807295740

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWL0qfXusRshGyKpnt-zMwHJaEvEcvPrkr4h-3dX7i8eIk8WWokPg5LMSdtlZ1yzuuasbawFdwAXNj_BvNBd1M7fLcNQCnnIcsvxZCsaEaFWPE1BT0ljjstA3U9uo9SMxT_jS14dA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 162ms
63ms XHR
text/html 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWL0qfXusRshGyKpnt-zMwHJaEvEcvPrkr4h-3dX7i8eIk8WWokPg5LMSdtlZ1yzuuasbawFdwAXNj_BvNBd1M7fLcNQCnnIcsvxZCsaEaFWPE1BT0ljjstA3U9uo9SMxT_jS14dA==?dmid=d245aa1e595062fe

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.S_nxdPjr6Fg.es5.O/d=1/rs=AJlcJMyErjJpOQrFyAjkmUDSCg8HHYjQDg/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-df28zVPR3MfVSon7h3gsRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-df28zVPR3MfVSon7h3gsRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://k99.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 chunk-50.4e63e14ea1fb7462d61d.1676307290547.js Show response
k99.com/public/dist/chunks/ 767 B
904 B 60ms
59ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-50.4e63e14ea1fb7462d61d.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B80) / Express

Resource Hash

465019df99a1b81e72d77b792bc2aaec9c0808f04eb10c92049b046f92408bf4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:32 GMT
via: 1.1 varnish
age: 40140
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 767
last-modified: Mon, 13 Feb 2023 17:11:23 GMT
server: ECS (amb/6B80)
etag: W/"2ff-1864bc2819e"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215733455
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:31 GMT

GET
H2 200 639a007dec9f0962af2cf6d7 Show response
k99.com/rest/carbon/api/gallery/ 41 KB
12 KB 380ms
379ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/carbon/api/gallery/639a007dec9f0962af2cf6d7

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

834fe3b0c0a1f49660c78ac318dc827f5a8f5d5c59cd82a28cb46de18c91eeb1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
server: nginx
etag: W/"a5ed-irLirKSJLhcfWrKPt/EV0BM74yU"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
expires: Tue, 14 Feb 2023 04:21:31 GMT

GET
H2 200 6217d0cd84fabc4425684d2d Show response
k99.com/rest/carbon/api/gallery/ 14 KB
3 KB 371ms
370ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/carbon/api/gallery/6217d0cd84fabc4425684d2d

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

06cdfd0a559415f396de1ad1c519dbc2e97d10688b33d3f1ff34928959eb5d1a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
server: nginx
etag: W/"36b4-it2O99604uEDOctd8g9JdQk23OM"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
expires: Tue, 14 Feb 2023 04:21:31 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
500 B 116ms
115ms XHR
application/json 18.196.218.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.9.0&referrer=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&tmax=2000

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.218.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-218-148.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
accept-ch: sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt
content-type: application/json; charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 946 B
869 B 59ms
57ms XHR
application/json 34.252.119.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1676348492255&to=0&aun=tsm-ad-300a&pv=0ddde68a-be0c-4d47-9935-50b9ec762ae3&maxw=300&maxh=600&si=9149&pi=3&bf=300x250%2C300x600&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.9.0%22%7D&ogu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ns=10240
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.119.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-119-156.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ae302c015745e664ee9c557a8e8065385c6e5758a068374f153b72702ec5707b

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://k99.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 arj Show response
townsquaremedia-d.openx.net/w/1.0/ 73 B
145 B 43ms
42ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://townsquaremedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7853d498-6ccd-43ac-82a3-5ed73de554dc&nocache=1676348492257&aus=300x250%2C300x600&divids=tsm-ad-300a&aucs=&auid=539829446
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 22410741f4a66b3c0f2f6bbef425aa97bcd6eadaee0fa3a98bd151f95da86cb4

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://k99.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
836 B 185ms
141ms XHR
application/json 69.166.1.15
AS-XFERNET

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2259b0703d8f403d2%22%3A%2252385cf1a79895898f27%7C300x250%2C300x600%7Cgpid%3D%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Fpost%22%7D&ref=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&s=d82efc8c-941b-404f-81f9-2b696583e18c&pv=2d15ede3-8b35-45b2-9b12-ce0571982a06&vp=desktop&lib_name=prebid&lib_v=6.9.0&us=5&ius=1&coppa=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

206e583cfc01eaee4cb4aeb30dead896eb3e281284b5d424018408e06a99ab67

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:32 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-25
Content-Type: application/json
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 260 B
294 B 110ms
110ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11266&site_id=173188&zone_id=836540&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&kw=tsm-ad-300a&tk_flint=pbjs_lite_v6.9.0&x_source.tid=7853d498-6ccd-43ac-82a3-5ed73de554dc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.35059484282186393
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0757e1286a5519e642a499013cd1c8e378b3dbc47b30ca12c76ff219e5e4fe0d

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://k99.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 260
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 14 KB
7 KB 123ms
123ms XHR
application/json 185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6ef8287ceb486a87e075b1bcba174716ef19a23c57ce7cfc93bd43e1fc836cd3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 14 Feb 2023 04:21:32 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f0c13423-9099-4134-bd30-a6dc030732b8
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
336 B 63ms
61ms XHR
application/json 104.18.33.19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=272476&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2266c3fe8fd5d2048%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.9.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22671f17e8d525a91%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22272476%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22272476%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%7D
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.33.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a909976ab116f9cbe75425025846363b92ea80340e36baebdc70298a43b6b7c2

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQtWi3IZi8UIyLgeaprkXYMFKyDG88mPLRxUSZPnMKVlIgaVko%2FAsMXSVJYdrhiyKmU79f%2FBubp%2FMVhe6q2mm3MZ4t5ZlxdNcbWHp%2BweD1gFp3mWjDmCb5VSHkrd3qmKU2GpAK%2Bo"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://k99.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7993047cbdaeb2eb-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
54 B 155ms
153ms XHR
text/plain 185.64.190.77
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.77 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://k99.com
date: Tue, 14 Feb 2023 04:21:31 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
456 B 95ms
94ms XHR
text/javascript 13.224.191.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3227&u=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&pid=Wjd0V1ngJa2sM&cb=2&ws=1600x1200&v=23.203.336&t=2000&slots=%5B%7B%22sd%22%3A%22tsm-ad-300a%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Ftsm-ad-300a%22%2C%22kv%22%3A%7B%7D%7D%5D&pj=%7B%22us_privacy%22%3A%221---%22%7D&cfgv=1&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.191.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-191-98.fra2.r.cloudfront.net

Software

Server /

Resource Hash

5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: QN5XHJZ9GTQFBYXAKRZ3
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://k99.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 94GN-kGV3sQczXCzzhDQ1GUcPRTld-5RQU1-oHd3svPk_A9_RKFHIA==

GET
H2 200 kuadfm-promo.jpg
townsquare.media/site/48/files/2017/10/ 5 KB
5 KB 167ms
166ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/48/files/2017/10/kuadfm-promo.jpg

Requested by

Host: k99.com
URL: https://k99.com/styles/desktop/base.css?ver=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/999A) / Express

Resource Hash

48f30bc574119db39ab98b775c39a59f927c8b8feb0393cb465946370a5922c1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:32 GMT
via: 1.1 varnish
age: 30071985
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 4819
last-modified: Wed, 16 Oct 2019 09:36:15 GMT
server: ECS (nag/999A)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 911067674
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:31 GMT

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 23 B
456 B 94ms
94ms XHR
text/javascript 13.224.191.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3227&u=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&pid=Wjd0V1ngJa2sM&cb=3&ws=1600x1200&v=23.203.336&t=2000&slots=%5B%7B%22sd%22%3A%22tsm-ad-300b%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Ftsm-ad-300b%22%2C%22kv%22%3A%7B%7D%7D%5D&pj=%7B%22us_privacy%22%3A%221---%22%7D&cfgv=1&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.191.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-191-98.fra2.r.cloudfront.net

Software

Server /

Resource Hash

1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 f046bfa1468bb4385e357c8c9128cf50.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-amz-rid: XA0SVAFSQSKMFG25HGN6
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://k99.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: UW6qOTnCVth7BHwb3oQTNMnkLXX1_Ih41rmb2ixjwG3-CqH9kbLB3w==

POST
H2 200 cogitoergosum Show response
k99.com/rest/high/api/ 22 B
93 B 145ms
144ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/high/api/cogitoergosum

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

38e1e6c680ef39235e64726496ece6b39355e5fb5d2ff9f94881393427ef9d67

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
server: nginx
etag: W/"16-hwbt/zjXQQMHygKQH7w48NgHuys"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
content-length: 22
expires: Tue, 14 Feb 2023 04:21:31 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 70ms
69ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=3&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=widget&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-1802013-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1498880544

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4823
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 72ms
69ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=3&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=widget&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-19109753-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=525617491

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4823
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 74ms
71ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=3&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=widget&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-1802013-9&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1111160505

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4823
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 75ms
72ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=3&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=widget&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-28825804-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=747511539

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4823
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 73ms
72ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=3&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=widget&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-45260060-5&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1915563183

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4823
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 74ms
73ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=3&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=app%20promo&ea=impression&el=widget&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-180756957-6&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=70114447

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4823
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 213ms
90ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-19109753-1&cid=1819075421.1676348491&jid=1250887472&_u=6GDAgAADAAAAAE~&z=561411260

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
107 B 96ms
95ms Image
image/gif 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-19109753-1&cid=1819075421.1676348491&jid=1250887472&_u=6GDAgAADAAAAAE~&z=561411260

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
636 B 208ms
207ms XHR
application/json 69.166.1.15
AS-XFERNET

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%227166435f4fb870e%22%3A%22810bf2d7e35a61283050%7C300x250%2C300x600%7Cgpid%3D%2F8328825%2Flocal%2FFort_collins%2FKUAD%2Fpost%22%7D&ref=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&s=b422a0a9-4843-4cc9-a828-a58f5b278fc9&pv=2d15ede3-8b35-45b2-9b12-ce0571982a06&vp=desktop&lib_name=prebid&lib_v=6.9.0&us=5&ius=1&coppa=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

1a1810b9d85d9c017bf9bcb5b30ae028a036afb934dded706ea229dc7fc9d483

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:32 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-114
Content-Type: application/json
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 16 KB
8 KB 186ms
186ms XHR
application/json 185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

50f84ea9ae5dac81a1a6cff3a526aad9630d60adff608a59ab8ebecc722c5efe

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 14 Feb 2023 04:21:32 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a9e76602-4fdf-4fad-b8c4-1e20ba03f757
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://k99.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 arj Show response
townsquaremedia-d.openx.net/w/1.0/ 73 B
101 B 51ms
51ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://townsquaremedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=4ee01ede-5fa1-45ab-a249-e8ce6b3f6f52&nocache=1676348492340&aus=300x250%2C300x600&divids=tsm-ad-300b&aucs=&auid=539829446
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: c86b78b246646c819ce4b4dc76faf70ac9dc52a0368996c539b28b78fe22a56d

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: application/json
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://k99.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 260 B
294 B 106ms
106ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11266&site_id=173188&zone_id=836540&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&kw=tsm-ad-300b&tk_flint=pbjs_lite_v6.9.0&x_source.tid=4ee01ede-5fa1-45ab-a249-e8ce6b3f6f52&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4278454648926888
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 1be2d3bb82d2c16cab5dc4e301ae4edbc799f02f84a174f2449cc0b8a0aa67fa

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://k99.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 260
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ 37 B
531 B 59ms
58ms XHR
application/json 104.18.33.19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=272477&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%227828938cf104b35%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.9.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22799506afdcfb563%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22272477%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22272477%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%7D
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.33.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fd3709a8e859a96fce2449f00ad73d6ac39bb46b8d8cf31133030a101adcbeb

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5zx2DLSJqkqopnk4HLscf9O2SkMmoNVknyIzM7kKxJbw60RWLgksrmNpACThkcoX7uA%2Ft2ew2r8n8UTq%2FsgrIkh9aVgsDgAGbjOEGlR5vD7zl1HgvVUYOOvop3jLjebXce1P89r"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://k99.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7993047d3cab35e3-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
54 B 204ms
204ms XHR
text/plain 185.64.190.77
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.77 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://k99.com
date: Tue, 14 Feb 2023 04:21:31 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
500 B 112ms
111ms XHR
application/json 18.196.218.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.9.0&referrer=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&tmax=2000

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.218.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-218-148.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
accept-ch: sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile
content-type: application/json; charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 946 B
869 B 55ms
54ms XHR
application/json 34.252.119.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1676348492345&to=0&aun=tsm-ad-300b&pv=0ddde68a-be0c-4d47-9935-50b9ec762ae3&maxw=300&maxh=600&si=9150&pi=3&bf=300x250%2C300x600&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%226.9.0%22%7D&ogu=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ns=10240
Requested by: Host: cdn.production.townsquareblogs.com
URL: https://cdn.production.townsquareblogs.com/wp-content/uploads/static/prebid/carbon/pb.js?domain=k99.com&v=6adf22779f1762b757b57f988c1210c174787a1b&mver=104&gver=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.119.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-119-156.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ae302c015745e664ee9c557a8e8065385c6e5758a068374f153b72702ec5707b

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://k99.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v139/ 125 KB
126 KB 63ms
63ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 07 Feb 2023 15:21:17 GMT
x-content-type-options: nosniff
age: 565215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 00:26:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Feb 2024 15:21:17 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 156ms
156ms Font
font/woff2 2a00:1450:400d:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 08:26:15 GMT
x-content-type-options: nosniff
age: 330917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Feb 2024 08:26:15 GMT

GET
H2 200 attachment-GettyImages-1438824089.jpg
townsquare.media/site/204/files/2023/02/ 14 KB
14 KB 171ms
170ms Image
image/jpeg 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/204/files/2023/02/attachment-GettyImages-1438824089.jpg?w=300&q=75

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/99B0) / Express

Resource Hash

4b45a74b01787af5342c49c46b978b71b361fd16aa4503adfedbcac46d0e7dd4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:32 GMT
via: 1.1 varnish
age: 23172
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 14673
last-modified: Mon, 13 Feb 2023 21:55:06 GMT
server: ECS (nag/99B0)
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-varnish: 3219643574 3219613752
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:31 GMT

GET
H/1.1 200
OK follow_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 71DA 40 KB
15 KB 229ms
227ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/follow_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B8A) /
Resource Hash: 2a19f79bd2859fb1dffdd7c8643dc5e58fc7a9b7fb493d68359f400c420467b3

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1751874
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 14965
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Feb 2023 04:21:32 GMT
Etag: "4fdb0b5f121db02fe652a6f4fe49d886+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:07 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B8A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
150 B 143ms
140ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2F999thepoint.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22k99colorado%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Awithcount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1676348492444%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22follow%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=3ad904b05c05d96eab546af0735e015dd2e98080

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-response-time: 104
date: Tue, 14 Feb 2023 04:21:31 GMT
strict-transport-security: max-age=631138519
last-modified: Tue, 14 Feb 2023 04:21:32 GMT
server: tsa_f
vary: Origin
content-type: image/gif
x-transaction-id: 052d0bff0f576f2a
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: 9c5caca9f7a49df5ba00aa1ae08da9fd14eeede655c5019cbbe90c2fef5a659c
content-length: 43

GET
H2 200 teju-webclient.min.js Show response
static.solutionshindsight.net/teju-webclient/ 90 KB
27 KB 598ms
443ms Script
application/javascript 143.204.215.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.solutionshindsight.net/teju-webclient/teju-webclient.min.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-72.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dddbe9034951da2c5dcb07d3ddff04735ef31baba9eb80c2de686b8e018becff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:34 GMT
content-encoding: gzip
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified: Mon, 13 Feb 2023 19:25:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
etag: "265db61288deb4424187cba4fa3962a2"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 27541
x-amz-cf-id: WkF11qEtH3-r3vvoxfjuRq6O0hATlGGQS-TYT_NTmKJgcUx3wgI8LQ==

GET
H2 200 tag.js Show response
a.teads.tv/analytics/ 11 KB
4 KB 237ms
48ms Script
text/javascript 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/analytics/tag.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 221e69003af87e6e8f934828ab416477126f3c062500e3bcb636bb9d87bf9b06

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: Y6qsPmt0o95KDo3Ibo2euzqSnxQebNV8
date: Tue, 14 Feb 2023 04:21:32 GMT
content-encoding: br
last-modified: Wed, 02 Nov 2022 09:38:15 GMT
x-amz-request-id: 7M143009WAXN3Q25
etag: "6ddfb3a828a563a7719081ff9aeedaba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: private, max-age=3600
accept-ranges: bytes
content-length: 3391
x-amz-id-2: STRx0Ic7Ail0QBZUMyPwaOMFfBJYtqEH2QK9RThy959S4vh7bnHagkR7gXzbW7US0LujPxZb7RI=

GET
H/1.1 200
OK seg Show response
secure.adnxs.com/ 0
1 KB 129ms
42ms Script
application/javascript 185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/seg?add=16816086&t=1

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:32 GMT
AN-X-Request-Uuid: af9f9e5e-4163-47e6-a314-a2ccc29f8437
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/javascript; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 tag Show response
btloader.com/ 51 KB
12 KB 133ms
43ms Script
application/javascript 2606:4700:20::ac43:4686
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5642230212591616&upapi=true
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25e87bfed8dd84d831bb89417fc48e170d00351b9479e25cf7924d7e5f0e1866

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:32 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Feb 2023 03:40:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2253
etag: W/"7584e701184ffd998b08b81816affffa"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Tvt3nSznNKw9%2FCikJ7REApwbkxikttC1GeymkRSW77LjazXeH7wa0%2BQnQkgB%2BK503GFDND0HHg65vtSWTZIeXBu6TajOb5Ri2XUIez06NRc%2FYftlMtgZtTeMFqeGSkqgNhAEhf%2BOUF%2FbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 79930480bd207744-LHR

GET
H2

200

nsjs Show response
action.media6degrees.com/orbserv/
Redirect Chain

https://action.dstillery.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=KUADFM&ncv=24
https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=KUADFM&ncv=24

5 B
143 B

166ms
140ms

Script
text/html

2606:4700::6812:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=KUADFM&ncv=24
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Server: 2606:4700::6812:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c370d9536d7d0d6a0f7cd7f9826692acd93e4fb05ba46f7b630b879740343d3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
content-type: text/html;charset=ISO-8859-1
content-language: en-GB
access-control-allow-origin: *
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
cf-ray: 79930483b80b778c-LHR

Redirect headers

location: https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=KUADFM&ncv=24
access-control-allow-origin: *
date: Tue, 14 Feb 2023 04:21:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 799304818efb778c-LHR
content-type: text/html; charset=iso-8859-1

GET
H2

200

nsjs Show response
action.media6degrees.com/orbserv/
Redirect Chain

https://action.dstillery.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=all_tsm_sv&ncv=24
https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=all_tsm_sv&ncv=24

5 B
231 B

144ms
139ms

Script
text/html

2606:4700::6812:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=all_tsm_sv&ncv=24
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Server: 2606:4700::6812:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c370d9536d7d0d6a0f7cd7f9826692acd93e4fb05ba46f7b630b879740343d3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
content-type: text/html;charset=ISO-8859-1
content-language: en-GB
access-control-allow-origin: *
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
cf-ray: 79930483b80a778c-LHR

Redirect headers

location: https://action.media6degrees.com/orbserv/nsjs?adv=cl1016361&ns=3141&nc=all_tsm_sv&ncv=24
access-control-allow-origin: *
date: Tue, 14 Feb 2023 04:21:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 799304818efd778c-LHR
content-type: text/html; charset=iso-8859-1

GET
DATA 200
OK truncated
/ Frame 71DA 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pushly-sdk.min.js Show response
cdn.p-n.io/ 220 KB
50 KB 1293ms
1139ms Script
application/javascript 99.86.4.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=XxhEZeqwl5vgeogBCzSpYGBkwAqxpjlqa5wd
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-94.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf7dae2c32561b995e83af9b21b937d7f08c7dba0871dd782668ddc968e2b4c9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
content-encoding: gzip
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
last-modified: Wed, 08 Feb 2023 07:40:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
etag: W/"445a30f823797807a2f6602d5c06e2c0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=900
x-amz-cf-id: 7GbpAVixWF9ndy9mGLPROBIDNc4SL7YSgeaDFfF4hZ0s0kGUCox5JA==

GET
H2 200 pubcid.min.js Show response
townsquare.media/public/resources/js/ 57 KB
18 KB 170ms
169ms Script
application/javascript 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://townsquare.media/public/resources/js/pubcid.min.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/999F) / Express

Resource Hash

f557eace0ab7f5c416209ea3b01c21e6bb36e52bb87b8e1ddc762c9b4ad2f94f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:33 GMT
content-encoding: gzip
via: 1.1 varnish
age: 45628
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 18369
last-modified: Tue, 30 Mar 2021 01:10:20 GMT
server: ECS (nag/999F)
etag: W/"e26f-17880ae7539"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3218197249 3214472491
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:32 GMT

GET
H2 200 azk5LmNvbQ== Show response
static.solutionshindsight.net/assets/ 2 KB
1 KB 526ms
429ms Fetch
application/json 143.204.215.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.solutionshindsight.net/assets/azk5LmNvbQ==
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-72.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b3c20c6928f5b5b4bf68d178187e4fd3e4ad3fae63c9f8430cc7be4c0010ff1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 7549433a09d06354ea864d169b689e50.cloudfront.net (CloudFront)
date: Tue, 14 Feb 2023 04:21:34 GMT
x-amz-cf-pop: FRA53-C1
x-cache: RefreshHit from cloudfront
last-modified: Fri, 16 Sep 2022 17:48:10 GMT
server: AmazonS3
etag: W/"187c73af1a0426ee5df601f77ce9689a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: ryy9CwY4K0MtTnONgbO9Lxavl2u5N3cntXd_U3MQkoVBlyzqdD0kng==

GET
H2 200 wp-banners.js Show response
static.solutionshindsight.net/teju-webclient/ 264 B
574 B 436ms
436ms Script
application/javascript 143.204.215.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.solutionshindsight.net/teju-webclient/wp-banners.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-72.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 24015e87dffbcb2aff83c109e1bb04da370a79c6a2a54b008dcf4a501db4473a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
content-encoding: gzip
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
last-modified: Mon, 13 Feb 2023 19:25:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
etag: "447f258ba962c15b6903a78e3261f75d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 190
x-amz-cf-id: xx4NBupNbE7wgnWhYxPFsQ-9efxpGkb63BGMBYeC3-k1TcZEC4tsCQ==

GET
H2

200

like.php Show response
www.facebook.com/v2.8/plugins/ Frame C733
Redirect Chain

https://web.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26dom...
https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26dom...

35 KB
14 KB

114ms
113ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FK99Colorado&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&width=47px&_rdc=1&_rdr

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2c73e10afb7f10a8ec37961abd01e46fef89b9e13dd9369a2368f071c6bd67c4

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Tue, 14 Feb 2023 04:21:34 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Jj5PdWtowyVTpnBNdlmHUz6hfBj/DYW8Uwkc6MsiSd1EsxcygOzkR/bpQaKvZDu2vvVx7hyhhXW5YcsV2ow5Yg==
x-fb-rlafr: 0
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Tue, 14 Feb 2023 04:21:34 GMT
location: https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FK99Colorado&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&width=47px&_rdc=1&_rdr
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: HNV+3VK/Mn9bhPRx5RucVsQKzP2Cs+85/Aox4dq+gyEpxbj/FQGorF9vW+2lyfj2Ar3vJD0AWnmeOLo9Wbtl8w==
x-fb-zr-redirect: 02|1676434894|

GET
H2 200 pushly-sdk.min.css
cdn.p-n.io/ 27 KB
2 KB 49ms
48ms Stylesheet
text/css 99.86.4.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.p-n.io/pushly-sdk.min.css?domain_key=XxhEZeqwl5vgeogBCzSpYGBkwAqxpjlqa5wd
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-94.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5df2498d566a9c0c42fef5906f0818a35cfc4ce1cac95e1e0eed4265c838eb10

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 05:16:17 GMT
content-encoding: gzip
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
last-modified: Wed, 05 Oct 2022 20:36:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 83118
etag: W/"5324d6c6926b312f68532f29a3bb2aec"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=86400
x-amz-cf-id: t9pNTWCRVgiJT39CEJNFp6po2fmIhy9sTnpKX1OVf-oyojxOs1h9lA==

POST
H2 204 event-stream Show response
k.p-n.io/ 0
126 B 173ms
47ms Fetch 18.197.80.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://k.p-n.io/event-stream
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.80.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-80-115.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 14 Feb 2023 04:21:34 GMT
access-control-allow-headers: *
access-control-max-age: 600
access-control-allow-methods: *

POST
H2 204 event-stream Show response
k.p-n.io/ 0
125 B 169ms
48ms Fetch 18.197.80.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://k.p-n.io/event-stream
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.80.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-80-115.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 14 Feb 2023 04:21:34 GMT
access-control-allow-headers: *
access-control-max-age: 600
access-control-allow-methods: *

GET
H2 200 GIwpUF0qWVe.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/ym/l/en_US/ Frame C733 526 KB
136 KB 152ms
52ms XHR
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/ym/l/en_US/GIwpUF0qWVe.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff9ecaf49718%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FK99Colorado&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&width=47px&_rdc=1&_rdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

22e572f2a25f562571a0b6a52e1950d01e650c3ed1cf95f1dc6a24ee4aa3cbd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: y+Bug20+4NyrqBOWEQImcw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 138293
x-fb-rlafr: 0
x-fb-debug: AwIMHRfLwy/L1CohzyNt1SIfcqt8DGCh5Ys/3rWps0DVBoYn5SWDERTXeRfBaFKNvRoYzae6DoBoCJp5vtovMw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 13 Feb 2024 21:07:00 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame C733 299 B
563 B 47ms
46ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:34 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: AfHGqbZH2kdFQf3b2U9bph/zUxxmnouf0oS4J+jAw6D8PdDnZd9a8MirsnolF6euzHW6ztDvgwrtjjMVi6f2jw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Mon, 05 Feb 2024 07:02:55 GMT

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 1B88 0
91 B 46ms
40ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame BC14 0
80 B 44ms
40ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET sync
eb2.3lift.com/ 0
0

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 72A9 0
80 B 39ms
39ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame DF70 16 KB
6 KB 279ms
76ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=28025
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 12:08:39 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 1CA9 0
80 B 40ms
39ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 8FC2 16 KB
6 KB 279ms
79ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=28025
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 12:08:39 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 55B5 37 B
140 B 140ms
50ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:34 GMT

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame C1D7 3 KB
2 KB 38ms
38ms Document
text/html 172.64.151.162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 41
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 7993048c39e51893-MAN
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 08:21:34 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 0305 37 B
139 B 136ms
51ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:34 GMT

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame CA28 3 KB
1 KB 35ms
35ms Document
text/html 172.64.151.162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 41
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 7993048c49e81893-MAN
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 08:21:34 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 2FA1 3 KB
1 KB 34ms
34ms Document
text/html 172.64.151.162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 41
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 7993048c49ea1893-MAN
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 08:21:34 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame C744 3 KB
1 KB 34ms
34ms Document
text/html 172.64.151.162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 41
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 7993048c49ed1893-MAN
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 08:21:34 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 4E03 281 B
554 B 355ms
76ms Document
text/html 23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Feb 2023 04:21:35 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 33C2 37 B
139 B 126ms
51ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:34 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0437 16 KB
6 KB 331ms
151ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=28025
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 12:08:39 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame CC46 16 KB
6 KB 329ms
150ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=28025
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 12:08:39 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200 9.gif
id5-sync.com/s/441/ 43 B
1 KB 161ms
48ms Image
image/gif 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/441/9.gif?puid=e_5870a9b9-d067-4641-a65e-dbca116285cd&gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 14 Feb 2023 04:21:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H/1.1 200 9.gif
id5-sync.com/s/441/ 43 B
1 KB 160ms
48ms Image
image/gif 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/441/9.gif?puid=e_b88d0fbf-fbbf-428c-85af-670b4ee2b484&gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 14 Feb 2023 04:21:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H/1.1 200 9.gif
id5-sync.com/s/441/ 43 B
1 KB 162ms
49ms Image
image/gif 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/441/9.gif?puid=e_4b48c76f-ad13-4072-99b7-b306a2b03a9e&gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 14 Feb 2023 04:21:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

OPTIONS
H2 200 _bulk
funes.solutionshindsight.net/events/ Frame 0
0 389ms
120ms Preflight
text/plain 18.235.165.126
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://funes.solutionshindsight.net/events/_bulk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.165.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-165-126.compute-1.amazonaws.com
Software: uvicorn /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://k99.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://k99.com
access-control-max-age: 600
content-length: 2
content-type: text/plain; charset=utf-8
date: Tue, 14 Feb 2023 04:21:35 GMT
server: uvicorn
vary: Origin

POST
H2 201 _bulk Show response
funes.solutionshindsight.net/events/ 578 B
716 B 166ms
164ms Fetch
application/json 18.235.165.126
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://funes.solutionshindsight.net/events/_bulk
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.165.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-165-126.compute-1.amazonaws.com
Software: uvicorn /
Resource Hash: 65b519b8f4e0da3da93026b5d59d2aeff92030b4c48a34883e45090fd113e122

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Tue, 14 Feb 2023 04:21:35 GMT
access-control-allow-credentials: true
server: uvicorn
content-length: 578
content-type: application/json

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F2ED 79 KB
27 KB 128ms
127ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfe1d46750622738b73ecc487555f400a20096d26d5f772fedd6ddc1b3ad3e92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27278
x-xss-protection: 0
server: sffe
etag: "1482 / 163 of 1000 / last-modified: 1676329685"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Feb 2023 04:21:34 GMT

GET
H2 200 didna_config.js Show response
storage.googleapis.com/didna_hb/hindsight/townsquaremedialocal/ Frame F2ED 11 KB
11 KB 273ms
155ms Script
text/javascript 2a00:1450:4001:80b::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/didna_hb/hindsight/townsquaremedialocal/didna_config.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 96223b08ff5c8aa42bbbb9830043de9cc3585ec6f0ea1232d3e0a6c43f506300

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
x-guploader-uploadid: ADPycdvnvDq58ggSsKWRj9B7XU7UTUrMHGzkJm996ST3i0s_103WWNFCWtJOtlpYmnNNeCg5HPI7YmUH9z5ksYp6bcq4heAhUuE3
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11139
last-modified: Tue, 24 Jan 2023 03:43:32 GMT
server: UploadServer
etag: "2a708af6077ad5cd6e64c875c5ac2a35"
x-goog-generation: 1674531812256603
content-type: text/javascript
x-goog-hash: crc32c=8JTuCA==, md5=KnCK9gd61c1uZMh1xawqNQ==
cache-control: no-store
x-goog-stored-content-length: 11139
accept-ranges: bytes
expires: Wed, 14 Feb 2024 04:21:35 GMT

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 3BC6 37 B
139 B 51ms
50ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:34 GMT

GET
H3 200 pubads_impl_2023020901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F2ED 386 KB
130 KB 61ms
60ms Script
text/javascript 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023020901.js?cb=31072343

Requested by

Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

980c5d3f2c9d21b9c5ddd170f98a7a3f77a8e96cf2406ed205d5ce339aeabf91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 12:01:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 404412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133132
x-xss-protection: 0
last-modified: Thu, 09 Feb 2023 09:35:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 09 Feb 2024 12:01:22 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame F2ED 763 B
542 B 85ms
84ms XHR
application/json 2a00:1450:400d:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=k99.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

757b00def4ee826bb13ad1cea6a2a2581de1d2487e7ce3b1fe0a0389156c6137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 358
x-xss-protection: 0
expires: Tue, 14 Feb 2023 04:21:35 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame DF70 3 KB
3 KB 131ms
35ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=30224939&p=156725&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: d37351b024331578ff6ab3777bb2f77420e12c8d8e9c2d32b5ac4befa99b978e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 14 Feb 2023 04:21:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
BLOB 200
OK feaaa783-07fd-4a81-ae59-ad0484bca507
https://k99.com/ Frame F2ED 594 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://k99.com/feaaa783-07fd-4a81-ae59-ad0484bca507
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c7bf6fd89eb097c1f7cf0a33ba3ff0b9edc9ef69a2e496fa332c688841a8841

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Length: 594
Content-Type: text/javascript

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 4E03 33 KB
10 KB 77ms
77ms Script
text/html 23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 881cb99b0ea08434a292febe4de0aad280e9d2cb6ab46053de91ae2b93e766ce

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 04:21:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Feb 2023 13:41:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=33502
Connection: keep-alive
Content-Length: 10007
Expires: Tue, 14 Feb 2023 13:39:57 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame F43D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=

35 B
477 B

56ms
55ms

Document
image/gif

37.157.6.241
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:35 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Tue, 14 Feb 2023 04:21:35 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5466
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&gdpr=0&gdpr_consent=

42 B
323 B

36ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Tue, 14 Feb 2023 04:21:35 GMT
Expires: Tue, 14 Feb 2023 04:21:34 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 457 2362390 master cdg-pixel-x33 config:1.0.0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame B533
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4567604272942700702

42 B
275 B

36ms
36ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4567604272942700702
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4567604272942700702
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 41CA 43 B
363 B 204ms
44ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-cache
content-type: image/gif
cross-origin-resource-policy: cross-origin
date: Tue, 14 Feb 2023 04:21:34 GMT
expires: Tue, 14 Feb 2023 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 467232
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame C551
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI

42 B
339 B

86ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Tue, 14 Feb 2023 04:21:35 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H/1.1

200
OK

dcm Show response
aax-eu.amazon-adsystem.com/s/ Frame 2AA4
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent=&dcc=t

43 B
855 B

209ms
209ms

Document
image/gif

52.95.125.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent=&dcc=t

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 14 Feb 2023 04:21:35 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: FQJDJRSHHZ6BGJS5WY9T

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Tue, 14 Feb 2023 04:21:35 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 8R36KCYJZ4BM00P34APP

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A3FD
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5686683875299866847&gdpr=0&gdpr_consent=

42 B
449 B

151ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5686683875299866847&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

AN-X-Request-Uuid: 14f6ecad-e246-442d-8641-a66b143566b7
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Feb 2023 04:21:35 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5686683875299866847&gdpr=0&gdpr_consent=
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame DF70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qsPglj01Qdq7eunk6yHXwQ%3D%3D&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qsPglj01Qdq7eunk6yHXwQ%3D%3D&gdpr=0&gdpr_consent=&google_tc=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

4 KB
4 KB

78ms
76ms

Image
text/html

2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Protocol: H2
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=28024
accept-ranges: bytes
content-length: 5554
expires: Tue, 14 Feb 2023 12:08:39 GMT

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

404

gdpr_consent=
sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=34e16849e5e3e587/gdpr=0/ Frame DF70
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=a19efcd71d16a17380b80070952ec82e&gdpr=0
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=34e16849e5e3e587/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...

49 B
266 B

173ms
52ms

Image
image/gif

52.48.166.87
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=34e16849e5e3e587/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
Protocol: H2
Server: 52.48.166.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-166-87.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.25.250
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=34e16849e5e3e587/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
content-length: 0

GET
H2

200

Artemis
aud.pubmatic.com/AdServer/ Frame DF70
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&addseg=11,34,40

0
0

193ms
37ms

Image
application/json

185.64.190.87
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&addseg=11,34,40
Protocol: H2
Server: 185.64.190.87 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Redirect headers

date: Tue, 14 Feb 2023 04:21:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&addseg=11,34,40
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame DF70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUFDM0UwOTYtM0QzNS00MURBLUJCN0EtRTlFNEVCMjFEN0Mx&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUFDM0UwOTYtM0QzNS00MURBLUJCN0EtRTlFNEVCMjFEN0Mx&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

38ms
37ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:35 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame DF70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEALEztouxHUxjaHYwWtE1oQ&google_cver=1

42 B
298 B

37ms
36ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEALEztouxHUxjaHYwWtE1oQ&google_cver=1
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:35 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEALEztouxHUxjaHYwWtE1oQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame DF70 43 B
612 B 153ms
44ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 13 Feb 2023 04:21:35 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame DF70
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3776810609572782859

42 B
219 B

35ms
35ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3776810609572782859
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:35 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3776810609572782859
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame DF70 70 B
264 B 49ms
47ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame DF70
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=93a2652c-2fdf-49cc-a207-eea8ed811ccd
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=93a2652c-2fdf-49cc-a207-eea8ed811ccd
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=6d8f80cc-f108-4b17-9d3f-f4186fabd0e3&user_group=1&ssp=pubmatic&bsw_param=93a2652c-2fdf-49cc-a207-eea8ed811ccd
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a2652c-2fdf-49cc-a207-eea8ed811ccd&gdpr=&gdpr_consent=&gdpr_pd=

1 B
264 B

35ms
35ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a2652c-2fdf-49cc-a207-eea8ed811ccd&gdpr=&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 04:21:36 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a2652c-2fdf-49cc-a207-eea8ed811ccd&gdpr=&gdpr_consent=&gdpr_pd=
date: Tue, 14 Feb 2023 04:21:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
BLOB 200
OK 03034ead-eedb-475a-b138-93d9181c34a6 Show response
https://k99.com/ Frame F2ED 146 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://k99.com/03034ead-eedb-475a-b138-93d9181c34a6
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5e217ee8a059e5fd0860a9f4a75e30caf62646613163e47323664dbe423fd0d

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Length: 149916
Content-Type: text/javascript

GET
H2 200 config.js Show response
cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/ Frame F2ED 124 KB
29 KB 124ms
46ms Script
text/javascript 2606:4700::6812:106b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/config.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:106b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce87a7c8ea8f189fb8e71b16b962b15f263a1cb37e19500e45b6992d316f3fbe

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Feb 2023 03:12:40 GMT
server: cloudflare
x-amz-request-id: 0CQAQGPSCX1HEZFY
age: 328
etag: W/"4ebcca2eaf92604fce16e7f04121bd9e"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 799304907ee676cb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: b06kdIyTFoHH+auF1Cq/m7lZIJxzbmzZRSNy4CWd/sjETIldyCdGRWcjdl3I4nB5V+2GPY1ggx8=

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/159745/4535/ Frame F2ED 215 KB
66 KB 76ms
76ms Script
application/javascript 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/159745/4535/pwt.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d557de3f39744cf5f2dc1fd949f47e98362dfdb6bd43a8b691d5b61bfb63fd95

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
content-encoding: gzip
last-modified: Mon, 31 Oct 2022 16:33:39 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=106222
accept-ranges: bytes
content-length: 66761
expires: Wed, 15 Feb 2023 09:51:57 GMT

GET
BLOB 200
OK f5ba7d7d-fd54-47ee-8ae8-f5c55d0db8d8 Show response
https://k99.com/ Frame F2ED 488 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://k99.com/f5ba7d7d-fd54-47ee-8ae8-f5c55d0db8d8
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79ef8e3c8004ae64ac947bf7de25ca3b4b359dc056493bbed831e459c346f24e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Length: 499749
Content-Type: text/javascript

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/gptprebidnative/202212211045/ Frame F2ED 216 KB
68 KB 47ms
46ms Script
application/javascript 2606:4700::6812:106b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/gptprebidnative/202212211045/wrap.js
Requested by: Host: k99.com
URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:106b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Dec 2022 15:47:15 GMT
server: cloudflare
x-amz-request-id: 56VWPZSPDH9RP46Y
age: 388393
etag: W/"fa407ba001f2ac06196124f41d523471"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 799304911f1d76cb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: BSmOQBMvaie4QAivkUdNSSGMHaoJTtULVtdpNIwZCIuAhCGVchEqlt4kLux0BPt4R5jUJ35JRxVOzwoESMBR7A==

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 4E03
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/Ulquadnz6k7WMkDA9nFuR8n5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-JfUJBM5E2oKbvwwBmYHqo4hwTwvk6NuPXAISTQ--~A

0
239 B

49ms
49ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-JfUJBM5E2oKbvwwBmYHqo4hwTwvk6NuPXAISTQ--~A
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 14 Feb 2023 04:21:36 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-JfUJBM5E2oKbvwwBmYHqo4hwTwvk6NuPXAISTQ--~A
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4E03
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjM2YTFhMDRiZGMyOWY3NzFkZTEyZTdkMTE0NmM4OGZmNmE0OGFkZQ

170 B
188 B

57ms
57ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjM2YTFhMDRiZGMyOWY3NzFkZTEyZTdkMTE0NmM4OGZmNmE0OGFkZQ

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjM2YTFhMDRiZGMyOWY3NzFkZTEyZTdkMTE0NmM4OGZmNmE0OGFkZQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 28e1e7d28d06b07ec669bc9e43057b8e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 4E03
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=238ATgEeRe6FEgqQ0MYw8w&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=238ATgEeRe6FEgqQ0MYw8w

43 B
479 B

133ms
133ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=238ATgEeRe6FEgqQ0MYw8w

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:36 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: W2TH3NVNG3ET20MBPBJ9
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=238ATgEeRe6FEgqQ0MYw8w
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 4E03
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=8h0PNCK0RgqLcCxFebsZYg&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=8h0PNCK0RgqLcCxFebsZYg

43 B
479 B

55ms
55ms

Image
image/gif

52.95.125.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=8h0PNCK0RgqLcCxFebsZYg

Protocol

HTTP/1.1

Server

52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Feb 2023 04:21:36 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 7QRS3TXSM5G5VN2N619S
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=8h0PNCK0RgqLcCxFebsZYg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 4E03
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN4Nf5BdSai1igBEhzkVtmk&google_cver=1

0
239 B

311ms
50ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN4Nf5BdSai1igBEhzkVtmk&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 28e1e7d28d06b07ec669bc9e43057b8e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEN4Nf5BdSai1igBEhzkVtmk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 4E03 70 B
264 B 48ms
46ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 4E03
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LE3QLYP5-13-D9AQ

0
674 B

352ms
277ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LE3QLYP5-13-D9AQ
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:35 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1C9BC6F75E04403BBEF4F65527DB5F12 Ref B: LON04EDGE1207 Ref C: 2023-02-14T04:21:36Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-source-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0oUyi57cePtnEtgHxVA==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LE3QLYP5-13-D9AQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4E03
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEUzUUxZUDUtMTMtRDlBUQ==

170 B
188 B

58ms
57ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEUzUUxZUDUtMTMtRDlBUQ==

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEUzUUxZUDUtMTMtRDlBUQ==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 chunk-9.72819ecd3d539b71bdd0.1676307290547.js Show response
k99.com/public/dist/chunks/ 3 KB
1 KB 56ms
54ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-9.72819ecd3d539b71bdd0.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6BA5) / Express

Resource Hash

9cc14ff6368a484d4980452f0957f5359569e23f9a90b2a523d285a21946892e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:36 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40089
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 1191
last-modified: Mon, 13 Feb 2023 17:11:23 GMT
server: ECS (amb/6BA5)
etag: W/"cdd-1864bc2819e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 3215778949 3215755089
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:35 GMT

GET
H2 200 chunk-13.160551b2c398e9d58ab7.1676307290547.js Show response
k99.com/public/dist/chunks/ 28 KB
7 KB 68ms
67ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-13.160551b2c398e9d58ab7.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (lhb/63A8) / Express

Resource Hash

587ce8b863a4285bec6e1952516bb554812def226169612c6c26dc3241f549f2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:36 GMT
content-encoding: gzip
via: 1.1 varnish
age: 40010
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 7333
last-modified: Mon, 13 Feb 2023 17:11:22 GMT
server: ECS (lhb/63A8)
etag: W/"70c2-1864bc27cf9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703213175
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:35 GMT

GET
H2 200 chunk-2.158fab88e994fe9c9286.1676307290547.js Show response
k99.com/public/dist/chunks/ 573 B
704 B 56ms
55ms Script
application/javascript 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/public/dist/chunks/chunk-2.158fab88e994fe9c9286.1676307290547.js

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (amb/6B7F) / Express

Resource Hash

dc4a4a48cde6d8fc53ffb1e0268be31726d816b46d002afcbc6ee0942375c7a8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: A
date: Tue, 14 Feb 2023 04:21:36 GMT
via: 1.1 varnish
age: 40089
x-powered-by: Express
x-cache: HIT
x-ua-device: desktop
x-device: desktop
content-length: 573
last-modified: Mon, 13 Feb 2023 17:11:26 GMT
server: ECS (amb/6B7F)
etag: W/"23d-1864bc28a46"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 2703213182 2703188413
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:35 GMT

POST
H2 200 cogitoergosum Show response
k99.com/rest/high/api/ 22 B
95 B 142ms
142ms Fetch
application/json 93.184.220.223
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://k99.com/rest/high/api/cogitoergosum

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.220.223 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

nginx / Express

Resource Hash

38e1e6c680ef39235e64726496ece6b39355e5fb5d2ff9f94881393427ef9d67

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Feb 2023 04:21:36 GMT
server: nginx
etag: W/"16-hwbt/zjXQQMHygKQH7w48NgHuys"
x-powered-by: Express
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-ua-device: desktop
cache-control: no-cache
gdpr-source: GB
x-device: desktop
content-length: 22
expires: Tue, 14 Feb 2023 04:21:35 GMT

GET
H3

200

like.php Show response
www.facebook.com/v2.8/plugins/ Frame A845
Redirect Chain

https://web.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26...
https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26...

47 KB
15 KB

137ms
137ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=51&href=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&_rdc=1&_rdr

Requested by

Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8212c87de4fc1b8d1d39f895ecba0b8d2e7ce91061998998f240347f24506bec

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Tue, 14 Feb 2023 04:21:37 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v10.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: GK1qfj5eifyX8iqXWDmjgV6sk2lCpG5JYnLeAw4fNVNkldPeexzUeOC/YzMofSbr8aKrGMNa5nPfDEp7/k81Kw==
x-fb-rlafr: 0
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Tue, 14 Feb 2023 04:21:36 GMT
location: https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=51&href=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&_rdc=1&_rdr
origin-agent-cluster: ?0
priority: u=3,i
strict-transport-security: max-age=15552000; preload
x-fb-debug: piCOr4C8YUfVDIPIVdtKPyp22qmALUc22sdNWhiF4N/sWbZ4E1K+tXnodnOwgsH8n92R1MOB2gTwFNidP6wN6Q==
x-fb-zr-redirect: 02|1676434896|

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 63ms
61ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=4&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=social%20overlay&ea=impression&el=sailthru&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-1802013-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1467947084

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4827
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 64ms
62ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=4&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=social%20overlay&ea=impression&el=sailthru&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-19109753-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1000038787

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4827
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 64ms
62ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=4&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=social%20overlay&ea=impression&el=sailthru&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-1802013-9&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=2143650749

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4827
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 65ms
63ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=4&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=social%20overlay&ea=impression&el=sailthru&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-28825804-1&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=1081986640

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4827
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 65ms
63ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=4&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=social%20overlay&ea=impression&el=sailthru&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-45260060-5&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=17387701

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4827
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 65ms
64ms Image
image/gif 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=897511486&t=event&_s=4&dl=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&dp=%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&ul=en-us&de=UTF-8&dt=Warning%3A%20This%20Colorado%20Email%20Scam%20Going%20Around.%20Don%27t%20Fall%20For%20It&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=social%20overlay&ea=impression&el=sailthru&_u=6GDAgAADAAAAAGg~&jid=&gjid=&cid=1819075421.1676348491&tid=UA-180756957-6&_gid=1206874785.1676348491&_av=2.4.1&_au=20&did=i5iSjo&z=919805619

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 03:01:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4827
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attachment-1461.png
townsquare.media/site/48/files/2022/04/ 27 KB
27 KB 168ms
167ms Image
image/png 192.229.144.129
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://townsquare.media/site/48/files/2022/04/attachment-1461.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.144.129 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (nag/999F) / Express

Resource Hash

da8517a0729d16d2679b75dd455141718a58a6a12dfc73e681dd07592b1b59e3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-abgroup: B
date: Tue, 14 Feb 2023 04:21:36 GMT
via: 1.1 varnish
age: 25109084
x-powered-by: Express
x-cache: HIT
x-carbon-image: compressed-gm
x-ua-device: desktop
x-device: desktop
content-length: 27331
last-modified: Fri, 29 Apr 2022 13:10:49 GMT
server: ECS (nag/999F)
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-varnish: 1100679428
cache-control: no-cache
gdpr-source: GB
accept-ranges: bytes
expires: Tue, 14 Feb 2023 04:21:35 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame A845 299 B
467 B 47ms
46ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=51&href=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&_rdc=1&_rdr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:37 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: AfHGqbZH2kdFQf3b2U9bph/zUxxmnouf0oS4J+jAw6D8PdDnZd9a8MirsnolF6euzHW6ztDvgwrtjjMVi6f2jw==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Mon, 05 Feb 2024 07:02:55 GMT

GET
H3 200 GIwpUF0qWVe.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/ym/l/en_US/ Frame A845 526 KB
135 KB 51ms
50ms XHR
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/ym/l/en_US/GIwpUF0qWVe.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.8/plugins/like.php?action=like&app_id=1594907847365407&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df243077e5a39c7c%26domain%3Dk99.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fk99.com%252Ff18dd66420d91bc%26relation%3Dparent.parent&container_width=51&href=https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F&layout=button&locale=en_US&sdk=joey&share=false&show_faces=false&size=large&_rdc=1&_rdr

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

22e572f2a25f562571a0b6a52e1950d01e650c3ed1cf95f1dc6a24ee4aa3cbd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:37 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: y+Bug20+4NyrqBOWEQImcw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 138293
x-fb-rlafr: 0
x-fb-debug: AwIMHRfLwy/L1CohzyNt1SIfcqt8DGCh5Ys/3rWps0DVBoYn5SWDERTXeRfBaFKNvRoYzae6DoBoCJp5vtovMw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 13 Feb 2024 21:07:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame DF70 0
261 B 337ms
43ms Script
text/plain 198.47.127.20

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156725&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:36 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 263ms
42ms Preflight
application/json 2a02:2638::1c

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fk99.com%2F&domain=k99.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://k99.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 14 Feb 2023 04:21:37 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 399315
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ Frame F2ED 49 B
244 B 621ms
341ms XHR
application/json 2600:1901:0:8344::

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0010b00002QMH4LAAX&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/159745/4535/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://k99.com
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2

200

sid Show response
mug.criteo.com/ Frame F2ED
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fk99.com%2F&domain=k99.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=vwvEpnxBTis3UmVHV2VwQ293d0p5TXp0cWYrWFJvR3Juam44cEEvdENHS3dYejkzKzhLVnMrMTRUajBaMzEvbkVVdlZVWGlFTHRIQUxmVjJ6dmlMOEhQME8yMG9DdUV1OW05VWNaZGdlT3Qwb0VLeitpS25zS1JDTnRqc3...

370 B
537 B

133ms
48ms

XHR
application/json

178.250.2.146

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=vwvEpnxBTis3UmVHV2VwQ293d0p5TXp0cWYrWFJvR3Juam44cEEvdENHS3dYejkzKzhLVnMrMTRUajBaMzEvbkVVdlZVWGlFTHRIQUxmVjJ6dmlMOEhQME8yMG9DdUV1OW05VWNaZGdlT3Qwb0VLeitpS25zS1JDTnRqc3ZMbVd6eGFBeEZxQ0xKcE45UksyaDI5UjhmZEJyVGJSdHNiSUsreFdHdVV0ZDZQdTdqaVpLUU1tMUtiT3lxa2dzQ1VOdTFoeENoVmN0Y1QwY1U1dllpL2NhamdiK3V3N2tQckczdk84b2JiOWhhWjRyWWNJPXw&cppv=2

Protocol

Server

178.250.2.146 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

ac00380ee479f981bf1e37150367b2359f448c90c1ecfe997a9982fb79b61507

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1464706
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:37 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=vwvEpnxBTis3UmVHV2VwQ293d0p5TXp0cWYrWFJvR3Juam44cEEvdENHS3dYejkzKzhLVnMrMTRUajBaMzEvbkVVdlZVWGlFTHRIQUxmVjJ6dmlMOEhQME8yMG9DdUV1OW05VWNaZGdlT3Qwb0VLeitpS25zS1JDTnRqc3ZMbVd6eGFBeEZxQ0xKcE45UksyaDI5UjhmZEJyVGJSdHNiSUsreFdHdVV0ZDZQdTdqaVpLUU1tMUtiT3lxa2dzQ1VOdTFoeENoVmN0Y1QwY1U1dllpL2NhamdiK3V3N2tQckczdk84b2JiOWhhWjRyWWNJPXw&cppv=2
access-control-allow-origin: https://k99.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 953125
content-length: 0
expires: 0

POST
H/1.1 200 725.json Show response
id5-sync.com/g/v2/ Frame F2ED 216 B
617 B 49ms
48ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/725.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/159745/4535/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

466fcdb8b621eb1294be04478f81a149d29fd48d282a195339ad299365803244

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://k99.com
date: Tue, 14 Feb 2023 04:21:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ Frame F2ED 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ Frame F2ED 43 B
312 B 275ms
57ms XHR
application/json 52.48.107.147

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id?gdpr_applies=false
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/159745/4535/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.107.147 -, , ASN (),
Reverse DNS
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:37 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://k99.com
cache-control: no-cache
x-server: 10.45.11.147
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame F2ED 63 B
383 B 47ms
47ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/159745/4535/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 01bc585c2d32615b326cab6bd32346c25dfc04dda948f763115fb911beac250a

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 14 Feb 2023 04:21:37 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Thu, 16 Mar 2023 04:21:37 GMT

GET
H2 200 json Show response
trc.taboola.com/townsquaremediatsm-newcountry991/trc/3/ 84 KB
23 KB 173ms
165ms XHR
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/townsquaremediatsm-newcountry991/trc/3/json?tim=04%3A21%3A37.821&lti=crossorigin_test_2_ctrl&data=%7B%22id%22%3A435%2C%22ii%22%3A%22%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1676282804997%2C%22vi%22%3A1676348497818%2C%22cv%22%3A%2220230212-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22k99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22pev%22%3A10331%2C%22cmps%22%3A1%2C%22ga%22%3Atrue%2C%22gwto%22%3Atrue%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%2C%22vpi%22%3A%22%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%22%2C%22e%22%3A%22https%3A%2F%2Fk99.com%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A56198%2C%22nsid%22%3A%22townsquaremediatsm-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-below%3Apub%3Dtownsquaremediatsm-network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A54435.484375%2C%22mw%22%3A730%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-rr%3Apub%3Dtownsquaremediatsm-network%3Aabp%3D0%22%2C%22uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22orig_uip%22%3A%22Right%20Rail%20Thumbnails%22%2C%22cd%22%3A530%2C%22mw%22%3A300%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fwarning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it%2CBelow%20Article%20Thumbnails%3Dthumbnails-below%3Apub%3Dtownsquaremediatsm-network%3Aabp%3D0%2C%2CRight%20Rail%20Thumbnails%3Dthumbnails-rr%3Apub%3Dtownsquaremediatsm-network%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22crossorigin_test_2_ctrl%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230212-24-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2a4d031539241db0e86a38c2f5076a739b0ec53a90321aad7f044250b3e4f418

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 130
date: Tue, 14 Feb 2023 04:21:37 GMT
content-encoding: gzip
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600047-LCY
server: nginx
x-timer: S1676348498.844721,VS0,VE130
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://k99.com
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 158ms
42ms Preflight
application/json 178.250.2.146

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 546231
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 cta-component.20230212-24-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 19 KB
5 KB 36ms
36ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/cta-component.20230212-24-RELEASE.es6.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0f50638cdc3c746b6b9d829c4e482a0342da6a8cb27e6fbe4f5e24e22363187c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: Nb0PgIDUOhGJSyy.lomNr2de.0G6Y38l
content-encoding: gzip
via: 1.1 varnish
date: Tue, 14 Feb 2023 04:21:38 GMT
x-amz-request-id: RKR9JJTWHSPS8N2J
age: 48714
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 4739
x-amz-id-2: 443pLu+XlImJffMVAY2UJaIAw5ZNJx5Hzt5b67yz8e6zk7wHI/+540xTj9oMkRT61aAB0BGR3q8=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Mon, 13 Feb 2023 14:32:20 GMT
server: AmazonS3
x-timer: S1676348498.060976,VS0,VE0
etag: "785d313b7b8de83e864012b86d29dfcd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 50
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 928

GET
H2 200 UnitWidgetItemDesktop.min.js Show response
vidstat.taboola.com/lite-unit/3.9.8/ 103 KB
30 KB 36ms
35ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e9008fe282850688d5c8544707e9d97ff6d737ee6791afc1d60448750a451b0a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 b2c5bb2dfa91176e0d4f75ea11ff9bcc.cloudfront.net (CloudFront), 1.1 varnish
content-encoding: gzip
x-amz-cf-pop: LHR3-C1
age: 2685079
x-cache: Hit from cloudfront, HIT
content-length: 29909
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Tue, 22 Nov 2022 07:02:09 GMT
server: AmazonS3
x-timer: S1676348498.071088,VS0,VE0
etag: "1842444d4bb92087143326a4d508875d"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: i_sQe0714jH-LTU5k7t39hxmOrSgvrYEeIj5OncsdMg6leBpTDdWAA==
x-cache-hits: 117297

GET
H2 200 userx.20230212-24-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 17 KB
6 KB 40ms
39ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20230212-24-RELEASE.es6.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f7cb1120b82d5615541acc61e6b13bbf181afbb3832bb59376a63848472f205

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: bHxvmNat5sT_QMnX.FBw_wqoxockCdEO
content-encoding: gzip
via: 1.1 varnish
date: Tue, 14 Feb 2023 04:21:38 GMT
x-amz-request-id: 4APGKTT9SXEJESKZ
age: 48740
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5399
x-amz-id-2: gU9E8bEw/9AOwGiiN8OeRafTdWjH8PxuAKg9jYdoAHzYrPgCjqWwjlJkv4wRx3cQ21iPjKthoVQ=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Mon, 13 Feb 2023 14:32:54 GMT
server: AmazonS3
x-timer: S1676348498.071162,VS0,VE0
etag: "968f91379cc14c2c5970eb5533471bad"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 50
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 12

GET
H2 200 c3ac02cff2071373e7fe84905986daa2.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
13 KB 40ms
37ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c3ac02cff2071373e7fe84905986daa2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b101273fd9f0f3a076350cdffefc15f4366d1b0ae4872a47c462a8e0be0261b7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c3ac02cff2071373e7fe84905986daa2.png
age: 3585700
edge-cache-tag: 516457037019218418765420292402544107499,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 516457037019218418765420292402544107499,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 55
expiration: expiry-date="Thu, 12 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.maxifoot.fr/
content-length: 12406
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
x-served-by: cache-iad-kjyo7100112-IAD, cache-iad-kcgs7200165-IAD, cache-bur-kbur8200098-BUR, cache-iad-kiad7000165-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 12 Dec 2022 14:26:53 GMT
server: nginx
x-timer: S1676348498.095963,VS0,VE1
etag: "5b239370325a54dbe3e49fda73170503"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 624, 1

GET
H2 200 8ce8c2545c88f700b77f6128d237c849.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 21 KB
21 KB 41ms
39ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8ce8c2545c88f700b77f6128d237c849.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: dbf27ed1055ac4b5f8fca1d2095d5b77aa3ef650a59c0f6174c82d811f5914d6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8ce8c2545c88f700b77f6128d237c849.jpeg
age: 3903230
edge-cache-tag: 518976867323780142643021752323526857243,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 518976867323780142643021752323526857243,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 163
expiration: expiry-date="Thu, 12 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
content-length: 21144
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
x-served-by: cache-iad-kiad7000131-IAD, cache-iad-kjyo7100093-IAD, cache-bur-kbur8200083-BUR, cache-iad-kcgs7200163-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 12 Dec 2022 10:03:01 GMT
server: nginx
x-timer: S1676348498.096085,VS0,VE1
etag: "896a83b3b48bdf0f61883164c85ceaeb"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 86, 1

GET
H2 200 abe5a98f3a4f2359f04ce1643ad17ddb.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 15 KB
16 KB 120ms
117ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/abe5a98f3a4f2359f04ce1643ad17ddb.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 79961b5bdaa33f68152985cccd0ec14f9e7619534474529a6dc90c1f8f59597b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 81
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/abe5a98f3a4f2359f04ce1643ad17ddb.png
age: 2305897
edge-cache-tag: 379449292606040738493949613958395654137,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 379449292606040738493949613958395654137,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, MISS
x-envoy-upstream-service-time: 276
expiration: expiry-date="Thu, 19 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://crankyyankeef1.com/
content-length: 15588
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
x-served-by: cache-iad-kjyo7100106-IAD, cache-iad-kcgs7200077-IAD, cache-sna10736-LGB, cache-iad-kiad7000122-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 19 Dec 2022 04:00:11 GMT
server: nginx
x-timer: S1676348498.095859,VS0,VE81
etag: "3f5b3f858c4ccbb88ce1d5754c1fb73e"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 29, 0

GET
H2 200 628f9ae905a91e42756caeda
images.taboola.com/taboola/image/fetch/h_300,w_360,c_fill,g_xy_center,x_600,y_579/https%3A//search.onetag.com/uploads/ 16 KB
16 KB 114ms
112ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_300,w_360,c_fill,g_xy_center,x_600,y_579/https%3A//search.onetag.com/uploads/628f9ae905a91e42756caeda
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a59793e27d94b444404fb4d0ae26ec71cc648df4750e001bad4d29c5cebbeaff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 76
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/h_300,w_360,c_fill,g_xy_center,x_600,y_579/https%3A//search.onetag.com/uploads/628f9ae905a91e42756caeda
age: 1452741
edge-cache-tag: 502446562008489078186044763172661323323,454130374153819223253989280786081403314,29ecf9b93bbf306179626feeda1fab70
cache-tag: 502446562008489078186044763172661323323,454130374153819223253989280786081403314,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, HIT, MISS, HIT, MISS
x-envoy-upstream-service-time: 1941
expiration: expiry-date="Tue, 31 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://deshrupantori.com/lung-cancer/
content-length: 16156
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
x-served-by: cache-iad-kiad7000105-IAD, cache-iad-kcgs7200072-IAD, cache-bur-kbur8200052-BUR, cache-iad-kcgs7200072-IAD, cache-lcy-eglc8600047-LCY
last-modified: Sat, 31 Dec 2022 09:53:09 GMT
server: nginx
x-timer: S1676348498.095963,VS0,VE76
etag: "a85eb4e1d02edcd1bc1d8bc431850799"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 13, 0

GET
H2 200 6fa9e6d19f9192c54044734ea900e00a.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 12 KB
13 KB 43ms
41ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6fa9e6d19f9192c54044734ea900e00a.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f5f08800436972ee50e481aa2dc44a54f97f2c1be6961edd8f625b0a68177183

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6fa9e6d19f9192c54044734ea900e00a.jpg
age: 457587
edge-cache-tag: 509432523669954592184101061669136355453,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 509432523669954592184101061669136355453,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 63
req-referer: https://zoomdaily.com/
content-length: 12268
x-request-id: f3a7e9841aacdb4562cc92db4ecd3764
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
x-served-by: cache-iad-kjyo7100176-IAD, cache-iad-kcgs7200114-IAD, cache-bur-kbur8200100-BUR, cache-iad-kcgs7200084-IAD, cache-lcy-eglc8600047-LCY
last-modified: Wed, 08 Feb 2023 16:53:27 GMT
server: nginx
x-timer: S1676348498.096086,VS0,VE1
etag: "3a4d0144043a9760d7724ccbf75333df"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 15, 1

GET
H2 200 9c06f8a7a9bb67c216a2f035b99f4b10.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 41ms
40ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9c06f8a7a9bb67c216a2f035b99f4b10.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ae615986d71066f01b7c7ddf923abeef6e2c8b26eca4c1623cdc0d0c4b8d46eb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9c06f8a7a9bb67c216a2f035b99f4b10.jpg
age: 1700792
edge-cache-tag: 314081458430743650724210098903775344337,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 314081458430743650724210098903775344337,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 145
expiration: expiry-date="Sat, 11 Feb 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.express.co.uk/
content-length: 9708
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
x-served-by: cache-iad-kcgs7200168-IAD, cache-iad-kiad7000142-IAD, cache-sna10739-LGB, cache-iad-kjyo7100100-IAD, cache-lcy-eglc8600047-LCY
last-modified: Wed, 11 Jan 2023 13:35:23 GMT
server: nginx
x-timer: S1676348498.096157,VS0,VE1
etag: "aa7513f0ef8d2acad10fa079bcac8809"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 42, 1

GET
H2 200 1198252571__JvoINvHl.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_227%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/ 11 KB
12 KB 38ms
37ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_227%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1198252571__JvoINvHl.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 45f935e2c829593e3f1e40e1d6288ba128f79fade4c7a86221942ba21e738564

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_227%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1198252571__JvoINvHl.jpg
age: 552322
edge-cache-tag: 306751416721921170620240498922118144210,629759284526009256732382151293881458785,29ecf9b93bbf306179626feeda1fab70
cache-tag: 306751416721921170620240498922118144210,629759284526009256732382151293881458785,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 508
req-referer: https://nj1015.com/
content-length: 11346
x-request-id: f717ff17b20aa33217cfc5ead6a0ec7c
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
x-served-by: cache-iad-kcgs7200086-IAD, cache-iad-kiad7000109-IAD, cache-sna10740-LGB, cache-iad-kjyo7100071-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 06 Feb 2023 14:18:14 GMT
server: nginx
x-timer: S1676348498.134289,VS0,VE1
etag: "f0c8bff64a006f231b2ed510e19358e1"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 76, 1

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 8FC2 2 KB
3 KB 36ms
35ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=35122591&p=156725&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 30befad5d0dcec5e971635edad71e2372a5b5b982a1ff69e2102818c65a9d826

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 206 oftxabfyx09bky44o50w.mp4
cdn.taboola.com/libtrc/static/video/v1674816632/ 52 KB
53 KB 36ms
36ms Media
video/mp4 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/static/video/v1674816632/oftxabfyx09bky44o50w.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 108fed68e9569fa8ff80c40d6cbdb831759066ed78af7e2c109d53a926d46d5a

Request headers

Referer: https://k99.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: E0ENJBJpXBq0HAcsOSapfUWrD.eZax9g
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish
x-amz-request-id: M1FTY206TFPQB4RJ
age: 8
x-cache: HIT
Content-Range: bytes 0-53695/53696
x-amz-replication-status: COMPLETED
Content-Length: 53696
x-amz-id-2: WROX0HaBF8qJLh6cfZhl/yVj5zBFUEs1m0LWLBX0kX5VUcWHVEpLhMXFkBk+yYF0NHACiybvPks=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Fri, 27 Jan 2023 10:50:37 GMT
server: AmazonS3
x-timer: S1676348498.134296,VS0,VE1
etag: "bfad8d4fd05ec3846da29e0f57253ffc"
content-type: video/mp4;codecs=avc1
abp: 50
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 0

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c3ac02cff2071373e7fe84905986daa2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b101273fd9f0f3a076350cdffefc15f4366d1b0ae4872a47c462a8e0be0261b7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c3ac02cff2071373e7fe84905986daa2.png
age: 3585700
edge-cache-tag: 516457037019218418765420292402544107499,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 516457037019218418765420292402544107499,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 55
expiration: expiry-date="Thu, 12 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.maxifoot.fr/
content-length: 12406
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
x-served-by: cache-iad-kjyo7100112-IAD, cache-iad-kcgs7200165-IAD, cache-bur-kbur8200098-BUR, cache-iad-kiad7000165-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 12 Dec 2022 14:26:53 GMT
server: nginx
x-timer: S1676348498.187870,VS0,VE0
etag: "5b239370325a54dbe3e49fda73170503"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 624, 2

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame CC46 2 KB
2 KB 36ms
35ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=37010950&p=156725&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: dd457dba1564ba7feb1e4356f32eae12d34d1633b20cdf55f98bb2cec105e2a6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 14 Feb 2023 04:21:38 GMT
content-length: 1597
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0437 2 KB
2 KB 36ms
35ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=75357783&p=156725&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: dd457dba1564ba7feb1e4356f32eae12d34d1633b20cdf55f98bb2cec105e2a6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 14 Feb 2023 04:21:37 GMT
content-length: 1597
content-type: text/html; charset=UTF-8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8ce8c2545c88f700b77f6128d237c849.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: dbf27ed1055ac4b5f8fca1d2095d5b77aa3ef650a59c0f6174c82d811f5914d6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8ce8c2545c88f700b77f6128d237c849.jpeg
age: 3903230
edge-cache-tag: 518976867323780142643021752323526857243,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 518976867323780142643021752323526857243,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 163
expiration: expiry-date="Thu, 12 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
content-length: 21144
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
x-served-by: cache-iad-kiad7000131-IAD, cache-iad-kjyo7100093-IAD, cache-bur-kbur8200083-BUR, cache-iad-kcgs7200163-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 12 Dec 2022 10:03:01 GMT
server: nginx
x-timer: S1676348498.206668,VS0,VE0
etag: "896a83b3b48bdf0f61883164c85ceaeb"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 86, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6fa9e6d19f9192c54044734ea900e00a.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f5f08800436972ee50e481aa2dc44a54f97f2c1be6961edd8f625b0a68177183

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6fa9e6d19f9192c54044734ea900e00a.jpg
age: 457587
edge-cache-tag: 509432523669954592184101061669136355453,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
cache-tag: 509432523669954592184101061669136355453,440009874943970692176080915478359259825,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 63
req-referer: https://zoomdaily.com/
content-length: 12268
x-request-id: f3a7e9841aacdb4562cc92db4ecd3764
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
x-served-by: cache-iad-kjyo7100176-IAD, cache-iad-kcgs7200114-IAD, cache-bur-kbur8200100-BUR, cache-iad-kcgs7200084-IAD, cache-lcy-eglc8600047-LCY
last-modified: Wed, 08 Feb 2023 16:53:27 GMT
server: nginx
x-timer: S1676348498.206772,VS0,VE0
etag: "3a4d0144043a9760d7724ccbf75333df"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 15, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9c06f8a7a9bb67c216a2f035b99f4b10.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ae615986d71066f01b7c7ddf923abeef6e2c8b26eca4c1623cdc0d0c4b8d46eb

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/9c06f8a7a9bb67c216a2f035b99f4b10.jpg
age: 1700792
edge-cache-tag: 314081458430743650724210098903775344337,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 314081458430743650724210098903775344337,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 145
expiration: expiry-date="Sat, 11 Feb 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.express.co.uk/
content-length: 9708
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
x-served-by: cache-iad-kcgs7200168-IAD, cache-iad-kiad7000142-IAD, cache-sna10739-LGB, cache-iad-kjyo7100100-IAD, cache-lcy-eglc8600047-LCY
last-modified: Wed, 11 Jan 2023 13:35:23 GMT
server: nginx
x-timer: S1676348498.206829,VS0,VE0
etag: "aa7513f0ef8d2acad10fa079bcac8809"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 42, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_227%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1198252571__JvoINvHl.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 45f935e2c829593e3f1e40e1d6288ba128f79fade4c7a86221942ba21e738564

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_227%2Cw_340%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1198252571__JvoINvHl.jpg
age: 552322
edge-cache-tag: 306751416721921170620240498922118144210,629759284526009256732382151293881458785,29ecf9b93bbf306179626feeda1fab70
cache-tag: 306751416721921170620240498922118144210,629759284526009256732382151293881458785,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 508
req-referer: https://nj1015.com/
content-length: 11346
x-request-id: f717ff17b20aa33217cfc5ead6a0ec7c
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
x-served-by: cache-iad-kcgs7200086-IAD, cache-iad-kiad7000109-IAD, cache-sna10740-LGB, cache-iad-kjyo7100071-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 06 Feb 2023 14:18:14 GMT
server: nginx
x-timer: S1676348498.212183,VS0,VE0
etag: "f0c8bff64a006f231b2ed510e19358e1"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 76, 2

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 541B
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7199861975615142028&gdpr=0&gdpr_consent=

42 B
243 B

36ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7199861975615142028&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Date: Tue, 14 Feb 2023 04:21:38 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7199861975615142028&gdpr=0&gdpr_consent=
Server: nginx
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0C43
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=xbZUJsFNRbB9eJ9xtOsh5tmKxGM&gdpr=0&gdpr_consent=

42 B
299 B

36ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=xbZUJsFNRbB9eJ9xtOsh5tmKxGM&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Feb 2023 04:21:38 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=xbZUJsFNRbB9eJ9xtOsh5tmKxGM&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 5C6B
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFKWl9FN0gxaGtBQUNERjJENGM2QQ&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_syn...
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAJZ_E7H1hkAACDF2D4c6A&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpm%26bee_sync_current_par...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAJZ_E7H1hkAACDF2D4c6A&pid=558502&do=add&gdpr=0
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAJZ_E7H1hkAACDF2D4c6A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dpm%2...
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3456158688862897464&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJZ_E7H1hkAACDF2D4c6A&gdpr=0&gdpr_consent=

42 B
222 B

35ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJZ_E7H1hkAACDF2D4c6A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Tue, 14 Feb 2023 04:21:39 GMT
Server: gunicorn
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJZ_E7H1hkAACDF2D4c6A&gdpr=0&gdpr_consent=
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame BA53
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y_sMUgAG8g1NIAAF&gdpr=1&gdpr_consent=&_test=Y_sMUgAG8g1NIAAF

0
74 B

35ms
35ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y_sMUgAG8g1NIAAF&gdpr=1&gdpr_consent=&_test=Y_sMUgAG8g1NIAAF
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y_sMUgAG8g1NIAAF&gdpr=1&gdpr_consent=&_test=Y_sMUgAG8g1NIAAF
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-lcy-eglc8600033-LCY
x-timer: S1676348499.607408,VS0,VE0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame F3AF
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

40ms
39ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame 034A 43 B
280 B 307ms
71ms Document
image/gif 195.5.165.20

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Connection: close
Content-Length: 43
Content-Type: image/gif
Date: Tue, 14 Feb 2023 04:21:38 GMT
Vary: Accept-Encoding
X-adserver-worker: leviathan-e85e32ba7b72@version_1.535
X-core-time: 0ms
X-server-arch: v2

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 8FC2
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

58ms
58ms

Image
image/gif

77.243.60.138

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:43 GMT
frontend-id: 4
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:43 GMT
frontend-id: 1
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 8FC2 95 B
382 B 159ms
53ms Image
image/png 2606:4700:10::ac43:db6

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 799304a29cb0776b-LHR
access-control-allow-headers: *
content-length: 95

GET
H/1.1

200

p
a.audrte.com/ Frame 8FC2
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1
https://a.audrte.com/p

68 B
424 B

122ms
122ms

Image
image/png

52.7.44.10

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Protocol: HTTP/1.1
Server: 52.7.44.10 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 04:21:39 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Tue, 14 Feb 2023 04:21:38 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame 8FC2
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1129555489
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1

0
284 B

135ms
44ms

Image
text/plain

34.111.131.239

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1
Protocol: H2
Server: 34.111.131.239 -, , ASN (),
Reverse DNS
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 google
last-modified: Tue, 14 Feb 2023 04:21:38 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 8FC2 43 B
601 B 66ms
62ms Image
image/gif 2a05:d018:d29:3601:d295:c4e8:8fc9:991a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3601:d295:c4e8:8fc9:991a Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 8FC2
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-4SbwtXtE2uVVlmgkfbP1XJNegvJsZ4I-~A&gdpr=0

0
129 B

93ms
43ms

Image
text/plain

198.47.127.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-4SbwtXtE2uVVlmgkfbP1XJNegvJsZ4I-~A&gdpr=0
Protocol: H2
Server: 198.47.127.20 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-4SbwtXtE2uVVlmgkfbP1XJNegvJsZ4I-~A&gdpr=0
date: Tue, 14 Feb 2023 04:21:38 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 8FC2 0
104 B 202ms
78ms Image
text/plain 2a02:fa8:8806:12::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 8FC2 0
191 B 200ms
49ms Image
text/plain 98.98.134.243

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.243 -, , ASN (),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 8FC2
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7072373608791860953&gdpr=0&gdpr_consent=&us_privacy=

1 B
256 B

36ms
35ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7072373608791860953&gdpr=0&gdpr_consent=&us_privacy=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7072373608791860953&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 8FC2
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:d1672c55-02f1-4cb7-97bb-323e5194e56d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
95 B

37ms
36ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:d1672c55-02f1-4cb7-97bb-323e5194e56d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:37 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:d1672c55-02f1-4cb7-97bb-323e5194e56d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Tue, 14 Feb 2023 04:21:38 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 200 628f9ae905a91e42756caeda
images.taboola.com/taboola/image/fetch/h_300,w_360,c_fill,g_xy_center,x_600,y_579/https%3A//search.onetag.com/uploads/ 16 KB
17 KB 39ms
37ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_300,w_360,c_fill,g_xy_center,x_600,y_579/https%3A//search.onetag.com/uploads/628f9ae905a91e42756caeda
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a59793e27d94b444404fb4d0ae26ec71cc648df4750e001bad4d29c5cebbeaff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/h_300,w_360,c_fill,g_xy_center,x_600,y_579/https%3A//search.onetag.com/uploads/628f9ae905a91e42756caeda
age: 1452741
edge-cache-tag: 502446562008489078186044763172661323323,454130374153819223253989280786081403314,29ecf9b93bbf306179626feeda1fab70
cache-tag: 502446562008489078186044763172661323323,454130374153819223253989280786081403314,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time: 1941
expiration: expiry-date="Tue, 31 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://deshrupantori.com/lung-cancer/
content-length: 16156
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
x-served-by: cache-iad-kiad7000105-IAD, cache-iad-kcgs7200072-IAD, cache-bur-kbur8200052-BUR, cache-iad-kcgs7200072-IAD, cache-lcy-eglc8600047-LCY
last-modified: Sat, 31 Dec 2022 09:53:09 GMT
server: nginx
x-timer: S1676348498.232126,VS0,VE0
etag: "a85eb4e1d02edcd1bc1d8bc431850799"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0, 13, 1

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 1381
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1676348498353
https://ad.turn.com/r/cs?pid=45&rndcb=1685177042
https://sync.1rx.io/usersync/turn/7072373608791860953?dspret=1&gdpr=&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003

42 B
97 B

37ms
36ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-type: text/html
date: Tue, 14 Feb 2023 04:21:38 GMT
etag: RX0c3e58f7f4a740edb930104fa86e3154003
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

GET
H/1.1 204
No Content pub
matching.truffle.bid/sync/ Frame 3B07 0
0 188ms
55ms Document
text/plain 23.88.86.2

General

Check archive.org

Show headers Download Go to

Full URL

https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.88.86.2 -, , ASN (),

Reverse DNS

Software

nginx/1.23.1 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Connection: keep-alive
Date: Tue, 14 Feb 2023 04:21:38 GMT
Server: nginx/1.23.1
Strict-Transport-Security: max-age=15768000

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame EC63
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
414 B

193ms
179ms

Document
image/gif

2606:4700::6812:19ad

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 799304a47a6688b0-LHR
content-length: 43
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 799304a2a94688b0-LHR
content-type: text/html
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 206
x-reuse-index: 144

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame 35DB 43 B
369 B 155ms
43ms Document
image/gif 35.186.193.173

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

404

gdpr_consent= Show response
sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/ Frame 8449
Redirect Chain

https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent=
https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25...
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26red...

49 B
265 B

53ms
53ms

Document
image/gif

52.48.166.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.166.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-166-87.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache
content-length: 49
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma: no-cache
server: Jetty(9.4.38.v20210224)
x-server: 10.45.30.206

Redirect headers

content-length: 0
location: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D

GET
H2 200 bridge Show response
cm.adgrx.com/ Frame 47FC 43 B
283 B 184ms
50ms Document
image/gif 72.251.241.206

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.206 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 43
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: ams-delivery-4

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 519B
Redirect Chain

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=pqze2d14te4p

42 B
271 B

35ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=pqze2d14te4p
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-cache, no-store
content-length: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=pqze2d14te4p
lws: 38
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 66DD
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=

1 B
53 B

36ms
35ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Mon, 13 Feb 2023 04:21:38 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame CC46 49 B
264 B 53ms
52ms Image
image/gif 52.48.166.87
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.166.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-166-87.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.17.63
content-length: 49
expires: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame CC46
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847

42 B
95 B

35ms
35ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Tue, 14 Feb 2023 04:21:38 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e10966e5-0958-43fa-b0aa-70ad9258a11d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/abe5a98f3a4f2359f04ce1643ad17ddb.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 79961b5bdaa33f68152985cccd0ec14f9e7619534474529a6dc90c1f8f59597b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_300%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/abe5a98f3a4f2359f04ce1643ad17ddb.png
age: 2305897
edge-cache-tag: 379449292606040738493949613958395654137,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
cache-tag: 379449292606040738493949613958395654137,378062374120670061586147602817864504244,29ecf9b93bbf306179626feeda1fab70
x-cache: MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time: 276
expiration: expiry-date="Thu, 19 Jan 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://crankyyankeef1.com/
content-length: 15588
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
x-served-by: cache-iad-kjyo7100106-IAD, cache-iad-kcgs7200077-IAD, cache-sna10736-LGB, cache-iad-kiad7000122-IAD, cache-lcy-eglc8600047-LCY
last-modified: Mon, 19 Dec 2022 04:00:11 GMT
server: nginx
x-timer: S1676348498.263291,VS0,VE0
etag: "3f5b3f858c4ccbb88ce1d5754c1fb73e"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 29, 1

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 0437 49 B
264 B 61ms
61ms Image
image/gif 52.48.166.87
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.166.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-166-87.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.9.190
content-length: 49
expires: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6A4C
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1676348498352
https://ad.turn.com/r/cs?pid=45&rndcb=3016789539
https://sync.1rx.io/usersync/turn/7072373608791860953?dspret=1&gdpr=&gdpr_consent=&us_privacy=
https://sync.targeting.unrulymedia.com/csync/RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003

42 B
254 B

35ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-type: text/html
date: Tue, 14 Feb 2023 04:21:38 GMT
etag: RX0c3e58f7f4a740edb930104fa86e3154003
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0c3e58f7-f4a7-40ed-b930-104fa86e3154-003
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 0437
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847

42 B
95 B

35ms
35ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Tue, 14 Feb 2023 04:21:38 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.138.196.99; 217.138.196.99; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3fb9fe0c-42f4-4e1c-8d03-f38b096e5a8d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5686683875299866847
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content pub
matching.truffle.bid/sync/ Frame 58B7 0
0 168ms
56ms Document
text/plain 23.88.86.2

General

Check archive.org

Show headers Download Go to

Full URL

https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.88.86.2 -, , ASN (),

Reverse DNS

Software

nginx/1.23.1 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Connection: keep-alive
Date: Tue, 14 Feb 2023 04:21:38 GMT
Server: nginx/1.23.1
Strict-Transport-Security: max-age=15768000

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 6E7F
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
395 B

194ms
180ms

Document
image/gif

2606:4700::6812:19ad

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 799304a47a6788b0-LHR
content-length: 43
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 799304a2a94788b0-LHR
content-type: text/html
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 206
x-reuse-index: 146

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame EB01 43 B
203 B 119ms
44ms Document
image/gif 35.186.193.173

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

404

gdpr_consent= Show response
sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/ Frame A092
Redirect Chain

https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent=
https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25...
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26red...

49 B
265 B

52ms
52ms

Document
image/gif

52.48.166.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.166.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-166-87.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache
content-length: 49
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma: no-cache
server: Jetty(9.4.38.v20210224)
x-server: 10.45.11.147

Redirect headers

content-length: 0
location: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D

GET
H2 200 bridge Show response
cm.adgrx.com/ Frame AE79 43 B
282 B 156ms
52ms Document
image/gif 72.251.241.206

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.206 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 43
content-type: image/gif
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: ams-delivery-4

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 2CD7
Redirect Chain

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qm92zfvbwzq

42 B
192 B

36ms
35ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qm92zfvbwzq
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 14 Feb 2023 04:21:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-cache, no-store
content-length: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qm92zfvbwzq
lws: 20
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0561
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=

1 B
53 B

35ms
35ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156725
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Tue, 14 Feb 2023 04:21:38 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Tue, 14 Feb 2023 04:21:38 GMT
expires: Mon, 13 Feb 2023 04:21:38 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:B382EB57FC8449B08B574B2BB250BA6E&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2 200 st Show response
imprammp.taboola.com/ Frame 8F92 546 B
481 B 47ms
46ms Document
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&cmcv=&pix=undefined&cb=1676348498417&uv=3253&tms=1676348498417&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=974bd704-47fe-4b87-8f7f-59eb16dd1dc1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 595a9899c05532f7feb4efece8c92b9f2cd9fa71212cd876a803aa369ace46fb

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-type: text/html;charset=ISO-8859-1
date: Tue, 14 Feb 2023 04:21:38 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-lcy-eglc8600047-LCY
x-timer: S1676348498.436040,VS0,VE10

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 994E 546 B
632 B 234ms
42ms Document
text/html 141.226.228.48

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 27bd01c8e79dcd85fd696e9d10581f0414f22dc14eb57d48cd8e2d129d275e42

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Tue, 14 Feb 2023 04:21:38 GMT
machineid: 3406
server: nginx

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 5 KB
4 KB 105ms
83ms XHR
application/json 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=592&height=333&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1676348498425&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1502&pt=-1377852819&tz=0&viewable=true&ddast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=3150355&dpubid=557675&abtst=ufm&mPre=0.033&cirf=http%3A%2F%2Fk99.com&en=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2c8cfd67f1854382b20e56b60b18515ffb4df3ef2477513a8d283f10971a40ab

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type: text/plain

Response headers

x-cache-hits: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
content-encoding: gzip
via: 1.1 varnish
machineid: 1464
x-cache: MISS
x-served-by: cache-lcy-eglc8600047-LCY
pragma: no-cache
server: nginx
x-timer: S1676348498.463465,VS0,VE47
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://ioms.bfmio.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 st Show response
imprammp.taboola.com/ Frame FF2F 546 B
413 B 47ms
46ms Document
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&cmcv=&pix=undefined&cb=1676348498434&uv=3253&tms=1676348498434&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=0a9fd51d-79e8-47c1-9a51-579faa5f1ef4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 595a9899c05532f7feb4efece8c92b9f2cd9fa71212cd876a803aa369ace46fb

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-type: text/html;charset=ISO-8859-1
date: Tue, 14 Feb 2023 04:21:38 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-lcy-eglc8600047-LCY
x-timer: S1676348499.610251,VS0,VE11

GET
H2 200 sync Show response
am-match.taboola.com/ Frame A2A0 738 B
823 B 59ms
42ms Document
text/html 141.226.228.48

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 84713e73b3cf1844f688b3c92369b5dccd2b31b175c8c1056d240c40761997df

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Tue, 14 Feb 2023 04:21:38 GMT
machineid: 3407
server: nginx

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 5 KB
3 KB 128ms
128ms XHR
application/json 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=271&height=152&pubid=169497&tagid=953497&crid=-1&noaop=3&sortOrderType=0&cb=1676348498479&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1502&pt=-1377852819&tz=0&viewable=true&ddast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&proto=2,3,5,6&encoded=1&pstn=vforce2&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=3150355&dpubid=557675&abtst=ufm&mPre=0.033&cirf=http%3A%2F%2Fk99.com&en=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.9.8/UnitWidgetItemDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a74b244fb3417cb66127b22854ccb9cfe814b41f813630f591bd01cbf7082689

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type: text/plain

Response headers

x-cache-hits: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
content-encoding: gzip
via: 1.1 varnish
machineid: 1477
x-cache: MISS
x-served-by: cache-lcy-eglc8600047-LCY
pragma: no-cache
server: nginx
x-timer: S1676348498.495322,VS0,VE92
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://k99.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://ioms.bfmio.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cmTagWIDGET_ITEM.js Show response
vidstat.taboola.com/vpaid/units/32_5_3/infra/ 738 KB
124 KB 110ms
35ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/32_5_3/infra/cmTagWIDGET_ITEM.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 26eab2111f9f0a44bc744ab78abecc6402fded4f6a36c5edfc2accc1ae66c895

Request headers

Referer: https://k99.com/
Origin: https://k99.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-meta-mtime: 1675856620
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish
content-encoding: br
x-amz-request-id: DHBJE59T648CSDWM
age: 491719
x-cache: HIT
x-amz-meta-ctime: 1675856621
x-amz-meta-mode: 33188
content-length: 126526
x-amz-id-2: Nnxslk9cvAL/LnBOn4Vpa//8SUyDpnAV0fwLVePh1BAWxfbCTVZIjEkg+ahHCSX3Ju/FlrUoE+Y=
x-served-by: cache-lcy-eglc8600057-LCY
last-modified: Wed, 08 Feb 2023 11:43:42 GMT
server: AmazonS3-br
x-timer: S1676348499.629467,VS0,VE0
etag: "ca912640bf3c70575b8893d9a33ccb9b"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 2248

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/32_5_3/assets/css/ 59 KB
8 KB 35ms
35ms Stylesheet
text/css 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/32_5_3/assets/css/cmOsUnit.css
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 4e902c64b724e110bbb3a8840f46d79f8569949376c73edf7955dbf388159cc5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-meta-mtime: 1675856670
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish
content-encoding: br
x-amz-request-id: 1R8J8G0J1WW09QD8
age: 491720
x-cache: HIT
x-amz-meta-ctime: 1675856670
x-amz-meta-mode: 33188
content-length: 7742
x-amz-id-2: iRwLIqAMOzjlqSEtAJthuiUak0ajTWz1OFBgn/E0hRnf9ttutUGAr2kWe3IfjPEBfTKO+KiH9Bc=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Wed, 08 Feb 2023 11:44:31 GMT
server: AmazonS3-br
x-timer: S1676348499.555336,VS0,VE0
etag: "910667a2fde737fb00f85f576307d7c1"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 677537

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 8F92 70 B
264 B 50ms
46ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&cmcv=&pix=undefined&cb=1676348498417&uv=3253&tms=1676348498417&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=974bd704-47fe-4b87-8f7f-59eb16dd1dc1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 8F92 43 B
183 B 388ms
110ms Image
image/gif 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&cmcv=&pix=undefined&cb=1676348498417&uv=3253&tms=1676348498417&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=974bd704-47fe-4b87-8f7f-59eb16dd1dc1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 14 Feb 2023 04:21:38 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2

200

/
sync.taboola.com/sg/yahoosspus-network/1/rtb-h/ Frame 8F92
Redirect Chain

https://ups.analytics.yahoo.com/ups/58534/occ
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

0
98 B

221ms
41ms

Image
text/plain

141.226.228.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&cmcv=&pix=undefined&cb=1676348498417&uv=3253&tms=1676348498417&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=974bd704-47fe-4b87-8f7f-59eb16dd1dc1&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 40202

Redirect headers

location: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
date: Tue, 14 Feb 2023 04:21:38 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/32_5_3/assets/css/ 59 KB
8 KB 37ms
36ms Stylesheet
text/css 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/32_5_3/assets/css/cmOsUnit.css
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 4e902c64b724e110bbb3a8840f46d79f8569949376c73edf7955dbf388159cc5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-meta-mtime: 1675856670
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish
content-encoding: br
x-amz-request-id: 1R8J8G0J1WW09QD8
age: 491720
x-cache: HIT
x-amz-meta-ctime: 1675856670
x-amz-meta-mode: 33188
content-length: 7742
x-amz-id-2: iRwLIqAMOzjlqSEtAJthuiUak0ajTWz1OFBgn/E0hRnf9ttutUGAr2kWe3IfjPEBfTKO+KiH9Bc=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Wed, 08 Feb 2023 11:44:31 GMT
server: AmazonS3-br
x-timer: S1676348499.640750,VS0,VE0
etag: "910667a2fde737fb00f85f576307d7c1"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 677539

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame FF2F 70 B
264 B 47ms
46ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&cmcv=&pix=undefined&cb=1676348498434&uv=3253&tms=1676348498434&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=0a9fd51d-79e8-47c1-9a51-579faa5f1ef4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame FF2F 43 B
182 B 348ms
111ms Image
image/gif 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&cmcv=&pix=undefined&cb=1676348498434&uv=3253&tms=1676348498434&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=0a9fd51d-79e8-47c1-9a51-579faa5f1ef4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 14 Feb 2023 04:21:38 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2

200

/
sync.taboola.com/sg/yahoosspus-network/1/rtb-h/ Frame FF2F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58534/occ
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

0
98 B

207ms
42ms

Image
text/plain

141.226.228.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&cmcv=&pix=undefined&cb=1676348498434&uv=3253&tms=1676348498434&abt=ufm&ft=0&unm=WIDGET_ITEM&aure=false&agl=1&cirid=0a9fd51d-79e8-47c1-9a51-579faa5f1ef4&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 40202

Redirect headers

location: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
date: Tue, 14 Feb 2023 04:21:38 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 994E 43 B
182 B 334ms
112ms Image
image/gif 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 14 Feb 2023 04:21:38 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 994E 70 B
264 B 46ms
46ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

/
sync.taboola.com/sg/yahoosspus-network/1/rtb-h/ Frame 994E
Redirect Chain

https://ups.analytics.yahoo.com/ups/58534/occ
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

0
98 B

167ms
41ms

Image
text/plain

141.226.228.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 40202

Redirect headers

location: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
date: Tue, 14 Feb 2023 04:21:38 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame A2A0 70 B
264 B 47ms
46ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame A2A0 43 B
182 B 326ms
111ms Image
image/gif 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 14 Feb 2023 04:21:38 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame DACE
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

281 B
554 B

76ms
76ms

Document
text/html

23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://am-match.taboola.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Feb 2023 04:21:38 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 14 Feb 2023 04:21:38 GMT
location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
server: AkamaiGHost

GET
H2 200 OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v15.0.2/ 439 KB
84 KB 36ms
35ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v15.0.2/OvaMediaPlayer.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 29795823f24670af47f1d92b997759b39116aa3edda3b4341c41bfce1435e081

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-meta-mtime: 1676188027
date: Tue, 14 Feb 2023 04:21:38 GMT
via: 1.1 varnish
content-encoding: br
x-amz-request-id: 0ZWFJHN4373T0GQH
age: 160412
x-cache: HIT
x-amz-meta-ctime: 1676188039
x-amz-meta-mode: 33188
content-length: 85333
x-amz-id-2: IfvIr1mCfv8DBgKv1knZvrBH53u1s8VnTH/Jp6TejJ6x2xGW/w4MX7aPdOdvjdOyoAXC4I7B6jyXgBF11mWSew==
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Sun, 12 Feb 2023 07:47:20 GMT
server: AmazonS3-br
x-timer: S1676348499.867685,VS0,VE0
etag: "2edc2d4d407df171eaec02c54d0079c5"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 241466

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 3EEE 546 B
631 B 42ms
42ms Document
text/html 141.226.228.48

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 595a9899c05532f7feb4efece8c92b9f2cd9fa71212cd876a803aa369ace46fb

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Tue, 14 Feb 2023 04:21:38 GMT
machineid: 3407
server: nginx

GET
H2 200 st
am-vid-events.taboola.com/ 0
43 B 80ms
41ms Image
text/plain 141.226.228.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=120&cisd=convusmp&cipid=66361655&crid=-1&dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&cmcv=&pix=&cb=1676348498825&uv=3253&tms=1676348498825&su=&abt=t120!ufm_vA&ft=0&unm=WIDGET_ITEM&mntl=1&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:38 GMT
content-length: 0
server: nginx

GET
H2 200 sync Show response
am-match.taboola.com/ Frame DE90 738 B
823 B 43ms
42ms Document
text/html 141.226.228.48

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f29d6a15dad119f952895a5e28b31ac92fb281d0da77d4beb056cbe74f3a5ece

Request headers

Referer: https://k99.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-type: text/html;charset=ISO-8859-1
date: Tue, 14 Feb 2023 04:21:38 GMT
machineid: 3408
server: nginx

GET
H2 206 blackScreen5.mp4
vidstatb.taboola.com/vid/ 89 KB
89 KB 44ms
35ms Media
video/mp4 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstatb.taboola.com/vid/blackScreen5.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66

Request headers

Referer: https://k99.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Range: bytes=0-

Response headers

x-amz-meta-mtime: 1497790207
date: Tue, 14 Feb 2023 04:21:39 GMT
via: 1.1 3c40a0775e2798dc9f20a237d0225e44.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop: LHR50-P1
age: 1221741
x-cache: Hit from cloudfront, HIT
Content-Range: bytes 0-90783/90784
x-amz-meta-mode: 33188
Content-Length: 90784
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Sun, 02 Jul 2017 20:40:57 GMT
server: AmazonS3
x-timer: S1676348499.057297,VS0,VE0
etag: "b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-uid: 0
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-meta-gid: 0
content-type: video/mp4
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: yJbnTu8C2jfFlkxKIThhgiTOE_2wHL-RhGqi7f105VXcc7eXZlB_7A==
x-cache-hits: 2111

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 3EEE 70 B
264 B 46ms
46ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:39 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame 3EEE 43 B
182 B 110ms
110ms Image
image/gif 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 14 Feb 2023 04:21:39 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2

200

/
sync.taboola.com/sg/yahoosspus-network/1/rtb-h/ Frame 3EEE
Redirect Chain

https://ups.analytics.yahoo.com/ups/58534/occ
https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A

0
98 B

42ms
42ms

Image
text/plain

141.226.228.48

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7fHACFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLkbTUy-wWgt2s1cbtHEuFsLZ76ZW7VcWRyzkckx8jiGQJK70cTkG4zWot3M5RZNjLu1cOabuVXLlcUxG5kcI49jChjCMvt9BwXl9PSYXQZR0fW22B1Os-cNWGg6Ha57vda5nGv8br_uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNfDgAAAAAP_____xAAAAAAEQAAAAASAAAAABQBFf8WAhcAAAAAGP____8aAOIcB-jweO0u5z8AAAAAQAAAAABIABAE10oAYCQmTv7_________YwboM29k_v___28MegAefAAehAAAAC6G7J-xn2wBNZmJCiyLGAEAAABkKxKPHUnqhMqi6v__v98K4AoAIMDQCeUDOkt3UOItDAAAIEBswr1vGcaToWlsgR4Wv9_ssGv8bpf9_________5v9n_2jCTn1xKX11gk_qv0CAgCs_QICALCpGwDAmwBcyGWh6XT4XPd6rXM51_jdft3DcnfafW7R0el5q9wOp9mt-TjcbqXnrfM77T63wvJ33U1ujd_stzxMfrfg7HJ4Xm6R3256yxxms1vmt7yVpr_oAmB1ATE7AAAAgLv___9_vAn3vmUYT4YmPZBwrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLlvRDB_z84rHO3Pgxhmf2-g4JyenrMLoOo6Hpb7A6n2XO_CVuMVpPJZjmcLReTwXA0HI32NxCLwQAnYrBcTiaLyW41Wo02w91oNligQAwmSNGiwWQ1Gk0Wk-FqNFnNlovdboMUrVrNRpvBcDWbzHa71XAwXI5GOGGL0Woy2SyHs-ViMhiOhqPREGHGZXI5Z6PlWrJb-daiiWHiFk5mu7VgYrMMF76ZYTaxuEWvj-nhMi0XI8cWBQPo9iJ5WqQTkcm0GvkmI-dgNprMPMbNyGayzTbO2WowHC4HI4tYojlZpBPZZd9wrSymwcjksBiXk9FgNTGsBgubc-PcLAzDzWLl77hMLudstFxLdivfWjQxTNzCyWy3FkxsluHCNzPMJha36PUxPVym5WLk2Ddmu9lmNBwtd_vGbDfbjIaj5W7fYTI9U5-zUdybHj4q4983FLluDoPCZbB4p1LTbtw5FpS979Fp0uaU3Z3R7_f7_X6_3-_3-w1az8FsUPiWxe1xeO2WVNvN-iA2GBSxRHCRTkR_393zeD0sL7fL5HSYPm-33OX7-F130-X5XC4mYonSdJFO9LqH5e60-9yio9PzVrkdTrNb83G43UrPW-d32n1uheXvupvcGr_Zb3mY_G7B2eXwvNwiv930ljnMZrfMb3krTRexRHC6SCeil_F0Uf_RQRa7uWIznCuWs7lyuUoAAAAAAAAAAEuYM28CAAAAcBrUajfbrdZ5MIvVYLNaLRfAolBeFxgEAAAAAABgty6HRmAIwca5uPFjEPr77p7H62F5uV0mp8P0ebvlLt_H77qbLs_ncjFlAIvBQebNnwlirVbLGgAAQAAbAAAggFs37wHkcCn-____Pw4AABBAjh4AAEB8H6gqbL3QA1cK!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Server: 141.226.228.48 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 04:21:39 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 40089

Redirect headers

location: https://sync.taboola.com/sg/yahoosspus-network/1/rtb-h/?taboola_hm=y-SjFWIlRE2uFwrVZQFIvVRpuV6bXYSBEZN0Dt72Q-~A
date: Tue, 14 Feb 2023 04:21:39 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame DACE 33 KB
10 KB 85ms
84ms Script
text/html 23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 881cb99b0ea08434a292febe4de0aad280e9d2cb6ab46053de91ae2b93e766ce

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 04:21:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Feb 2023 13:41:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=33498
Connection: keep-alive
Content-Length: 10007
Expires: Tue, 14 Feb 2023 13:39:57 GMT

GET
H2 200 sync
taboola-supply-partners.tremorhub.com/ Frame DE90 43 B
182 B 110ms
110ms Image
image/gif 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taboola-supply-partners.tremorhub.com/sync?UISTB=%3CtaboolaUserId%3E&gdpr=1&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Ftelaria-rtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D1%26us_privacy%3D1---%26taboola_hm%3D%5BTVUSER_ID%5D%26orig%3Dvideo
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:cd79:34ae:bc6a:5e70 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 14 Feb 2023 04:21:39 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame DE90 70 B
264 B 46ms
46ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:39 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame DBA2
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

281 B
554 B

82ms
77ms

Document
text/html

23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7ftQCFgMQithB6p54cwQQithB6p54cwUAAAAGBuIHJLBwzkyuxcitW66Ma9Fu41grF67FWrVbzhwO18yxspmGQAIL58zkWozcuuXKuBbtNo61cuFarFW75czhcM0cK5tpChXS9BlNB0nDaTaIiq63xe5wmj1vwELT6XDd67XO5Vzjd_t1D8vdafe5RUen561yO5xmt-bjcLuVnrfO77T73ArL33U3uTV-s9_yMPndgrPL4Xm5RX676S1zmM1umd_yVpr-cgAAAAB4-P___4cAAAAAiAAAAACQAAAAAKAIqPi3ELgAAAAAwPj____XABDnOECHx2t3Of8BAAAAAAIAAABAAoAguFYCACMxcfL_________HzNAn3kj8____39j0APw4APwIAQAAHAxxH6Qvh7MEidEVGBZxAgAAAAgW5F47EhSJ1QWVf____1WAFcAAAGGTigf0Fm6gxJvYQAAAAFiE-59yzCeDE1jC_Sw-P1mh13jd7vs_________9_s_-wfTcipJy6tt074Ue0XEABg7RcQAIBN3QAA3gTgQi4LTafD57rXa53Lucbv9uselrvT7nOLjk7PW-V2OM1uzcfhdis9b53fafe5FZa_625ya_xmv-Vh8rsFZ5fD83KL_HbTW-Ywm90yv-WtNP1FFwCrC4jZAQAAANz9____40249y3DeDI06YGEa2UxDUYmh8W4nIwGq4lhNVjYnBvnZmEYbhYr74UI_v_BYZ279VVI02c0HSQNp9kgKrreFrvDafbcb8IWo9VkslkOZ8vFZDAcDUej_Q3EYjDAiRgsl5PJYrJbjVajzXA3mg0WKBCDCVK0aDBZjUaTxWS4Gk1Ws-Vit9sgRatWs9FmMFzNJrPdbjUcDJejEU7YYrSaTDbL4Wy5mAyGo-FoNESYcZlcztlouZbsVr61aGKYuIWT2W4tmNgsw4VvZphNLG7R62N6uEzLxcixRcEAur1InhbpRGQyrUa-ycg5mI0mM49xM7KZbLONc7YaDIfLwcgilmhOFulEdtk3XCuLaTAyOSzG5WQ0WE0Mq8HC5tw4NwvDcLNY-Tsuk8s5Gy3Xkt3KtxZNDBO3cDLbrQUTm2W48M0Ms4nFLXp9TA-XabkYOfaN2W62GQ1Hy92-MdvNNqPhaLnbd5hMz9TnbBT3poePyvj3DUWum8OgcBks3qnUtBt3jgVl73t0mrQ5ZXdn9Pv9fr_f7_f7_X6D1nMwGxS-ZXF7HF67JdV2sz6IDQZFLBFcpBPR33f3PF4Py8vtMjkdps_bLXf5Pn7X3XR5PpeLiViiNF2kE73uYbk77T636Oj0vFVuh9Ps1nwcbrfS89b5nXafW2H5u-4mt8Zv9lseJr9bcHY5PC-3yG83vWUOs9kt81veStNFLBGcLtKJ6GU8XdR_dJDFbq7YDOeK5WyuXK4SAAAAAAAAAMAS5sybAAAAAJwGtdrNdqt1HsxiNdisVssFsCiU1wUGAQAAAAAA2K3LoREYQrBxLm78GIT-vrvn8XpYXm6Xyekwfd5uucv38bvupsvzuVxMGcBicJB582eCWKvVsgYAABDABgAACODWzXsAOVyK_____48DAAAEkKMHAAAQ3weyulLogRu9Bg!&excid=22&docw=0&cijs=1&nlb=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://am-match.taboola.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Feb 2023 04:21:39 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 14 Feb 2023 04:21:39 GMT
location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
server: AkamaiGHost

GET
H2 200 getmu Show response
ioms.bfmio.com/ 49 B
497 B 557ms
251ms XHR
application/xml 52.73.40.162

General

Check archive.org

Show headers Download Go to

Full URL

https://ioms.bfmio.com/getmu?aid=f3ba7097-c379-4680-c2af-b76fbd71dc0e&output=html5&width=592&height=333&v=1&pageurl=http%3A%2F%2Fk99.com&i_type=out&stream=out&playback=2&cb=R0.1676348499128&us_privacy=1---

Requested by

Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v15.0.2/OvaMediaPlayer.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.73.40.162 -, , ASN (),

Reverse DNS

Software

Resource Hash

ed8a3320b85003e4acda56beba20a58f9d931cbabc95024476a99be054813fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Origin, Accept-Encoding, User-Agent
content-type: application/xml
access-control-allow-origin: https://k99.com
access-control-expose-headers: location
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 getmu Show response
ioms.bfmio.com/ 49 B
498 B 486ms
202ms XHR
application/xml 52.73.40.162

General

Check archive.org

Show headers Download Go to

Full URL

https://ioms.bfmio.com/getmu?aid=f3ba7097-c379-4680-c2af-b76fbd71dc0e&output=html5&width=271&height=152&v=1&pageurl=http%3A%2F%2Fk99.com&i_type=out&stream=out&playback=2&cb=R0.1676348499155&us_privacy=1---

Requested by

Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v15.0.2/OvaMediaPlayer.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.73.40.162 -, , ASN (),

Reverse DNS

Software

Resource Hash

ed8a3320b85003e4acda56beba20a58f9d931cbabc95024476a99be054813fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Feb 2023 04:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Origin, Accept-Encoding, User-Agent
content-type: application/xml
access-control-allow-origin: https://k99.com
access-control-expose-headers: location
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 bulk Show response
trc.taboola.com/townsquaremediatsm-newcountry991/log/3/ 0
262 B 43ms
43ms XHR
image/gif 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/townsquaremediatsm-newcountry991/log/3/bulk?route=AM%3AAM%3AV&lti=crossorigin_test_2_ctrl&bulkSize=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230212-24-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://k99.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 8
pragma: no-cache
date: Tue, 14 Feb 2023 04:21:39 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600047-LCY
server: nginx
x-timer: S1676348499.175642,VS0,VE8
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://k99.com
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
741 B 35ms
35ms Image
image/png 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
date: Tue, 14 Feb 2023 04:21:39 GMT
via: 1.1 varnish
x-amz-request-id: 1D8ABR7SQEB3Q5HC
age: 11908
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: PLuHq4g7470cdOrMKDIH/jokgfKlCJZD9qMepv2rK9pr4R9jZwWTzgZ/jsU6qGXmzkMAH8eyffc=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1676348499.197192,VS0,VE0
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
content-type: image/png
abp: 50
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 707

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame DACE 0
239 B 49ms
49ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=15414&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---&khaos=LE3QLYP5-13-D9AQ
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame DBA2 33 KB
10 KB 85ms
84ms Script
text/html 23.64.52.128
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.64.52.128 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-52-128.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 881cb99b0ea08434a292febe4de0aad280e9d2cb6ab46053de91ae2b93e766ce

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Date: Tue, 14 Feb 2023 04:21:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Feb 2023 13:41:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=33498
Connection: keep-alive
Content-Length: 10007
Expires: Tue, 14 Feb 2023 13:39:57 GMT

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ 3 KB
2 KB 36ms
35ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: dbejeqv8nk3po.cloudfront.net.
URL: https://dbejeqv8nk3po.cloudfront.net./script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-amz-version-id: z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-encoding: gzip
via: 1.1 varnish
date: Tue, 14 Feb 2023 04:21:40 GMT
x-amz-request-id: GMK80JFW7ZJE2CVK
age: 810
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1340
x-amz-id-2: QGR/V2g8IL4WcGTYZt4cQKDoYiQKNnIpTm3QZvgvvo+tCRyUlSn5+O8gQciIIjFRSac0jK8+l4I=
x-served-by: cache-lcy-eglc8600047-LCY
last-modified: Wed, 12 Oct 2022 13:57:57 GMT
server: AmazonS3
x-timer: S1676348500.021936,VS0,VE0
etag: "383fa66d2a0a09f4a6e64a9593ad43bb"
vary: Accept-Encoding
content-type: application/javascript
abp: 50
cache-control: private, max-age=3600
accept-ranges: bytes
x-cache-hits: 1177

GET
H2 200 / Show response
pips.taboola.com/ 4 B
116 B 36ms
35ms XHR
text/plain 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://k99.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600057-LCY
date: Tue, 14 Feb 2023 04:21:40 GMT
via: 1.1 varnish
server: Varnish
access-control-allow-methods: GET
x-cache: HIT
access-control-allow-origin: https://k99.com
cache-control: no-store
accept-ranges: bytes
content-length: 4
retry-after: 0
x-cache-hits: 0

GET /
cds.taboola.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: eb2.3lift.com
URL: https://eb2.3lift.com/sync?

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=26

Domain: cds.taboola.com
URL: https://cds.taboola.com/?uid=cede9649-27e7-4b0b-8267-0bf28a7f06bb-tuctae491d1&mbl=ZmFsc2U=

Verdicts & Comments Add Verdict or Comment

146 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

91 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it	1969-12-31 23:59:59	Name: gdpr-source Value: GB
k99.com/rest/carbon/api/nowplaying/playertype	1969-12-31 23:59:59	Name: gdpr-source Value: GB
k99.com/rest/carbon/api/gallery	1969-12-31 23:59:59	Name: gdpr-source Value: GB
k99.com/public/dist/chunks	1969-12-31 23:59:59	Name: gdpr-source Value: GB
k99.com/internal-ad-api	1969-12-31 23:59:59	Name: gdpr-source Value: GB
k99.com/styles/desktop	1969-12-31 23:59:59	Name: gdpr-source Value: GB
k99.com/rest/high/api	1969-12-31 23:59:59	Name: gdpr-source Value: GB
k99.com/	1970-01-20 11:48:44	Name: abgroup Value: A
k99.com/	1970-01-20 10:22:20	Name: connect.sid Value: s%3ABasMyjTx_T7BQZqYwF63GeC0nNlcP47a.%2FF%2FKA9LbRxX9hYYRk32aWlzdkUoq0OZgtBe0%2F3ZmqeQ
.k99.com/	1970-01-20 09:40:34	Name: _gid Value: GA1.2.1206874785.1676348491
cdn.production.townsquareblogs.com/	1970-01-20 18:24:44	Name: aleph Value: 66ea9dee-1b25-5849-ac92-b3e10470d5cb
k99.com/	1970-01-20 19:15:08	Name: aleph Value: 66ea9dee-1b25-5849-ac92-b3e10470d5cb
k99.com/	1970-01-20 19:15:08	Name: aleph-count Value: 1
.k99.com/	1970-01-20 19:15:08	Name: _ga_GGT2X929YG Value: GS1.1.1676348491.1.0.1676348491.60.0.0
.scorecardresearch.com/	1970-01-20 19:15:08	Name: UID Value: 129f122c37e549741734bee1676348491
k99.com/	1970-01-20 09:39:10	Name: cogitoergosum Value: eyJsb2NhdGlvbiI6InVuZGVmaW5lZCx1bmRlZmluZWQiLCJ0aW1lc3RhbXAiOiJUdWUsIDE0IEZlYiAyMDIzIDA0OjIxOjMxIEdNVCJ9
.k99.com/	1970-01-20 09:39:08	Name: _gat_primary Value: 1
.k99.com/	1970-01-20 19:15:08	Name: _ga Value: GA1.2.1819075421.1676348491
.k99.com/	1970-01-20 09:39:08	Name: _gat_UA191097531 Value: 1
.k99.com/	1970-01-20 09:39:08	Name: _gat_UA18020139 Value: 1
.gumgum.com/	1970-01-20 18:24:44	Name: cs Value: true
.gumgum.com/	1970-01-20 10:22:20	Name: loc Value: IJeU5cAuwbe7D5nF2Fd1iLxQQp5Ju4QwZaN3-z92u61HhoQofzBJmASp143X5hqE_HqzfSs4lk1H4Io2P9lVaH_NtmWuljXfeOBbHZugomFzPE_MXSgvfbNwsDGQctRiKmvY6kvmNl8
.gumgum.com/	1970-01-20 18:24:44	Name: vst Value: e_5870a9b9-d067-4641-a65e-dbca116285cd
.k99.com/	1970-01-20 09:39:08	Name: _gat_UA288258041 Value: 1
.k99.com/	1970-01-20 09:39:08	Name: _gat_UA452600605 Value: 1
.k99.com/	1970-01-20 09:39:08	Name: _gat_UA1807569576 Value: 1
.adnxs.com/	1970-01-20 11:48:44	Name: uuid2 Value: 5686683875299866847
k99.com/	1969-12-31 23:59:59	Name: blingblocksession Value: 1
.k99.com/	1970-01-20 09:39:08	Name: _gat_UA1150030077 Value: 1
.rubiconproject.com/	1970-01-20 18:24:44	Name: khaos Value: LE3QLYP5-13-D9AQ
.rubiconproject.com/	1970-01-20 18:24:44	Name: audit Value: 1\|naVuGyos1qr6p3XLOPnmiFqbBgMWySGKoH1GQZR6kuiYxu5EzP8j/eAPk+3lIuQL5OnJ4NLQ0BzMboWaW1ii7SeZotjIAfcl
.go.sonobi.com/	1970-01-20 09:39:08	Name: __uih Value: 1
.adnxs.com/	1970-01-20 11:48:44	Name: icu Value: ChgImfM-EAoYAiACKAIwzJisnwY4AkACSAIQzJisnwYYAQ..
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8A Value: s8525\|Y+sMT
.adnxs.com/	1970-01-20 11:48:44	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2C$Io/NMP!]tbP6j2F-XstGt!@DQi$dn@_
.k99.com/	1970-01-20 19:15:08	Name: _pnvl_pjlqa5wd Value: false
.k99.com/	1970-01-20 19:15:08	Name: pushly.user_puuid_pjlqa5wd Value: 5GbVmqV571GUFLVxuphJELeOrNoyc9ti
.k99.com/	1970-01-20 19:15:08	Name: _pndnt_pjlqa5wd Value:
.k99.com/	1970-01-20 19:15:08	Name: _dor_pjlqa5wd Value: k99.com
.k99.com/	1970-01-20 19:15:08	Name: _pnlspid_pjlqa5wd Value: 21308
.k99.com/	1970-01-20 19:15:08	Name: _pnss_pjlqa5wd Value: dismissed
.k99.com/	1970-01-20 09:49:13	Name: _pnpdm_pjlqa5wd Value: true
.id5-sync.com/	1970-01-20 09:39:08	Name: cf Value:
.id5-sync.com/	1970-01-20 09:39:08	Name: cip Value:
.id5-sync.com/	1970-01-20 09:39:08	Name: cnac Value:
.id5-sync.com/	1970-01-20 09:39:08	Name: car Value:
.id5-sync.com/	1970-01-20 09:39:08	Name: gdpr Value:
.id5-sync.com/	1970-01-20 09:39:08	Name: callback Value:
.ads.pubmatic.com/	1970-01-20 09:40:34	Name: KCCH Value: YES
.pubmatic.com/	1970-01-20 18:24:44	Name: KADUSERCOOKIE Value: AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1
.pubmatic.com/	1970-01-20 11:48:44	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 09:40:34	Name: pi Value: 156725:2
.pubmatic.com/	1970-01-20 11:48:44	Name: DPSync3 Value: 1677542400%3A197_219_221_201
.pubmatic.com/	1970-01-20 11:48:44	Name: SyncRTB3 Value: 1677542400%3A54_8_251_220_21_13_7_3_56_161%7C1677628800%3A35%7C1677196800%3A63
.fiftyt.com/	1970-01-20 18:24:44	Name: fifid Value: eedf08e1-013d-4330-4fb7-15f1af73a335
.fiftyt.com/	1970-01-20 18:24:44	Name: cs Value: MTY3NjM0ODQ5NXxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fIy6Z7YTFnfR9r1XAz-c2hXM2hZbYuX67d_pM6GAE1UC
.simpli.fi/	1970-01-20 18:26:10	Name: suid Value: B382EB57FC8449B08B574B2BB250BA6E
.quantserve.com/	1970-01-20 11:48:44	Name: d Value: EM0BCwGlKPijAA
.quantserve.com/	1970-01-20 19:09:22	Name: mc Value: 63eb0c4f-4f5e7-36a8e-db52f
.onaudience.com/	1970-01-20 18:24:44	Name: cookie Value: 34e16849e5e3e587
.onaudience.com/	1970-01-20 09:40:34	Name: done_redirects161 Value: 1
.fiftyt.com/	1970-01-20 09:49:13	Name: fppm Value: 20230214042135
.de17a.com/	1970-01-20 18:17:32	Name: guid Value: 1.4567604272942700702
.adform.net/	1970-01-20 10:19:27	Name: C Value: 1
.pubmatic.com/	1970-01-20 11:48:44	Name: KRTBCOOKIE_57 Value: 22776-5686683875299866847&KRTB&23339-5686683875299866847
.adform.net/	1970-01-20 11:05:32	Name: uid Value: 6408258339436217223
.pubmatic.com/	1970-01-20 11:48:44	Name: KRTBCOOKIE_153 Value: 1923-q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI&KRTB&19420-q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI&KRTB&22979-q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI&KRTB&23403-q51awK3NC8SwmlmX-JkSkavPB8ewyl2Xr8gO02CI
.pubmatic.com/	1970-01-20 10:22:20	Name: KRTBCOOKIE_336 Value: 5844-4567604272942700702
.doubleclick.net/	1970-01-20 19:00:44	Name: IDE Value: AHWqTUkTspkR89I7JlIiYONuxY6f1yEiu8I5wC4C_c_9-4LctnJEUB2cMYaRwkRBDEU
.pubmatic.com/	1970-01-20 10:22:20	Name: KRTBCOOKIE_391 Value: 22924-3776810609572782859&KRTB&23263-3776810609572782859
.pubmatic.com/	1970-01-20 11:48:44	Name: KRTBCOOKIE_80 Value: 16514-CAESEALEztouxHUxjaHYwWtE1oQ&KRTB&22987-CAESEALEztouxHUxjaHYwWtE1oQ&KRTB&23025-CAESEALEztouxHUxjaHYwWtE1oQ&KRTB&23386-CAESEALEztouxHUxjaHYwWtE1oQ
k99.com/	1970-01-20 10:22:20	Name: _pbjs_userid_consent_data Value: 6683316680106290
.k99.com/	1970-01-20 13:58:20	Name: _pubcid Value: 97e22f8b-b8e6-4676-b80f-e49f7e321746
.bidswitch.net/	1970-01-20 18:24:44	Name: tuuid Value: 93a2652c-2fdf-49cc-a207-eea8ed811ccd
.bidswitch.net/	1970-01-20 18:24:44	Name: c Value: 1676348495
.bidswitch.net/	1970-01-20 18:24:44	Name: tuuid_lu Value: 1676348495
.mathtag.com/	1970-01-20 19:05:03	Name: uuid Value: 0d2263eb-0c4f-4300-acb1-590d2b2acbdd
.pubmatic.com/	1970-01-20 11:48:44	Name: KRTBCOOKIE_27 Value: 16735-uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&KRTB&16736-uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&KRTB&23019-uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd&KRTB&23114-uid:0d2263eb-0c4f-4300-acb1-590d2b2acbdd
.amazon-adsystem.com/	1970-01-20 15:08:54	Name: ad-id Value: A-gtR62Vbkq-reRCiSKXtC4
.amazon-adsystem.com/	1970-01-20 19:15:08	Name: ad-privacy Value: 0
.onaudience.com/	1970-01-20 09:40:34	Name: done_redirects104 Value: 1
pool.admedo.com/	1970-01-20 18:24:44	Name: tuuid Value: 6d8f80cc-f108-4b17-9d3f-f4186fabd0e3
pool.admedo.com/	1970-01-20 18:24:44	Name: c Value: 1676348496
pool.admedo.com/	1970-01-20 18:24:44	Name: tuuid_lu Value: 1676348496
.pubmatic.com/	1970-01-20 11:48:44	Name: KRTBCOOKIE_466 Value: 16530-93a2652c-2fdf-49cc-a207-eea8ed811ccd
.pubmatic.com/	1970-01-20 10:22:20	Name: PugT Value: 1676348496
.yahoo.com/	1970-01-20 18:25:06	Name: A3 Value: d=AQABBFAM62MCEMQNla_nGwjVZ6reVvRPY_AFEgEBAQFd7GP0YwAAAAAA_eMAAA&S=AQAAAkgPFDeaTxohLu_UiYu2ZAY
.linkedin.com/	1970-01-20 18:24:44	Name: bcookie Value: "v=2&de5b5b3e-8569-4d92-8981-47910f77d8a6"
.linkedin.com/	1970-01-20 13:58:20	Name: li_gc Value: MTswOzE2NzYzNDg0OTY7MjswMjHhUCM2DFYp2qU5MLB79TdATFtRsmTyVVRbKyTl1HBTSQ==
.linkedin.com/	1970-01-20 09:40:34	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=2910:u=1:x=1:i=1676348496:t=1676434896:v=2:sig=AQHuOOp_jPSh3PxSi7KDMFV6A0AMWqW7"
k99.com/	1970-01-20 10:22:20	Name: newsletter-overlay-notspam Value: completed-newsletter

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope Message: Failed to load resource: the server responded with a status of 451 ()
security	warning	URL: https://dbejeqv8nk3po.cloudfront.net./script.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
javascript	error	URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/ Message: Access to XMLHttpRequest at 'https://eb2.3lift.com/sync?' from origin 'https://k99.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://eb2.3lift.com/sync? Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=34e16849e5e3e587/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://k99.com/warning-this-email-scam-is-going-around-colorado-please-dont-fall-for-it/ Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=26' from origin 'https://k99.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=26 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=AAC3E096-3D35-41DA-BB7A-E9E4EB21D7C1&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=14544/tp=BIDB/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DNrGB8F9IYWnbUSWRnVnYnVST%2526gdpr%253D0%2526gdpr_consent%253D Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.teads.tv
a.tribalfusion.com
aax-dtb-cf.amazon-adsystem.com
aax-eu.amazon-adsystem.com
action.dstillery.com
action.media6degrees.com
ad.turn.com
ads.playground.xyz
ads.pubmatic.com
am-match.taboola.com
am-vid-events.taboola.com
apex.go.sonobi.com
api.rlcdn.com
apis.google.com
as-sec.casalemedia.com
assets.pinterest.com
aud.pubmatic.com
bh.contextweb.com
btloader.com
c.amazon-adsystem.com
c1.adform.net
cdn.confiant-integrations.net
cdn.p-n.io
cdn.production.townsquareblogs.com
cdn.taboola.com
cds.taboola.com
cm-supply-web.gammaplatform.com
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
core.iprom.net
cr.frontend.weborama.fr
csync.loopme.me
d5p.de17a.com
dbejeqv8nk3po.cloudfront.net.
dis.criteo.com
dsp.adfarm1.adition.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
funes.solutionshindsight.net
g2.gumgum.com
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.clean.gg
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
images.taboola.com
imprammp.taboola.com
ioms.bfmio.com
ipac.ctnsnet.com
js-sec.indexww.com
k.p-n.io
k99.com
lexicon.33across.com
loada.exelator.com
log.pinterest.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
matching.truffle.bid
mug.criteo.com
mwzeom.zeotap.com
pagead2.googlesyndication.com
pips.taboola.com
pixel-eu.onaudience.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.rubiconproject.com
platform.instagram.com
platform.twitter.com
pool.admedo.com
pr-bh.ybp.yahoo.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
pubmatic-match.dotomi.com
px.ads.linkedin.com
region1.analytics.google.com
rtb-csync.smartadserver.com
s.amazon-adsystem.com
s.tribalfusion.com
sb.scorecardresearch.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
static.solutionshindsight.net
static.xx.fbcdn.net
stats.g.doubleclick.net
storage.googleapis.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
syndication.twitter.com
taboola-supply-partners.tremorhub.com
tlx.3lift.com
token.rubiconproject.com
townsquare.media
townsquaremedia-d.openx.net
trc.taboola.com
u.openx.net
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
vidstat.taboola.com
vidstatb.taboola.com
visitor.fiftyt.com
web.facebook.com
wf.taboola.com
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.instagram.com
x.bidswitch.net
api.rlcdn.com
cds.taboola.com
eb2.3lift.com
104.18.33.19
104.244.42.136
13.224.191.98
141.226.228.48
141.94.161.190
141.94.170.64
141.94.171.216
142.250.186.34
143.204.215.72
151.101.1.44
151.101.130.49
151.101.64.84
159.65.196.12
162.19.138.119
172.64.151.162
172.64.154.237
178.250.0.163
178.250.2.146
18.196.218.148
18.197.80.115
18.235.165.126
18.66.23.213
185.29.134.248
185.64.190.77
185.64.190.78
185.64.190.80
185.64.190.87
185.86.138.153
185.89.210.244
185.89.210.90
192.229.144.129
192.229.233.218
195.5.165.20
198.148.27.139
198.47.127.20
2.18.232.7
2.18.36.193
2.19.35.65
2.19.44.144
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
209.54.182.161
213.155.156.164
213.19.147.45
23.64.52.128
23.88.86.2
2600:1901:0:8344::
2600:1f18:612b:4216:cd79:34ae:bc6a:5e70
2600:9000:2304:4200:0:b015:b300:21
2602:803:c003:200::21
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::ac43:db6
2606:4700:20::ac43:4686
2606:4700::6812:106b
2606:4700::6812:17ea
2606:4700::6812:19ad
2620:116:800d:21:93ca:31d8:d86e:38f6
2620:1ec:21::14
2a00:1450:4001:802::2002
2a00:1450:4001:80b::2010
2a00:1450:4001:810::2008
2a00:1450:4001:812::200e
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a00:1450:4001:831::200a
2a00:1450:400c:c07::9b
2a00:1450:400d:807::200e
2a00:1450:400d:808::2003
2a00:1450:400d:80a::200e
2a00:1450:400d:80d::2002
2a00:1450:400d:80d::2003
2a02:2638::1c
2a02:fa8:8806:12::1400
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a03:2880:f12d:83:face:b00c:0:25de
2a03:2880:f21c:81c4:face:b00c:0:43fe
2a03:2880:f22d:e5:face:b00c:0:4420
2a04:4e42:41::84
2a05:d018:d29:3601:d295:c4e8:8fc9:991a
3.126.56.137
3.64.174.171
34.102.253.54
34.111.129.221
34.111.131.239
34.120.133.55
34.252.119.156
34.95.69.49
35.186.193.173
35.201.96.126
35.204.74.118
35.210.53.219
35.214.223.115
35.244.159.8
37.157.6.241
44.209.82.109
52.214.145.182
52.220.229.2
52.223.40.198
52.48.107.147
52.48.166.87
52.7.44.10
52.73.40.162
52.95.125.22
54.78.254.47
54.85.61.80
69.166.1.15
69.173.144.165
72.251.241.206
76.223.111.18
77.243.60.138
85.114.159.118
93.184.220.223
98.98.134.243
99.86.4.3
99.86.4.94
013717dcbb20dee352aedeea3ebc3f0c7979febd6f2775b75791824f75e77b13
01bc585c2d32615b326cab6bd32346c25dfc04dda948f763115fb911beac250a
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06cdfd0a559415f396de1ad1c519dbc2e97d10688b33d3f1ff34928959eb5d1a
0757e1286a5519e642a499013cd1c8e378b3dbc47b30ca12c76ff219e5e4fe0d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d05aa7fda69e5a6629806fe1b77d18eb6ce5a777eed211f77b51b728f62b4a6
0f50638cdc3c746b6b9d829c4e482a0342da6a8cb27e6fbe4f5e24e22363187c
108fed68e9569fa8ff80c40d6cbdb831759066ed78af7e2c109d53a926d46d5a
127a016ebd771e91ec433ba7e76a6f77ef527e79dfa2eaf5f57863c879324867
17c048bfb0138677a5774ee0301b7858b6d3fa8620fcaf62b6b81a0b5a37996a
183e1297a8547a306c16779549def090e927ca2b3b6bdd33fb67183c827afa8d
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1a1810b9d85d9c017bf9bcb5b30ae028a036afb934dded706ea229dc7fc9d483
1b3c20c6928f5b5b4bf68d178187e4fd3e4ad3fae63c9f8430cc7be4c0010ff1
1be2d3bb82d2c16cab5dc4e301ae4edbc799f02f84a174f2449cc0b8a0aa67fa
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
206e583cfc01eaee4cb4aeb30dead896eb3e281284b5d424018408e06a99ab67
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e
2153b02b3bfbe20cc61053163c5f2960de67992d90288d85373179377b0ed2ea
221e69003af87e6e8f934828ab416477126f3c062500e3bcb636bb9d87bf9b06
22410741f4a66b3c0f2f6bbef425aa97bcd6eadaee0fa3a98bd151f95da86cb4
22e572f2a25f562571a0b6a52e1950d01e650c3ed1cf95f1dc6a24ee4aa3cbd7
24015e87dffbcb2aff83c109e1bb04da370a79c6a2a54b008dcf4a501db4473a
247a8033d5ac9ae54e9bcdf19121ec5af03b523c3273fc6e530d4cc487ed929e
25e87bfed8dd84d831bb89417fc48e170d00351b9479e25cf7924d7e5f0e1866
26eab2111f9f0a44bc744ab78abecc6402fded4f6a36c5edfc2accc1ae66c895
27bd01c8e79dcd85fd696e9d10581f0414f22dc14eb57d48cd8e2d129d275e42
29795823f24670af47f1d92b997759b39116aa3edda3b4341c41bfce1435e081
29ac11b8aca81dd78c09c546feae3524320cef85b8e9b445b099c0208b5850c1
2a19f79bd2859fb1dffdd7c8643dc5e58fc7a9b7fb493d68359f400c420467b3
2a4d031539241db0e86a38c2f5076a739b0ec53a90321aad7f044250b3e4f418
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c73e10afb7f10a8ec37961abd01e46fef89b9e13dd9369a2368f071c6bd67c4
2c8cfd67f1854382b20e56b60b18515ffb4df3ef2477513a8d283f10971a40ab
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
300cb44bf8c57a7cdbf84584cb37670455bd576e51b4630e774d5ff499b86d62
30befad5d0dcec5e971635edad71e2372a5b5b982a1ff69e2102818c65a9d826
3400c27c9329fc2805aa324d61c60db41f90c338450da456b31cde72fd83122c
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37a4f736b5d18a99138bddce0553e27780d9beacdd264b5dd7dc77d52c3250f9
38e1e6c680ef39235e64726496ece6b39355e5fb5d2ff9f94881393427ef9d67
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
39920847eb4f898415c17888b755ed1727c92005ff60039b2d43f0102cea0d88
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3e1c7e09fc6673f2b0138d8a1131b1d32a32ad4562fe6d3a1c65c944e66d1b54
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
41a14daee8711278ad1b9457c6a2f336dee2419916bc47a82dcbe70a79bfbe43
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
45f935e2c829593e3f1e40e1d6288ba128f79fade4c7a86221942ba21e738564
465019df99a1b81e72d77b792bc2aaec9c0808f04eb10c92049b046f92408bf4
466fcdb8b621eb1294be04478f81a149d29fd48d282a195339ad299365803244
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48f30bc574119db39ab98b775c39a59f927c8b8feb0393cb465946370a5922c1
4a6421b0ce55b960330c08562dbd6b0bfed5b221b83e2cfa574252ba1cb72932
4b45a74b01787af5342c49c46b978b71b361fd16aa4503adfedbcac46d0e7dd4
4b4c098d08cbcf90cc2ba1b062eb22014f0e07bd9ae3fb910a48459a60f2760a
4d68890ba4c6bfa2417c5b97ab63489256913dcae1f94f232204b05d8fa4f5b1
4df46f6a6097d68ae9e4ebdb06b73986636291d89e6f89b4dfd35003cc8e707f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e902c64b724e110bbb3a8840f46d79f8569949376c73edf7955dbf388159cc5
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
50317b9039d375bb37c61cc6e0ea3c977b69c4ca6f3003398e20928834308b7e
50aad904a7f417f5ab6734b1d980f97e70636bcd92c5e59288d7a8286f42a88b
50cc8f91517092b24611b19b4c178ec00ea2a1caa4189d77d91d4516f8c9bc99
50f84ea9ae5dac81a1a6cff3a526aad9630d60adff608a59ab8ebecc722c5efe
587ce8b863a4285bec6e1952516bb554812def226169612c6c26dc3241f549f2
595a9899c05532f7feb4efece8c92b9f2cd9fa71212cd876a803aa369ace46fb
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5df2498d566a9c0c42fef5906f0818a35cfc4ce1cac95e1e0eed4265c838eb10
60b7a9b8cc82be065ce8e42a6c9fa3fe1b6964e543b1bf30ad7f4e93eada2406
60e3c2b60da1f5a65f156fa8cabaa080ab990a36954566c94dd33bcbed704ac3
633cb8b2602677e3088b2bcb1a2628ae40b9ba36d60f9b352e4bb92b97ecfe43
65b519b8f4e0da3da93026b5d59d2aeff92030b4c48a34883e45090fd113e122
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ef8287ceb486a87e075b1bcba174716ef19a23c57ce7cfc93bd43e1fc836cd3
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
739fc88e0e68f78146d0f9d6740cb27801a2648d5e2bceddbbca2a8e71d2819f
73cfa30aebd6f88c7973d442b5377a00fdef093ce9b63dc4508a766d8d8d6cf4
73f6586738f8281c97b6261e8fe281f75524ec2f8264cda85cc10c3001f9faa9
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
757b00def4ee826bb13ad1cea6a2a2581de1d2487e7ce3b1fe0a0389156c6137
75d51f26daee6a91e51108c8ab3f949200fc82ae004416eb7fec21c3a7df58a1
79961b5bdaa33f68152985cccd0ec14f9e7619534474529a6dc90c1f8f59597b
79ef8e3c8004ae64ac947bf7de25ca3b4b359dc056493bbed831e459c346f24e
7c370d9536d7d0d6a0f7cd7f9826692acd93e4fb05ba46f7b630b879740343d3
7f23ebc55cd8db69deb7a4c91c4ee2bc43e7faa51798c6ceec99d5955ac704cc
7f7cb1120b82d5615541acc61e6b13bbf181afbb3832bb59376a63848472f205
818707aa9cdc4aa00fbcf81afaf925d29a557db23682bf84cf0dd0bb35f6dc40
8212c87de4fc1b8d1d39f895ecba0b8d2e7ce91061998998f240347f24506bec
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
834fe3b0c0a1f49660c78ac318dc827f5a8f5d5c59cd82a28cb46de18c91eeb1
84713e73b3cf1844f688b3c92369b5dccd2b31b175c8c1056d240c40761997df
850179bbc69c901378beb0700154b9ca68ac33eed8d105f2c862930a6c975e50
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
881cb99b0ea08434a292febe4de0aad280e9d2cb6ab46053de91ae2b93e766ce
88368035e4c3b2291254de9b8fa5a652b0b78e2260a2b4bda89c0347fc31db00
8b75fb59640d95ff3485e1a4851f392c25a31f52effd7d63e9b6ebb3e223410f
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
9382d8c93fda5e4fe9eb44a1f84b89880027b481ead12692e74643bd685c63c4
96223b08ff5c8aa42bbbb9830043de9cc3585ec6f0ea1232d3e0a6c43f506300
970454e343ea0ae275695f9d147287d5879189d0544b80040deab7f53d59f3fb
980c5d3f2c9d21b9c5ddd170f98a7a3f77a8e96cf2406ed205d5ce339aeabf91
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b1541d58e87461368f928fb9d891ef217e52d7776ce42a8a8f896bdd2b7096d
9c7bf6fd89eb097c1f7cf0a33ba3ff0b9edc9ef69a2e496fa332c688841a8841
9cc14ff6368a484d4980452f0957f5359569e23f9a90b2a523d285a21946892e
9fd3709a8e859a96fce2449f00ad73d6ac39bb46b8d8cf31133030a101adcbeb
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1010649f9dc3f8d59dd902753332a28b11c3701a5325ebe921cb3c324e453ca
a59793e27d94b444404fb4d0ae26ec71cc648df4750e001bad4d29c5cebbeaff
a661f8f8090e763d9e46c3b0745a402070fc823d3cf116aba6c2ad0287282d62
a74b244fb3417cb66127b22854ccb9cfe814b41f813630f591bd01cbf7082689
a80933c717cce51df2b59fc76f4f3e81892fd743f4bff7945e8ec353ed32c649
a909976ab116f9cbe75425025846363b92ea80340e36baebdc70298a43b6b7c2
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
ac00380ee479f981bf1e37150367b2359f448c90c1ecfe997a9982fb79b61507
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae08f2abf5f3de4421e95c6a9dda1c17a03627100c6839d780f8459b05acf06c
ae302c015745e664ee9c557a8e8065385c6e5758a068374f153b72702ec5707b
ae615986d71066f01b7c7ddf923abeef6e2c8b26eca4c1623cdc0d0c4b8d46eb
b101273fd9f0f3a076350cdffefc15f4366d1b0ae4872a47c462a8e0be0261b7
b19df53413248256037627c74af6c685d1bbf2b695a804bf9dbd6a925f2c3380
b28c5652fc544d473355d16847ae922cfbad8f9951ba1f99b7ae1bd74308f980
b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2
b6457007c9025c5dd20c103fb2a0b140f59c67eb59e58cc03b260b768bdb07f0
b8c65c14e854c7d0839b89e1b08d0013222a5c72ff28217190d6c07ae17255de
b8d9e78bca2aef0dd48377a7985beca9968ce51fe9a84805a8a258a2af86c89d
b950d16a0492939244e9fe71c1e712ab103c04d1f39a5b142dbf2ff759a7fced
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf7dae2c32561b995e83af9b21b937d7f08c7dba0871dd782668ddc968e2b4c9
bfe1d46750622738b73ecc487555f400a20096d26d5f772fedd6ddc1b3ad3e92
c1f87b6ebedfe2a978cb946c520baf745f8e3a4b47c690f9c7b353a84f7b53ca
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3163918bc5ba25383043400f7245a65a265b47d213a25afb5916b41af878bdb
c5e217ee8a059e5fd0860a9f4a75e30caf62646613163e47323664dbe423fd0d
c6acbd9dd43ab1a404602ebb4f256aedab19fb560e06e8fcfbdc8e5d1b193686
c86b78b246646c819ce4b4dc76faf70ac9dc52a0368996c539b28b78fe22a56d
cb91bf2487214c9142094afed3bbd81869e8970c03d31971208f7f1d3210004f
ce8778046a97918590245900c0a7e253cf0d924d6410a5d925b5fe6c34925c9d
ce87a7c8ea8f189fb8e71b16b962b15f263a1cb37e19500e45b6992d316f3fbe
cf2fe539878b6a01a2a43d269816fe0e6aeaf25436b0e0824d393acfcea5141f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d325e9c90c96d1084dd9a729dd497b86f9a8665116e3bd6f3eab8ff130e7487c
d37351b024331578ff6ab3777bb2f77420e12c8d8e9c2d32b5ac4befa99b978e
d557de3f39744cf5f2dc1fd949f47e98362dfdb6bd43a8b691d5b61bfb63fd95
d609579049e96077cf5a6d30886236efcb9a5a125e6901aa6e8502a5c81aa610
d6436bf86160892956d5fb4180b81629a61528ba7000cd334973c23ecaa9c9d4
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
da8517a0729d16d2679b75dd455141718a58a6a12dfc73e681dd07592b1b59e3
dacab018d3e9d9587f247411ce59f73226120184b0bc539cdeac51a15a2d1a43
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
dbf27ed1055ac4b5f8fca1d2095d5b77aa3ef650a59c0f6174c82d811f5914d6
dc4a4a48cde6d8fc53ffb1e0268be31726d816b46d002afcbc6ee0942375c7a8
dd457dba1564ba7feb1e4356f32eae12d34d1633b20cdf55f98bb2cec105e2a6
dd50f9428071ad6b43c5d41627978cb0f870c4ca1fd08a2621ae741029842699
dddbe9034951da2c5dcb07d3ddff04735ef31baba9eb80c2de686b8e018becff
df0ecaffc2a22d28682fd9420050bfbd70ad4df55be9e7fc9601ca6faf0a12e0
e2018d819d93d87c31cd376129262a202e8c10208a771b2a9e89650d28786c1c
e34af1e6e75af697e115fba76f25e458c0d5542c819f4ef6b9e553e613f5fadb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e455c9481ab43afb3fe882d539f47ad82eb560651f6c68a99f4dfb8ff4249d88
e5c31b1054e23be94e21eccc99699185d64ed342d401f658e26ffa0a80a6acc2
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
e9008fe282850688d5c8544707e9d97ff6d737ee6791afc1d60448750a451b0a
e9b56dd1ce180db739cf165777f58149699af061708902e22eb955c5389c3799
ec5fe4cd5b4e7319fe8f859b0658cb89c7fc90f2938e5f529fd2ccf0a1fd3c4d
ecfbab4e4ef70f9acb5205781ad4c28106f8bbbb14f7a89e4cd7682108c388ce
ed8a3320b85003e4acda56beba20a58f9d931cbabc95024476a99be054813fe5
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ee60d968695cd8086c83f174fdf82cb0bb5b239a4aa0ee7e6544cdc95e9cf70b
ee80cf3b15ea6f7dd08ba1b6bbb065994092b94415845536e0db3476ea80fad4
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4325aa0f7c17efb2807f805efbab5f74ccf5299b1b0c44a73eb6499a5c1de9
f29d6a15dad119f952895a5e28b31ac92fb281d0da77d4beb056cbe74f3a5ece
f4f014cb74f3b341e5b43171bf87d57f3a7b878653f4a164d966cd6eea535a82
f557eace0ab7f5c416209ea3b01c21e6bb36e52bb87b8e1ddc762c9b4ad2f94f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5f08800436972ee50e481aa2dc44a54f97f2c1be6961edd8f625b0a68177183
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f978eafd1272979e62fd28b40d37e4b28d24ba2b9e2e4450c57d38cea109a2b2
fa19ab413493b004c5957325db711ffde124c52cb5007049f1331dd1302bc774
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
fc9ca5672114fd508129bac80b6a806e77960e36fe0e70837936b5d2c3bbe2aa
ff17b81c59041af25d3ee0e5eb12898066d76f2b36cfa7e2ad8f49b9f7f71b7d

k99.com Open in urlscan Pro 93.184.220.223 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

364 Requests

90 %HTTPS

31 %IPv6

86 Domains

134 Subdomains

90 IPs

11 Countries

4149 kBTransfer

12424 kBSize

91 Cookies

57 Outgoing links

Redirected requests

364 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

k99.com Open in urlscan Pro
93.184.220.223 Public Scan

Screenshot
Live screenshot

Full Image

364
Requests

90 %
HTTPS

31 %
IPv6

86
Domains

134
Subdomains

90
IPs

11
Countries

4149 kB
Transfer

12424 kB
Size

91
Cookies

364 HTTP transactions
2 data transactions