excel-malin.com Open in urlscan Pro
3.127.76.126 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://excel-malin.com/
Effective URL:
https://excel-malin.com/
Submission: On March 22 via manual (March 22nd 2021, 2:00:03 pm UTC) from IE

Summary HTTP 499 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 99 IPs in 12 countries across 106 domains to perform 499 HTTP transactions. The main IP is 3.127.76.126, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is excel-malin.com.
TLS certificate: Issued by R3 on January 31st 2021. Valid for: 3 months.

This is the only time excel-malin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 63	3.127.76.126 3.127.76.126	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e0:... 2606:4700:e0::ac40:6e26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
14	2606:4700:303... 2606:4700:3033::ac43:cd64	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42::621 2a04:4e42::621	54113 (FASTLY) (FASTLY)
2	2600:9000:206... 2600:9000:206f:d200:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
2	104.108.64.37 104.108.64.37	16625 (AKAMAI-AS) (AKAMAI-AS)
31	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
7	18.156.95.187 18.156.95.187	16509 (AMAZON-02) (AMAZON-02)
1 3	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 6	216.52.2.30 216.52.2.30	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	136.144.59.88 136.144.59.88	54825 (PACKET) (PACKET)
2	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4 10	185.33.221.15 185.33.221.15	29990 (ASN-APPNEX) (ASN-APPNEX)
1	63.33.123.138 63.33.123.138	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	198.148.27.134 198.148.27.134	19189 (PULSEPOINT) (PULSEPOINT)
1	23.37.38.181 23.37.38.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:400c:c0b::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	54.36.109.155 54.36.109.155	16276 (OVH) (OVH)
2	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY)
7 15	184.30.20.241 184.30.20.241	16625 (AKAMAI-AS) (AKAMAI-AS)
4 10	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
14	184.30.20.198 184.30.20.198	16625 (AKAMAI-AS) (AKAMAI-AS)
20 35	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
6 9	52.50.156.162 52.50.156.162	16509 (AMAZON-02) (AMAZON-02)
19	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 3	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2 2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
15 15	54.194.129.87 54.194.129.87	16509 (AMAZON-02) (AMAZON-02)
2 2	3.127.129.22 3.127.129.22	16509 (AMAZON-02) (AMAZON-02)
8 8	213.19.147.151 213.19.147.151	26120 (RHYTHMONE) (RHYTHMONE)
18	52.30.76.93 52.30.76.93	16509 (AMAZON-02) (AMAZON-02)
4 4	52.48.137.92 52.48.137.92	16509 (AMAZON-02) (AMAZON-02)
1 1	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
7 7	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	18.198.69.109 18.198.69.109	16509 (AMAZON-02) (AMAZON-02)
4 5	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
5 7	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
5 5	185.29.133.52 185.29.133.52	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	185.33.223.178 185.33.223.178	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	54.163.239.172 54.163.239.172	14618 (AMAZON-AES) (AMAZON-AES)
1	104.76.200.23 104.76.200.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3 8	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 1	46.228.164.13 46.228.164.13	56396 (TURN) (TURN)
5	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 4	37.157.4.29 37.157.4.29	198622 (ADFORM) (ADFORM)
5 5	3.126.158.103 3.126.158.103	16509 (AMAZON-02) (AMAZON-02)
2 2	18.159.17.140 18.159.17.140	16509 (AMAZON-02) (AMAZON-02)
2 2	64.202.112.127 64.202.112.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2 4	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	35.172.126.30 35.172.126.30	14618 (AMAZON-AES) (AMAZON-AES)
2	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
3 4	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	202.241.208.100 202.241.208.100	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
6 6	213.155.156.166 213.155.156.166	1299 (TELIANET ...) (TELIANET Telia Carrier)
1 15	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	185.86.137.131 185.86.137.131	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	94.23.73.243 94.23.73.243	16276 (OVH) (OVH)
2	72.251.241.206 72.251.241.206	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 4	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:303... 2606:4700:3039::6815:c00b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 6	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
2	185.64.189.249 185.64.189.249	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 5	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
7	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 3	52.46.130.13 52.46.130.13	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
2 3	88.221.62.154 88.221.62.154	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	18.185.0.221 18.185.0.221	16509 (AMAZON-02) (AMAZON-02)
2 2	18.197.99.6 18.197.99.6	16509 (AMAZON-02) (AMAZON-02)
1 2	18.185.82.201 18.185.82.201	16509 (AMAZON-02) (AMAZON-02)
1	18.158.174.89 18.158.174.89	16509 (AMAZON-02) (AMAZON-02)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2600:1f18:612... 2600:1f18:612b:4264:9a95:fbee:2d35:58d	14618 (AMAZON-AES) (AMAZON-AES)
2 2	149.56.26.32 149.56.26.32	16276 (OVH) (OVH)
4 5	51.210.112.63 51.210.112.63	16276 (OVH) (OVH)
1	23.210.248.12 23.210.248.12	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.76.222.161 54.76.222.161	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1460	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	88.214.193.99 88.214.193.99	46636 (NATCOWEB) (NATCOWEB)
1 1	18.237.96.144 18.237.96.144	16509 (AMAZON-02) (AMAZON-02)
2 2	52.21.211.170 52.21.211.170	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:444... 2600:1f18:444a:4602:a911:dd8a:407b:f40	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.25.144 34.120.25.144	15169 (GOOGLE) (GOOGLE)
1 3	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1 1	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	54.250.196.226 54.250.196.226	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
4	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
1	2600:9000:218... 2600:9000:2182:6a00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	37.157.5.73 37.157.5.73	198622 (ADFORM) (ADFORM)
1	38.27.122.101 38.27.122.101	174 (COGENT-174) (COGENT-174)
1	2606:4700:303... 2606:4700:3032::6815:57ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700:303... 2606:4700:3039::6815:c00a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.102.211.201 34.102.211.201	15169 (GOOGLE) (GOOGLE)
1	91.208.224.199 91.208.224.199	47980 (HOPPS-GROUP) (HOPPS-GROUP)
499	99

63 3.127.76.126 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

excel-malin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e0::ac40:6e26 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:3033::ac43:cd64 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-0.excel-malin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::621 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:d200:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.108.64.37 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-64-37.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.156.95.187 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.52.2.30 (United States) 3 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.144.59.88 (Secaucus, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.38.120.206 (France)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.33.221.15 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.123.138 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-123-138.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.134 (New York, United States)

ASN19189 (PULSEPOINT, US)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.181 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-181.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.109.155 (France)

ASN16276 (OVH, FR)
PTR: p05.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 184.30.20.241 (Frankfurt am Main, Germany) 7 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-241.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 198.148.27.140 (New York, United States) 4 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 184.30.20.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-198.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aktrack.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 142.250.185.98 (United States) 20 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.50.156.162 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)

data.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 216.52.2.48 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 159.253.128.188 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 54.194.129.87 (Dublin, Ireland) 15 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.129.22 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 213.19.147.151 (United Kingdom) 8 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 52.30.76.93 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.48.137.92 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-137-92.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.97 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 66.155.71.150 (Portsmouth, United Kingdom) 7 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.69.109 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-69-109.eu-central-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.227.248.159 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:116:800d:21:f916:5049:f87f:108e (United States) 5 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.29.133.52 (United Kingdom) 5 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.178 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.163.239.172 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-239-172.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.200.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-23.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.30 (Amsterdam, Netherlands) 4 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ams.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.98.64.218 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.13 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.4.29 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.158.103 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-158-103.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.17.140 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.127 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1288:110:c305::8000 (United Kingdom) 2 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.172.126.30 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.14.49 (Frankfurt am Main, Germany) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.100 (Japan) 1 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 213.155.156.166 (Sweden) 6 redirects

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.137.131 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.23.73.243 (Lisbon, Portugal) 2 redirects

ASN16276 (OVH, FR)

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.241.206 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:d05 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3039::6815:c00b (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.13.44 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.201.96.126 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.249 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:fa8:8806:16::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pulsepoint-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.46.130.13 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.221.62.154 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-62-154.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.0.221 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.99.6 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.82.201 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-82-201.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.158.174.89 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-174-89.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (United States) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:9a95:fbee:2d35:58d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 149.56.26.32 (Canada) 2 redirects

ASN16276 (OVH, FR)

red.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 51.210.112.63 (France) 4 redirects

ASN16276 (OVH, FR)
PTR: ns3174889.ip-51-210-112.eu

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.12 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-12.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.222.161 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-222-161.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1460 (United States)

ASN41041 (VCLK-EU-SE, US)

match.sync.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.193.99 (United Kingdom)

ASN46636 (NATCOWEB, US)

sync.colossusssp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.237.96.144 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

demand.trafficroots.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.21.211.170 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4602:a911:dd8a:407b:f40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.25.144 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 144.25.120.34.bc.googleusercontent.com

public-prod-dspcookiematching.dmxleo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::ac43:db6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:119:50e1:101::6cae:b25 (United States) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.149 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.250.196.226 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

pr.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
beap-bc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.245 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:6a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.73 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.101 (United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:57ae (United States)

ASN13335 (CLOUDFLARENET, US)

ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3039::6815:c00a (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.211.201 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

track.effiliation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.208.224.199 (France)

ASN47980 (HOPPS-GROUP, FR)

cdn.hopps-group.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	excel-malin.com 2 redirects excel-malin.com cdn-0.excel-malin.com	1 MB
72	doubleclick.net 20 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	193 KB
44	pubmatic.com 1 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com Failed aud.pubmatic.com image4.pubmatic.com aktrack.pubmatic.com simage4.pubmatic.com	179 KB
34	googlesyndication.com cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	247 KB
25	lijit.com 3 redirects ap.lijit.com ce.lijit.com	46 KB
20	google.com 1 redirects adservice.google.com www.google.com	26 KB
19	gumgum.com g2.gumgum.com rtb.gumgum.com	6 KB
15	ad4m.at ad4m.at as.ad4m.at assets.ad4m.at	290 KB
15	bidr.io 15 redirects match.prod.bidr.io	7 KB
14	casalemedia.com 7 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com dsum.casalemedia.com Failed	13 KB
14	adnxs.com 6 redirects ib.adnxs.com acdn.adnxs.com secure.adnxs.com	45 KB
11	2mdn.net s0.2mdn.net	207 KB
11	yahoo.com 6 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com pr.ybp.yahoo.com beap-bc.yahoo.com	11 KB
11	google.ch adservice.google.ch	3 KB
11	contextweb.com 4 redirects bid.contextweb.com bh.contextweb.com	11 KB
10	ampproject.org cdn.ampproject.org	197 KB
10	adform.net 2 redirects c1.adform.net track.adform.net s1.adform.net	39 KB
9	adsrvr.org 6 redirects data.adsrvr.org match.adsrvr.org	4 KB
9	gstatic.com www.gstatic.com fonts.gstatic.com	391 KB
9	ezoic.net go.ezoic.net g.ezoic.net	3 KB
8	openx.net 3 redirects us-u.openx.net eu-u.openx.net	2 KB
8	criteo.com 1 redirects gum.criteo.com mug.criteo.com bidder.criteo.com dis.criteo.com	2 KB
7	quantserve.com 5 redirects pixel.quantserve.com secure.quantserve.com cms.quantserve.com	11 KB
7	sitescout.com 7 redirects pixel-sync.sitescout.com	4 KB
6	taboola.com 2 redirects trc.taboola.com match.taboola.com	1 KB
6	de17a.com 6 redirects d5p.de17a.com	2 KB
5	onaudience.com 4 redirects pixel.onaudience.com	2 KB
5	dotomi.com pubmatic-match.dotomi.com pulsepoint-match.dotomi.com match.sync.ad.cpe.dotomi.com dclk-match.dotomi.com	570 B
5	bidswitch.net 5 redirects x.bidswitch.net	2 KB
5	mathtag.com 5 redirects sync.mathtag.com	3 KB
5	tapad.com 4 redirects pixel.tapad.com	2 KB
5	1rx.io 5 redirects sync.1rx.io	3 KB
4	googletagservices.com www.googletagservices.com	135 KB
4	fiftyt.com 4 redirects visitor.fiftyt.com	2 KB
4	zeotap.com 1 redirects mwzeom.zeotap.com spl.zeotap.com	2 KB
4	tribalfusion.com 2 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
4	erne.co 4 redirects green.erne.co red.erne.co	1 KB
4	everesttech.net 3 redirects sync-tm.everesttech.net	914 B
4	creativecdn.com 4 redirects creativecdn.com ams.creativecdn.com	1 KB
4	crwdcntrl.net 4 redirects bcp.crwdcntrl.net sync.crwdcntrl.net	2 KB
3	yimg.com s.yimg.com	85 KB
3	liadm.com 2 redirects i.liadm.com i6.liadm.com	1 KB
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	smartadserver.com rtb-csync.smartadserver.com	543 B
3	amazon-adsystem.com aax-eu.amazon-adsystem.com Failed s.amazon-adsystem.com	2 KB
3	rubiconproject.com 2 redirects pixel-us-east.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com	2 KB
3	unrulymedia.com 3 redirects sync.targeting.unrulymedia.com	2 KB
3	simpli.fi 1 redirects um.simpli.fi	2 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	sonobi.com 2 redirects sync.go.sonobi.com	2 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com	1 KB
2	3lift.com 1 redirects eb2.3lift.com	712 B
2	advertising.com 2 redirects pixel.advertising.com	703 B
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	adgrx.com cm.adgrx.com	816 B
2	deepintent.com match.deepintent.com	60 B
2	sportradarserving.com 2 redirects a.sportradarserving.com	1 KB
2	turn.com 2 redirects d.turn.com ad.turn.com	843 B
2	exelator.com 2 redirects loadm.exelator.com	1 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	rfihub.com 2 redirects p.rfihub.com	1 KB
2	indexww.com js-sec.indexww.com	2 KB
2	criteo.net static.criteo.net	51 KB
2	onetag-sys.com onetag-sys.com	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	paypalobjects.com www.paypalobjects.com	2 KB
2	polyfill.io polyfill.io	682 B
1	hopps-group.com cdn.hopps-group.com	66 KB
1	effiliation.com 1 redirects track.effiliation.com	631 B
1	ad4mat.net ad4mat.net	1 KB
1	bnmla.com match.bnmla.com	112 B
1	quantcount.com rules.quantcount.com	347 B
1	adingo.jp cc.adingo.jp	44 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	583 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	480 B
1	linkedin.com 1 redirects px.ads.linkedin.com	592 B
1	dmxleo.com public-prod-dspcookiematching.dmxleo.com	176 B
1	trafficroots.com 1 redirects demand.trafficroots.com	403 B
1	colossusssp.com sync.colossusssp.com	648 B
1	yieldmo.com ads.yieldmo.com	431 B
1	teads.tv sync.teads.tv	172 B
1	tremorhub.com partners.tremorhub.com	183 B
1	sharethrough.com match.sharethrough.com	263 B
1	socdm.com 1 redirects tg.socdm.com	838 B
1	emxdgt.com cs.emxdgt.com
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	ipredictive.com 1 redirects sync.ipredictive.com	428 B
1	outbrain.com 1 redirects sync.outbrain.com	627 B
1	media.net contextual.media.net	372 B
1	clickagy.com 1 redirects aorta.clickagy.com	664 B
1	id5-sync.com id5-sync.com	1 KB
1	a-mo.net prebid.a-mo.net	769 B
1	cloudflare.com cdnjs.cloudflare.com	77 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
1	ezodn.com go.ezodn.com	79 KB
0	bdfugue.com Failed www.bdfugue.com Failed
0	convention.fr Failed www.convention.fr Failed
0	avads.net Failed ads.avads.net Failed
0	adhigh.net Failed px.adhigh.net Failed
0	adsnative.com Failed rudy.adsnative.com Failed
0	advangelists.com Failed nep.advangelists.com Failed
0	semasio.net Failed uipglob.semasio.net Failed
0	technoratimedia.com Failed sync.technoratimedia.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	acuityplatform.com Failed ums.acuityplatform.com Failed
499	106

	Domain	Requested by
63	excel-malin.com	2 redirects excel-malin.com cdn-0.excel-malin.com
35	cm.g.doubleclick.net	20 redirects ap.lijit.com us-u.openx.net rtb.gumgum.com googleads.g.doubleclick.net cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
31	securepubads.g.doubleclick.net	excel-malin.com securepubads.g.doubleclick.net www.googletagservices.com
19	ce.lijit.com	ap.lijit.com us-u.openx.net rtb.gumgum.com ads.pubmatic.com
18	rtb.gumgum.com	ap.lijit.com rtb.gumgum.com ads.pubmatic.com
16	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com s0.2mdn.net excel-malin.com
15	image2.pubmatic.com	1 redirects image6.pubmatic.com ads.pubmatic.com
15	match.prod.bidr.io	15 redirects
15	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
14	cdn-0.excel-malin.com	excel-malin.com cdn-0.excel-malin.com
13	ads.pubmatic.com	go.ezodn.com ap.lijit.com ads.pubmatic.com rtb.gumgum.com excel-malin.com
12	adservice.google.com	excel-malin.com securepubads.g.doubleclick.net
11	s0.2mdn.net	excel-malin.com s0.2mdn.net
11	adservice.google.ch	securepubads.g.doubleclick.net
10	cdn.ampproject.org	securepubads.g.doubleclick.net
10	dsum-sec.casalemedia.com	6 redirects ssum-sec.casalemedia.com googleads.g.doubleclick.net
10	bh.contextweb.com	4 redirects go.ezodn.com bh.contextweb.com
10	ib.adnxs.com	4 redirects go.ezodn.com acdn.adnxs.com
8	match.adsrvr.org	6 redirects us-u.openx.net ssum-sec.casalemedia.com
8	www.google.com	1 redirects excel-malin.com www.gstatic.com www.google.com cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
7	ad4m.at	image6.pubmatic.com ssum-sec.casalemedia.com s1.adform.net ad4m.at
7	pixel-sync.sitescout.com	7 redirects
7	g.ezoic.net	excel-malin.com
6	assets.ad4m.at	as.ad4m.at
6	d5p.de17a.com	6 redirects
6	us-u.openx.net	3 redirects ap.lijit.com us-u.openx.net
6	ap.lijit.com	3 redirects go.ezodn.com ap.lijit.com
5	pixel.onaudience.com	4 redirects ads.pubmatic.com
5	ups.analytics.yahoo.com	4 redirects bh.contextweb.com
5	x.bidswitch.net	5 redirects
5	image6.pubmatic.com	ads.pubmatic.com
5	sync.mathtag.com	5 redirects
5	pixel.quantserve.com	4 redirects
5	pixel.tapad.com	4 redirects bh.contextweb.com
5	sync.1rx.io	5 redirects
5	fonts.gstatic.com	fonts.googleapis.com www.google.com
4	track.adform.net	cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com s1.adform.net
4	www.googletagservices.com	securepubads.g.doubleclick.net cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
4	image4.pubmatic.com	ads.pubmatic.com
4	visitor.fiftyt.com	4 redirects
4	trc.taboola.com	2 redirects bh.contextweb.com
4	sync-tm.everesttech.net	3 redirects ads.pubmatic.com
4	pr-bh.ybp.yahoo.com	2 redirects ads.pubmatic.com
4	c1.adform.net	2 redirects image6.pubmatic.com
4	www.gstatic.com	www.google.com www.gstatic.com
3	simage4.pubmatic.com	ads.pubmatic.com
3	s.yimg.com	pr.ybp.yahoo.com excel-malin.com
3	googleads.g.doubleclick.net	cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com excel-malin.com
3	px.owneriq.net	2 redirects bh.contextweb.com
3	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com bh.contextweb.com
3	mwzeom.zeotap.com	ads.pubmatic.com
3	rtb-csync.smartadserver.com	image6.pubmatic.com bh.contextweb.com
3	ssum-sec.casalemedia.com	1 redirects js-sec.indexww.com ssum-sec.casalemedia.com
3	sync.targeting.unrulymedia.com	3 redirects
3	um.simpli.fi	1 redirects ads.pubmatic.com image6.pubmatic.com
3	cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	fonts.googleapis.com	cdn-0.excel-malin.com securepubads.g.doubleclick.net
3	gum.criteo.com	1 redirects static.criteo.net
2	as.ad4m.at	ad4m.at as.ad4m.at
2	s1.adform.net	track.adform.net s1.adform.net
2	sync.go.sonobi.com	2 redirects
2	googleads4.g.doubleclick.net	excel-malin.com
2	i.liadm.com	2 redirects
2	sync.crwdcntrl.net	2 redirects
2	red.erne.co	2 redirects
2	sync.search.spotxchange.com	1 redirects bh.contextweb.com
2	eb2.3lift.com	1 redirects bh.contextweb.com
2	pixel.advertising.com	2 redirects
2	ads.creative-serving.com	2 redirects
2	pubmatic-match.dotomi.com	ads.pubmatic.com
2	aud.pubmatic.com	ads.pubmatic.com
2	match.taboola.com	image6.pubmatic.com
2	s.tribalfusion.com	image6.pubmatic.com
2	a.tribalfusion.com	2 redirects
2	cm.adgrx.com	image6.pubmatic.com
2	green.erne.co	2 redirects
2	dis.criteo.com	image6.pubmatic.com
2	match.deepintent.com	rtb.gumgum.com ssum-sec.casalemedia.com
2	a.sportradarserving.com	2 redirects
2	eu-u.openx.net	us-u.openx.net
2	ams.creativecdn.com	2 redirects
2	creativecdn.com	2 redirects
2	secure.adnxs.com	2 redirects
2	loadm.exelator.com	2 redirects
2	bcp.crwdcntrl.net	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	p.rfihub.com	2 redirects cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
2	js-sec.indexww.com	go.ezodn.com ssum-sec.casalemedia.com
2	acdn.adnxs.com	go.ezodn.com
2	static.criteo.net	go.ezodn.com static.criteo.net
2	onetag-sys.com	go.ezodn.com
2	mug.criteo.com	excel-malin.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.paypalobjects.com	excel-malin.com
2	go.ezoic.net	excel-malin.com
2	polyfill.io	excel-malin.com
1	spl.zeotap.com	1 redirects
1	cdn.hopps-group.com	as.ad4m.at
1	track.effiliation.com	1 redirects
1	ad4mat.net	ad4m.at
1	cms.quantserve.com	1 redirects
1	match.bnmla.com	image6.pubmatic.com
1	beap-bc.yahoo.com	s.yimg.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	go.ezoic.net
1	aktrack.pubmatic.com	excel-malin.com
1	pr.ybp.yahoo.com	go.ezodn.com
1	cc.adingo.jp	cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	px.ads.linkedin.com	1 redirects
1	dclk-match.dotomi.com	cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
1	public-prod-dspcookiematching.dmxleo.com	bh.contextweb.com
1	i6.liadm.com	bh.contextweb.com
1	demand.trafficroots.com	1 redirects
1	sync.colossusssp.com	bh.contextweb.com
1	match.sync.ad.cpe.dotomi.com	bh.contextweb.com
1	pixel.rubiconproject.com	bh.contextweb.com
1	ads.yieldmo.com	bh.contextweb.com
1	sync.teads.tv	bh.contextweb.com
1	partners.tremorhub.com	bh.contextweb.com
1	match.sharethrough.com	bh.contextweb.com
1	pulsepoint-match.dotomi.com	bh.contextweb.com
1	ad.turn.com	1 redirects
1	tg.socdm.com	1 redirects
1	cs.emxdgt.com	rtb.gumgum.com
1	b1sync.zemanta.com	1 redirects
1	sync.ipredictive.com	1 redirects
1	sync.outbrain.com	1 redirects
1	d.turn.com	1 redirects
1	pixel-eu.rubiconproject.com	1 redirects
1	contextual.media.net	ap.lijit.com
1	aorta.clickagy.com	1 redirects
1	pixel-us-east.rubiconproject.com	1 redirects
1	data.adsrvr.org	ap.lijit.com
1	id5-sync.com	go.ezodn.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	htlb.casalemedia.com	go.ezodn.com
1	bid.contextweb.com	go.ezodn.com
1	hbopenbid.pubmatic.com	go.ezodn.com
1	g2.gumgum.com	go.ezodn.com
1	bidder.criteo.com	go.ezodn.com
1	prebid.a-mo.net	go.ezodn.com
1	cdnjs.cloudflare.com	excel-malin.com
1	maxcdn.bootstrapcdn.com	excel-malin.com
1	www.googletagmanager.com	excel-malin.com
1	go.ezodn.com	excel-malin.com
0	www.bdfugue.com Failed	as.ad4m.at
0	www.convention.fr Failed	as.ad4m.at
0	ads.avads.net Failed	cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
0	px.adhigh.net Failed	cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
0	dsum.casalemedia.com Failed	bh.contextweb.com
0	rudy.adsnative.com Failed	bh.contextweb.com
0	nep.advangelists.com Failed	ssum-sec.casalemedia.com
0	uipglob.semasio.net Failed	ads.pubmatic.com
0	simage2.pubmatic.com Failed	image6.pubmatic.com ads.pubmatic.com bh.contextweb.com
0	sync.technoratimedia.com Failed	rtb.gumgum.com
0	aax-eu.amazon-adsystem.com Failed	ap.lijit.com
0	sync.srv.stackadapt.com Failed	ap.lijit.com rtb.gumgum.com ads.pubmatic.com
0	ums.acuityplatform.com Failed	ap.lijit.com
499	160

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.instagram.com
yahoo.com
www.ezoic.com
fr.jooble.org
www.facebook.com

Subject Issuer	Validity	Valid
excel-malin.com R3	`2021-01-31` - `2021-05-01`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-05` - `2021-08-05`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-09` - `2021-04-17`	a month	crt.sh
*.ezoic.net Amazon	`2021-02-15` - `2022-03-16`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-01-13` - `2022-01-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
ezoic.net R3	`2021-01-23` - `2021-04-23`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.a-mo.net R3	`2021-03-12` - `2021-06-10`	3 months	crt.sh
onetag-sys.com R3	`2021-03-16` - `2021-06-14`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.gumgum.com Amazon	`2020-07-03` - `2021-08-03`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.google.ch GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.id5-sync.com R3	`2020-12-26` - `2021-03-26`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-16` - `2022-03-17`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-10-30` - `2021-04-27`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-22` - `2021-09-15`	6 months	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.sharethrough.com Amazon	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2019-03-20` - `2021-04-21`	2 years	crt.sh
*.tremorhub.com Amazon	`2020-07-25` - `2021-08-25`	a year	crt.sh
teads.tv R3	`2021-02-18` - `2021-05-19`	3 months	crt.sh
*.yieldmo.com Amazon	`2020-06-23` - `2021-07-23`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2020-03-30` - `2022-06-25`	2 years	crt.sh
*.colossusssp.com Go Daddy Secure Certificate Authority - G2	`2020-10-06` - `2021-11-07`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.liadm.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
dspcookiematching.dmxleo.com ZeroSSL RSA Domain Secure Site CA	`2021-02-16` - `2021-05-17`	3 months	crt.sh
h2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-11` - `2021-04-20`	a month	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.adingo.jp DigiCert SHA2 Secure Server CA	`2020-03-26` - `2021-04-15`	a year	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-02-21` - `2021-04-06`	a month	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-02-23` - `2021-05-18`	3 months	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
*.hopps-group.com Sectigo RSA Organization Validation Secure Server CA	`2020-02-11` - `2022-02-26`	2 years	crt.sh
*.onaudience.com Certyfikat SSL	`2020-05-28` - `2021-05-28`	a year	crt.sh

This page contains 77 frames:

Primary Page: https://excel-malin.com/
Frame ID: 07BAC8CA1B335A50F652EE6D0F7B311C
Requests: 180 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&co=aHR0cHM6Ly9leGNlbC1tYWxpbi5jb206NDQz&hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP&size=invisible&cb=gvrt6rcgowp2
Frame ID: 728531B1E3544DDDA5DA81C9A7907781
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 20886A002E5F3BF7834E9C81FCDA9913
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=excel-malin.com
Frame ID: FB46AC5436F7AF8F9EC7DA822A1AC893
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 63BAB9962C8A4C87BB5A1B7550162A61
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 298AE58CA665ED69108FD9422A9678C2
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: 52A5F75B49329A6C5DEF5902B0CB93C8
Requests: 28 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1616421586277
Frame ID: 05B02357996BF7C5F8FAAA4944217457
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7E494168782C4A7D7F7552D8E6F365CF
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Frame ID: 2F264D07C4D431D274D3E1E861525B55
Requests: 23 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 6358AB4E54F651CB2FB7EC954B774AA6
Requests: 25 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: 0F1B9225111E9A5C054B41242C589F46
Requests: 1 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Frame ID: 920C41BEBA066841632F3EA3AD3793F5
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Frame ID: B60CE1FFAC6328EAC5553E0F4F7BC4E1
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Frame ID: E1E70E40FC282953AC28BBB0C9B5E1B8
Requests: 14 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=1&3pid=7049653180921765701&gdpr=0&gdpr_consent=
Frame ID: 482978C296CC0839AF149BDAAB87E98F
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: E763AA16B71A9B745B7083884D02A0BF
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: E2C9497B6D3C290A7A61FD1D93537E9F
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 0E7E72ADD5E0BF85D8C72C7D5C0A4D41
Requests: 25 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=
Frame ID: 204148E1E5E01FB5F6568B99B79585E5
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YFii3QAAAKd8vFLS&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS
Frame ID: 68722B52F3A85B1E68ED5FE36D563F18
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent=&google_tc=
Frame ID: 3B8351B7BB93A917103AE4A94A63A9B0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 671758F69F45EF79EBDED8D97771E519
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=b71ca6c6-056d-4610-acee-48bc5971a7d3&t=1619013589
Frame ID: 0163395B490C4B96BF79350A3603B749
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 1EF40B8C24AEB57E18810A14D5DF99C5
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YFii1sCo5soAACT4slMAAAAA
Frame ID: A3D3D5384568F46EC9D3D7656A7625AD
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=2159827869682617939
Frame ID: 7A6F2584C8C7C69119FA3C71DEA0B3C9
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=8fSsnqf3f9NDC8WJLEVi&pi=gumgum&tc=1
Frame ID: 9A9350B2C42213EF54901995343D6941
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790
Frame ID: 7F5BFB8B26AA1BF1E510720D9F2D0866
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 3989A2A00004AE1A593512B01A06F932
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir
Frame ID: D9F6F2C093046F3F7D8619D421206638
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865619880087
Frame ID: BB8C319AF0960D3BE8BA33EA77EE0E91
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H
Frame ID: 75831713549F08F1E26698D1BED97798
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: BFEEFE1D4FAB00837C2F42F342BDE642
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: A6A3483E125082ACF24973C6E055374B
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: FD8F8773E59680E854665A2C4F3E5CAE
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219
Frame ID: 1C244B5F2D760428AB19091BE4D15CA0
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 7C81EAE6C223903A59EF45F3B041F008
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID}
Frame ID: 58369473CF6F47CC0B503381DBA6F8F0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7DERisSy1Lol605&gdpr=0&gdpr_consent=
Frame ID: 71178AD21C6848ACB9DEBF2698212555
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 3DF39B84B6C2F87E1A98A5A33D5624D9
Requests: 5 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790
Frame ID: 50B9896F3800EA339CD6D4870B02C572
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 9FFCF57E4BE1297BFF701BB9A12928BE
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir
Frame ID: CC91997DD1EB091DC56264577429509B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865620600983
Frame ID: 35068A909C3974AEE0881558E1A93485
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H
Frame ID: 68ED7E60EC72EE925D19BED2FB6D2C6A
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 93D95777681CF91B54A53B763A888BF5
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 2CF1B9D2F454F88F5B5A8A18B6C6F9DB
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 75856F456BFC1E660D1DB897B9898EDF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219
Frame ID: 6877EB3A85B66F287ECA4EA0C74C578C
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: E3165BACC31774088BB0F6F181FF714F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID}
Frame ID: CDFDCBF1EDFC0F3816E9FC31DF563B66
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:60aCtMlp1Lol605&gdpr=0&gdpr_consent=
Frame ID: E1BF3BB0CB68B8BB7AB96AD8C6D7AF6E
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=71&3pid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Frame ID: 0D924EAE7609C71F7BD241967B0B82A3
Requests: 1 HTTP requests in this frame

Frame: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 1F72B09455EEF25E6730CDBDC2D55535
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJKH9ZkBMAE&v=APEucNX1YPtCvzT6vdIfWGQSnf2msucjiAN_LeX7oGJdVEaVwF7yCrjYMy4cox9RSywrtmHFXiy_IbaWuv2eutJwdYFNDEMrAg
Frame ID: 0C184A894B24E983C6415D1DB04ACF44
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E7A61D1AEEE90431376C77EE6BB32FDC
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 41FE2FA0F60E9BA788EAFB921CC6925C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
Frame ID: C33E2F5066BE18D6DC5462A4EFC0C471
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteLj2CUAMAXFO3o3ognneWIibjkXbCDLOLR9320BNQYLXFmsLn5KddwOQiHuK8aGsqLSBvn9S8GsFCI9TK03H9kCvHJZwgtzFmgms4fJfdyF2bVdyNHqz5RhczN-wqI49pTw5-mXe7pxhEoS2T5Ss0OT4H5DspnHV_Js0m8AQzo9cJv8prSnLyWBJhli6eIX27CIPiclGUYzdZ8z20GgBZUt-FSgXfn3dQrAsTDBf6FQLacIKGjqQP8h1AJpeA9x2rubGuf2kgnchXGnN6X-dTeqn4NdIZT66PB2jsq5d0Y_ywhplYhDQ&sig=Cg0ArKJSzJX_hKEZNGTrEAE&urlfix=1&adurl=
Frame ID: E3D026ABEBBDFF4CB258FA4A99AB1C0D
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js
Frame ID: 0113F57C2E5159C21945FA78A6DEAC14
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A5015BE53ADAB260485279FE043E1008
Requests: 4 HTTP requests in this frame

Frame: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=156983&siteId=723170&adId=2975017&adType=10&adServerId=243&kefact=0.047067&kaxefact=0.047067&kadNetFrequecy=0&kadwidth=160&kadheight=600&kadsizeid=10&kltstamp=1616421586&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.048950&dcId=3&tldId=61452684&passback=0&svr=BID22479U&adsver=_2344862218&adsabzcid=0&ekefact=0qJYYCaGAgBQa9wMPT3QU4IEHOxekeXfZU4uuwJjkcZyQGEN&ekaxefact=0qJYYDSGAgDgy2KLdc5Br7e1b2rpxNxfD1zgDbAlvIJZrNXA&ekpbmtpfact=0qJYYECGAgBtCT9PeLqplbgaMTw4eStoJxbnPsAJBkIhsv58&enpp=0qJYYEuGAgCFnBivdS83NGbZIXqLUDo6tN4g7cy5RhmPu4s9&pfi=1&dc=AMS&pubBuyId=30384&crID=3213530&lpu=hoeren-heute.ch&ucrid=16578403963153536840&campaignId=23026&creativeId=0&pctr=0.000000&wDSPByrId=OATH101788000&wDspId=452&wbId=6&wrId=0&wAdvID=1157489&wDspCampId=1516979&isRTB=1&rtbId=24D7ECA5-4223-4FE0-9073-C102A6F68A50&imprId=B060C16A-048A-4590-B4CF-12067EE37AC3&oid=B060C16A-048A-4590-B4CF-12067EE37AC3&cntryId=45&domain=excel-malin.com&pageURL=https%3A%2F%2Fexcel-malin.com%2F&sec=1&pAuSt=3
Frame ID: AD378E18EB3D60520A901095D09A02B7
Requests: 1 HTTP requests in this frame

Frame: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 39C0ADA27C410EF7931071CA577483DB
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 8FFBFD2FFFCF785800088F2D5B69F469
Requests: 11 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 694AE12AE805B9DA4A4962472F18B38E
Requests: 14 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003
Frame ID: 019DE0182E9C01BF5CBBAE6AE2665D8B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F6A640CED6224A48A3040804E06DFA18
Frame ID: 39463090A52B63604C35C31F613BDFAF
Requests: 1 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: 3DCC1A1D33317CAE15558AF961069724
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5464C6832B76E74A8143B251C8308EBA
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 893B451FF91B97B3E889B22E7B9077F1
Requests: 1 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: 36294D50CEEF46F66D6160E9D8A50656
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Frame ID: 4B927F4C765F8F5229F4058886F46740
Requests: 11 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Frame ID: 1885EA8EEDC10880D4C01C25C1DD8AB9
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=pbm&i=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Frame ID: 16023BA307C69E85142523B404B6727C
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Frame ID: 50D79F57D300CB3E46E0A7DA96D89BD4
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/merge?pid=58&3pid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Frame ID: 52D813EEB110839926779CB1B293B35B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://excel-malin.com/ HTTP 301
https://excel-malin.com/domains/excel-malin.com/ HTTP 301
https://excel-malin.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

499
Requests

91 %
HTTPS

33 %
IPv6

106
Domains

160
Subdomains

99
IPs

12
Countries

3558 kB
Transfer

7818 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://www.instagram.com/

Search URL Search Domain Scan URL

URL: https://yahoo.com/

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://fr.jooble.org/emploi-expert-excel
Title: Emploi pour "Expert en Excel"

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ExcelMalin/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://excel-malin.com/ HTTP 301
https://excel-malin.com/domains/excel-malin.com/ HTTP 301
https://excel-malin.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fexcel-malin.com%2F&domain=excel-malin.com&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=QB-vOHxteWJFb3NxSXJLaWprNWdhRU9Ed0JEajN3MlQ5WFpiMGhTSDh2TGl4MWoxeUV1WlJpY2FrZCtkeVdrOXU1UTJEZTJjRHA1dndabmwrZHJZeGQ1eUFGb3U0ek50UzkrcHpFc1FHcWxwandCNE5wUXBjSnNyckozUlpwZWdaS21iOUM2dHMxNDFKZUF1bkNCYzJKUVg3SkpKZDVJcmxzRzcyeHQzbXpMVVZpTXBXRDB6M21sbEdMTS9YRllCVnJBMEVMQnBSaG1LZ1NOTDFWTDZrOXVHMndrRjNTTndKdXBrTTF5ZWFUaitlb01rPXw&cppv=2

Request Chain 120

https://ap.lijit.com/beacon?informer=8711458 HTTP 302
https://ap.lijit.com/beacon?informer=8711458&dnr=1

Request Chain 122

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 123

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 124

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZGQyMTdjMDk0NWRhMGU1OWZiODlhMmFj

Request Chain 126

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=49&3pid=q8c5TvaauFje&ev=1&pid=558511&gdpr_consent=&gdpr=0

Request Chain 127

https://um.simpli.fi/lj_match?r=1616421589536&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=50165B84EC384071BD49338A6E72D25D

Request Chain 128

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=10&3pid=1875819618363947518

Request Chain 129

https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://ce.lijit.com/merge?pid=85&3pid=

Request Chain 130

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=87&3pid=44072faf-417f-4f38-8eeb-a24ad10edff3

Request Chain 131

https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2777209633 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2777209633 HTTP 302
https://sync.1rx.io/usersync/tradedesk/b71ca6c6-056d-4610-acee-48bc5971a7d3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003

Request Chain 133

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=dd217c0945da0e59fb89a2ac/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent= HTTP 302
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=dd217c0945da0e59fb89a2ac/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=5001&3pid=8129521f8a3f2d18ced56a743080b243&gdpr=0&gdpr_consent=

Request Chain 134

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=fmx

Request Chain 135

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=80&3pid=KMKNOHC6-1-JYL7&gdpr=0

Request Chain 136

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent= HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://ce.lijit.com/merge?pid=16&3pid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=

Request Chain 137

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E

Request Chain 138

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=dd217c0945da0e59fb89a2ac&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=3&3pid=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=

Request Chain 139

https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=12&3pid=8302895149037461874&gdpr=0&gdpr_consent=

Request Chain 140

https://aorta.clickagy.com/pixel.gif?ch=185&cm=dd217c0945da0e59fb89a2ac&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed

Request Chain 142

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZGQyMTdjMDk0NWRhMGU1OWZiODlhMmFj HTTP 302
https://ap.lijit.com/dsp/google/reporting

Request Chain 143

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=83&3pid=KMKNOIAW-1B-5I55&gdpr=0

Request Chain 145

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
https://ams.creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1 HTTP 302
https://ce.lijit.com/merge?pid=86&3pid=8fSsnqf3f9NDC8WJLEVi&pi=sovrn&gdpr_consent=&gdpr=0&tc=1

Request Chain 147

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=

Request Chain 150

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=1&3pid=7049653180921765701&gdpr=0&gdpr_consent=

Request Chain 151

https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 156

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=81e26058-a2d5-4900-9437-5d8ef3ac3130

Request Chain 157

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=4caJF7bE2Br6lY5L5caRHuLBiRj6z40XspcqZIk- HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072956&gdpr=0&val=4caJF7bE2Br6lY5L5caRHuLBiRj6z40XspcqZIk-

Request Chain 158

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4412835407363554486

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBzbwqs2qb7xaYPzt6FtojI&google_cver=1

Request Chain 162

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=8302895149037461874

Request Chain 163

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=0768523a-618a-415e-a254-00f29f03667f&ssp=gumgum2 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=2e4bed9e-dc7e-4707-8c07-c96df592e9b3

Request Chain 164

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28v6SmfSriuwhGIXvt-gvellM2GxuRXjd9zQ6Ec2YslPjm_Y3QuTLIfYOvkvbHuz0R%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28v6SmfSriuwhGIXvt-gvellM2GxuRXjd9zQ6Ec2YslPjm_Y3QuTLIfYOvkvbHuz0R%29

Request Chain 165

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=fde5ced5-2ead-03b6-1e5e-c61e3ff7b5c6

Request Chain 167

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-xH1W35pE2pdG0pum1zbr943aJJxDlpW.eXkg~A

Request Chain 168

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=e1956da7-8b16-11eb-941a-699bb1a7e05f

Request Chain 171

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0

Request Chain 172

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4248758891 HTTP 302
https://sync.1rx.io/usersync/tradedesk/b71ca6c6-056d-4610-acee-48bc5971a7d3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003

Request Chain 173

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=6Hz2s1lOTkuF&ev=1&pid=558355

Request Chain 175

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=

Request Chain 176

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=YFii3QAAAKd8vFLS&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent=&google_tc=

Request Chain 179

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=b71ca6c6-056d-4610-acee-48bc5971a7d3&t=1619013589

Request Chain 181

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YFii1sCo5soAACT4slMAAAAA

Request Chain 182

https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
https://rtb.gumgum.com/usersync?b=zet&i=2159827869682617939

Request Chain 183

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://ams.creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=8fSsnqf3f9NDC8WJLEVi&pi=gumgum&tc=1

Request Chain 192

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790

Request Chain 194

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDT3ZFN0FzVVlBQUJCTkwwQVJxUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACOvE7AsUYAABBNL0ARqQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AACOvE7AsUYAABBNL0ARqQ&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir

Request Chain 195

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865619880087

Request Chain 196

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H

Request Chain 198

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 200

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219

Request Chain 201

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 203

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7DERisSy1Lol605&gdpr=0&gdpr_consent=

Request Chain 204

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eTPtOXrmRZOU3YFLJ6QpFQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 207

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7933ED39-7AE6-4593-94DD-814B27A42915&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7933ED39-7AE6-4593-94DD-814B27A42915&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7933ED39-7AE6-4593-94DD-814B27A42915&addseg=31

Request Chain 208

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzkzM0VEMzktN0FFNi00NTkzLTk0REQtODE0QjI3QTQyOTE1&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1

Request Chain 211

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b71ca6c6-056d-4610-acee-48bc5971a7d3

Request Chain 212

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7236353981170428696

Request Chain 213

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:81e26058-a2d5-4900-9437-5d8ef3ac3130&gdpr=0&gdpr_consent=

Request Chain 214

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=

Request Chain 215

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=pubmatic

Request Chain 217

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7933ED39-7AE6-4593-94DD-814B27A42915&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7933ED39-7AE6-4593-94DD-814B27A42915&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-h_kYPIpE2uWVxpySkxA2_CZd8MGf6hQ-~A&gdpr=0&gdpr_consent=

Request Chain 218

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s

Request Chain 219

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YFii3QAAAHBcPyrK HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YFii3QAAAHBcPyrK&gdpr=0&gdpr_consent=&_test=YFii3QAAAHBcPyrK

Request Chain 220

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8248286069948666349&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 221

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:71e3b31c-2cb3-4139-bf81-c488ce138ff1&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 222

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=

Request Chain 224

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA%3D%26piggybackCookie%3D%24UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=7885162345081131483

Request Chain 225

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_2e235821-b706-402b-b0b2-6aeaba7f2b6d

Request Chain 227

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YFii1mL.OFNj-PO9LOX5BQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YFii1dUNIClqNm94vvYZwgAABFMAAAIB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEB4Bl6awAYvT1O10HYg6THY&google_cver=1

Request Chain 229

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YFii1dUNIClqNm94vvYZwgAABFMAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YFii1dUNIClqNm94vvYZwgAABFMAAAIB&dcc=t

Request Chain 232

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8176228475910738413 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8176228475910738413&C=1

Request Chain 236

https://px.owneriq.net/eucm/p/cwc HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fpx.owneriq.net%2ffr%2fepx.gif&uid=Q6697079911177171096&ref=%2Feucm%2Fp%2Fcwc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 237

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=95&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=95&gdpr=0&gdpr_consent= HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%26partner_url%3Dhttps%253A%252F%252Fbh.contextweb.com%252Fbh%252Frtset%253Fdo%253Dadd%2526pid%253D543793%2526ev%253D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%2526gdpr_in_effect%253D0%2526gdpr_consent%253D HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D543793%26ev%3D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%26gdpr_in_effect%3D0%26gdpr_consent%3D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D543793%26ev%3D613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348%26gdpr_in_effect%3D0%26gdpr_consent%3D HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr_in_effect=0&gdpr_consent=

Request Chain 238

https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=eUw1bzdzZXI4Y2k0RE50d0VWUDRBUQ&gdpr=0&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEACJh1OR2hhdWr6nmpYdaoU&google_cver=1

Request Chain 239

https://x.bidswitch.net/sync?ssp=pulsepoint HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pulsepoint&bsw_custom_parameter=2e4bed9e-dc7e-4707-8c07-c96df592e9b3 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pulsepoint&bsw_custom_parameter=2e4bed9e-dc7e-4707-8c07-c96df592e9b3 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=d8696cb0-1bf1-41b5-a8e2-2447ab99e599&ssp=pulsepoint&expires=30&user_group=5&bsw_param=2e4bed9e-dc7e-4707-8c07-c96df592e9b3 HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=2e4bed9e-dc7e-4707-8c07-c96df592e9b3

Request Chain 240

https://pixel.advertising.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent=&apid=UPde834baf-8b16-11eb-b48a-02e98585498e

Request Chain 241

https://eb2.3lift.com/xuid?mid=2636&xuid=CTXX7rlJzs2z&dongle=8bee HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=2636&xuid=CTXX7rlJzs2z&dongle=8bee&gdpr=1&cmp_cs=&us_privacy=

Request Chain 243

https://match.prod.bidr.io/cookie-sync/pp HTTP 303
https://match.prod.bidr.io/cookie-sync/pp?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEMzNFN0FzVVlBQUJIU1JnMW1Wdw&bee_sync_partners=pm%2Csas%2Cpp&bee_sync_current_partner=adx&bee_sync_initiator=pp&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp&bee_sync_current_partner=adx&bee_sync_initiator=pp&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD33E7AsUYAABHSRg1mVw&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpp%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2&_bee_ppp=1 HTTP 303
https://rtb-csync.smartadserver.com/redir

Request Chain 244

https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_cm&google_hm=CTXX7rlJzs2z HTTP 302
https://bh.contextweb.com/bh/rtset?pid=559960&ev=1&google_gid=CAESECAfVuJZpzolj_IYRss8Fmc&google_cver=1

Request Chain 245

https://sync.search.spotxchange.com/partner?adv_id=8185&uid=CTXX7rlJzs2z HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8185&uid=CTXX7rlJzs2z&__user_check__=1&sync_id=dfb66231-8b16-11eb-872d-1e588e901b06

Request Chain 248

https://red.erne.co/pulsepoint/cm HTTP 302
https://pixel.onaudience.com/?mapped=zGbK8V63p6QjzrW8aAGKWg6H&partner=2&redirect=red.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fbh.contextweb.com%252Fbh%252Frtset%253Fdo%253Dadd%2526pid%253D560956%2526ev%253DzGbK8V63p6QjzrW8aAGKWg6H HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fred.erne.co%252Fct%252Fcm%253Fred%253Dhttps%25253A%25252F%25252Fbh.contextweb.com%25252Fbh%25252Frtset%25253Fdo%25253Dadd%252526pid%25253D560956%252526ev%25253DzGbK8V63p6QjzrW8aAGKWg6H HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fred.erne.co%252Fct%252Fcm%253Fred%253Dhttps%25253A%25252F%25252Fbh.contextweb.com%25252Fbh%25252Frtset%25253Fdo%25253Dadd%252526pid%25253D560956%252526ev%25253DzGbK8V63p6QjzrW8aAGKWg6H HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=8129521f8a3f2d18ced56a743080b243&redirect=https%3A%2F%2Fred.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fbh.contextweb.com%252Fbh%252Frtset%253Fdo%253Dadd%2526pid%253D560956%2526ev%253DzGbK8V63p6QjzrW8aAGKWg6H HTTP 302
https://red.erne.co/ct/cm?red=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D560956%26ev%3DzGbK8V63p6QjzrW8aAGKWg6H HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=560956&ev=zGbK8V63p6QjzrW8aAGKWg6H

Request Chain 258

https://demand.trafficroots.com/sync.php?buyer=2228&buyeruid=https://demand.trafficroots.com/sync.php?buyer=2228&buyeruid=CTXX7rlJzs2z HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3263&partner_device_id=CTXX7rlJzs2z

Request Chain 259

https://i.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z HTTP 303
https://i.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z&_li_chk=true&previous_uuid=5db0741161834319bda906836c3d38a5 HTTP 303
https://i6.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z

Request Chain 260

https://x.bidswitch.net/sync?dsp_id=400&user_id=CTXX7rlJzs2z&expires=30&user_group=[NUMERICAL_VALUE] HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2e4bed9e-dc7e-4707-8c07-c96df592e9b3&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 263

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1

Request Chain 265

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b71ca6c6-056d-4610-acee-48bc5971a7d3

Request Chain 266

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790

Request Chain 268

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2498908320531930185

Request Chain 269

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:81e26058-a2d5-4900-9437-5d8ef3ac3130&gdpr=0&gdpr_consent=

Request Chain 270

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=

Request Chain 271

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=51abd0a1-58c8-43c7-b690-3ab72b1839ab&ssp=pubmatic&user_group=1 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2e4bed9e-dc7e-4707-8c07-c96df592e9b3&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 272

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s

Request Chain 273

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDT3ZrN0FzVVlBQUJCTkwwQVJxUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAD33E7AsUYAABHSRg1mVw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAD33E7AsUYAABHSRg1mVw&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir

Request Chain 274

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YFii3QAAAEvxkzoG

Request Chain 275

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2819760768618582509&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 276

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865620600983

Request Chain 277

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:57e27f52-318c-467a-867e-9beebfec02ac&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 278

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=

Request Chain 279

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8302895149037461874

Request Chain 280

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H

Request Chain 282

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_2e235821-b706-402b-b0b2-6aeaba7f2b6d

Request Chain 283

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 285

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219

Request Chain 286

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 288

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:60aCtMlp1Lol605&gdpr=0&gdpr_consent=

Request Chain 290

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3V9Q7WpOQImGCuH4-3FhRQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 293

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&addseg=31

Request Chain 294

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REQ1RjUwRUQtNkE0RS00MDg5LTg2MEEtRTFGOEZCNzE2MTQ1&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 296

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zALNjVVE2uUvf47vCJ3A3tPb6L8mswg-~A&gdpr=0&gdpr_consent=

Request Chain 318

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&C=1

Request Chain 319

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFii1mL.OFNj-PO9LOX5CwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2

Request Chain 332

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEGvMXW0u6lbHr7fwNABbh5k&google_cver=1&google_push=AQvitUISdVYSKtFsnoxgBMBXptFhI21WdQE8esk2SK95egnSF-Lo7ax2xd-GMPdLOxd_Wuqs258qFwLgflJHBbiR2zbpOJD0S0k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUISdVYSKtFsnoxgBMBXptFhI21WdQE8esk2SK95egnSF-Lo7ax2xd-GMPdLOxd_Wuqs258qFwLgflJHBbiR2zbpOJD0S0k

Request Chain 333

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEDftSmwttJmrn2Ycncvn32g&google_cver=1&google_push=AQvitUI1mfCFWWq4MdmS-vu8lvum0RtK9HQStg-0fFxqsg4iiDwTxNg3TvOCYEZVsx4B8j9YYHUV0b6jlZzT1hHv73CGRPC40ThB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUI1mfCFWWq4MdmS-vu8lvum0RtK9HQStg-0fFxqsg4iiDwTxNg3TvOCYEZVsx4B8j9YYHUV0b6jlZzT1hHv73CGRPC40ThB&google_hm=UQgOtv-fQJeoqJbjGdShsGs

Request Chain 334

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOwvBvnquUQOtNdlq3Vh1xs&google_cver=1&google_push=AQvitUKeFTpvHcoyVTMokwgWQqllTPC39p-3GAnRaSAy5tOPiAk4YiZ9HIQZbyNL0niCATWWK9E0xPRAAaIpR0StznBHmyPHjUg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MjQ3Nzg2NTYyMTUxODQ4Nw%3D%3D&google_push=AQvitUKeFTpvHcoyVTMokwgWQqllTPC39p-3GAnRaSAy5tOPiAk4YiZ9HIQZbyNL0niCATWWK9E0xPRAAaIpR0StznBHmyPHjUg

Request Chain 335

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUJKWKsismBhXH795MnW51_j_6zLeJ0STc8mLq8UCQhby3WVzNQWxZtFpE78vDdynIJhXl_QdFzwCnIZ1cvLxAMFoAodl58%26google_hm%3D%5BUID%5D&google_gid=CAESEHfzJi-YW-sGCD2ldthnrqc&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJKWKsismBhXH795MnW51_j_6zLeJ0STc8mLq8UCQhby3WVzNQWxZtFpE78vDdynIJhXl_QdFzwCnIZ1cvLxAMFoAodl58&google_hm=b7afc7a4-6d85-4ccd-9fa2-43ad7a071b56

Request Chain 336

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEOyE8OvOgzm-BLN4ESIAoSQ&google_cver=1&google_push=AQvitULi8avqBNIqxD2HbXfkQCUiPUA7BVytF0-PHOQnnKMrlbDQOVyytx-HjzXTkmO1bEBetRnI6H5-UREnnkgl0OYJL0PNmVo HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitULi8avqBNIqxD2HbXfkQCUiPUA7BVytF0-PHOQnnKMrlbDQOVyytx-HjzXTkmO1bEBetRnI6H5-UREnnkgl0OYJL0PNmVo%26google_hm%3DA7cLIxh1sU7Th-y80fV1Uiw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitULi8avqBNIqxD2HbXfkQCUiPUA7BVytF0-PHOQnnKMrlbDQOVyytx-HjzXTkmO1bEBetRnI6H5-UREnnkgl0OYJL0PNmVo&google_hm=A7cLIxh1sU7Th-y80fV1Uiw

Request Chain 427

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 465

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003&rndcb=2236108450 HTTP 302
https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=adconductor&bsw_custom_parameter=2e4bed9e-dc7e-4707-8c07-c96df592e9b3 HTTP 302
https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=adconductor&expires=10&bsw_param=2e4bed9e-dc7e-4707-8c07-c96df592e9b3 HTTP 302
https://sync.1rx.io/usersync/bidswitch/2e4bed9e-dc7e-4707-8c07-c96df592e9b3?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003

Request Chain 466

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F6A640CED6224A48A3040804E06DFA18

Request Chain 468

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=e1a76f9b-8b16-11eb-a872-d360ab29aa19&gdpr=0&gdpr_consent=

Request Chain 475

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP1fwNQ7AZgShujsIWm4ao4&google_cver=1&google_push=AQvitULbIdamJ_2kmZfuyb_SSlFbfUPZ82aI0h-jzW8371dta_8HlxqI1fKBm60Ydo350U3qglXY2lhDMsBJUunaJ7FjBhbK5L0 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULbIdamJ_2kmZfuyb_SSlFbfUPZ82aI0h-jzW8371dta_8HlxqI1fKBm60Ydo350U3qglXY2lhDMsBJUunaJ7FjBhbK5L0&google_hm=XuiWL0UpFzJwNZzsrG2isw

Request Chain 478

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEEia2_209Z9ZRbpl9csJhVc&google_cver=1&google_push=AQvitULY7iyCGLJOcOacR0u0DbmlrEupphE_-o5MSscW8OAcpJqIdE6YbyGcxKAGNJCxnGC9GJQ2kPaFUG7E15ss15annq2PFbAY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULY7iyCGLJOcOacR0u0DbmlrEupphE_-o5MSscW8OAcpJqIdE6YbyGcxKAGNJCxnGC9GJQ2kPaFUG7E15ss15annq2PFbAY&google_hm=MzI3Mjg0MTg0MDkyNzQ2MTAyNQ%3D%3D

Request Chain 479

https://d5p.de17a.com/cookies/google?google_gid=CAESEOUoUgFcuzZM8-okXkqJkQE&google_cver=1&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEOUoUgFcuzZM8-okXkqJkQE&google_cver=1&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg&google_tc=

Request Chain 480

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUIRkziAK8OhSE0WNMaD9ZBj6boTA2iXof5ne7lfDSQFgd_L2bUpxoHgrO85CF1fwdhVngls_mv6ET6hnOl2Tf-UxR1MPn6d%26google_hm%3D%5BUID%5D&google_gid=CAESEHfzJi-YW-sGCD2ldthnrqc&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUIRkziAK8OhSE0WNMaD9ZBj6boTA2iXof5ne7lfDSQFgd_L2bUpxoHgrO85CF1fwdhVngls_mv6ET6hnOl2Tf-UxR1MPn6d&google_hm=b7afc7a4-6d85-4ccd-9fa2-43ad7a071b56

Request Chain 491

https://track.effiliation.com/servlet/effi.show?id_compteur=22457432&effi_id=oneidPeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3oneid__adf_Awin_Reach01_fr&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.convention.fr/media/effi/pack_300x250.gif?gdpr_consent=&gdpr=0&gdpr_pd=0&

Request Chain 494

https://track.effiliation.com/servlet/effi.show?id_compteur=22414148&effi_id=oneid7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPYoneid__adf_Awin_Reach01_fr&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.bdfugue.com/affili_bd/public/servebanner.php?name=btn-achat-bd-200x65px?gdpr_consent=&gdpr=0&gdpr_pd=0&

Request Chain 497

https://track.effiliation.com/servlet/effi.show?id_compteur=22468912&effi_id=oneidKeDCRfRebkCZVbT5HMHktPtYVAcKtATQzoneid__adf_Awin_Reach01_fr&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://cdn.hopps-group.com/effiliation/1/120x600%20NOUVELLE%20CO%20hiver%2020.jpg?gdpr_consent=&gdpr=0&gdpr_pd=0&

Request Chain 506

https://pixel.onaudience.com/?partner=214&mapped=DD5F50ED-6A4E-4089-860A-E1F8FB716145 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=b71ca6c6-056d-4610-acee-48bc5971a7d3&icm

Request Chain 507

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130

Request Chain 508

https://pixel.onaudience.com/?partner=214&mapped=DD5F50ED-6A4E-4089-860A-E1F8FB716145 HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=614fee6a060ea9e4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da3dd470-3d4d-405f-7c3d-342e66acfd60&reqId=7d2217c5-2c32-41ac-447f-69fa608deae7&zcluid=614fee6a060ea9e4&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEPhXD7ogFb4hz1fYWaHfyJw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da3dd470-3d4d-405f-7c3d-342e66acfd60&reqId=7d2217c5-2c32-41ac-447f-69fa608deae7&zcluid=614fee6a060ea9e4&zdid=1332

Request Chain 510

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130

499 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
excel-malin.com/
Redirect Chain

http://excel-malin.com/
https://excel-malin.com/domains/excel-malin.com/
https://excel-malin.com/

141 KB
32 KB

244ms
243ms

Document
text/html

3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

4056e5ed710eb7c015cd5b8b3b3a0b54c5f29d578eab2f034ee75bb94aebc46f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

:method: GET
:authority: excel-malin.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ezoma_173563=999,999; ezepvv=0; ezovid_173563=488458030; lp_173563=http://excel-malin.com/; ezovuuidtime_173563=1616421585; ezovuuid_173563=0bfad4bc-fbed-4176-6d10-9728eb6477d8; ezCMPCCS=true; ezopvc_173563=2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Mon, 22 Mar 2021 13:59:45 GMT
display: pub_site_sol
expires: Sun, 21 Mar 2021 13:59:45 GMT
pagespeed: off
response: 200
server: nginx/1.16.0
set-cookie: ezoadgid_173563=-1; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC ezoref_173563=; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 15:59:45 UTC ezoab_173563=mod10-c; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 15:59:45 UTC active_template::173563=pub_site.1616421585; Path=/; Domain=excel-malin.com; Expires=Wed, 24 Mar 2021 13:59:45 UTC ezopvc_173563=3; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC ezepvv=997; Path=/; Domain=excel-malin.com; Expires=Tue, 23 Mar 2021 13:59:45 UTC ezovid_173563=488458030; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC lp_173563=http://excel-malin.com/; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC ezovuuidtime_173563=1616421585; Path=/; Domain=excel-malin.com; Expires=Wed, 24 Mar 2021 13:59:45 UTC ezovuuid_173563=0bfad4bc-fbed-4176-6d10-9728eb6477d8; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC ezCMPCCS=true; Path=/; Domain=excel-malin.com; Expires=Tue, 22 Mar 2022 13:59:45 GMT
vary: Accept-Encoding Accept-Encoding,User-Agent
x-ezoic-cdn: Hit ds;mm;219418e46810523fd2c8aa8359bbb54e;2-173563-50;98a0ae5d-4ecb-4f42-65f2-660cae35f73f
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-sol: pub_site

Redirect headers

cache-control: max-age=0, must-revalidate, no-cache, no-store
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Mon, 22 Mar 2021 13:59:45 GMT
display: staticcontent_sol
expires: Sun, 21 Mar 2021 13:59:45 GMT
location: https://excel-malin.com
pagespeed: off
response: 301
server: nginx/1.16.0
set-cookie: ezopvc_173563=2; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC ezepvv=0; Path=/; Domain=excel-malin.com; Expires=Tue, 23 Mar 2021 13:59:45 UTC ezovid_173563=488458030; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC lp_173563=http://excel-malin.com/; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC ezovuuidtime_173563=1616421585; Path=/; Domain=excel-malin.com; Expires=Wed, 24 Mar 2021 13:59:45 UTC ezovuuid_173563=0bfad4bc-fbed-4176-6d10-9728eb6477d8; Path=/; Domain=excel-malin.com; Expires=Mon, 22 Mar 2021 14:29:45 UTC ezCMPCCS=true; Path=/; Domain=excel-malin.com; Expires=Tue, 22 Mar 2022 13:59:45 GMT
vary: Accept-Encoding User-Agent,Origin,Accept-Encoding
x-ezoic-cdn: Hit ds;mm;ff9ed02b21611cc60ce589d8214338f4;2-173563-50;9e83c880-4bdd-4a2a-4ec0-28f91c07d3d5
x-middleton-display: staticcontent_sol
x-middleton-response: 301
x-redirect-by: redirection
x-sol: pub_site
content-length: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
243 B 15ms
14ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 273 KB
79 KB 48ms
29ms Script
application/javascript 2606:4700:e0::ac40:6e26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6e26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 310ec9a0dde43f69803a63d55db44db440d737a0a12caeb043957e66fc4b3826

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 74992
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5pWGGBxt0UW8za61%2BzviVQf%2B9s%2BCaxix5zeYVGAPBPPw%2FSzDZFqPcbgW2h68bE%2BKmGE%2F9E8ZQYfrtUEqDyzBNPvOWWqy02ooJsHWORyHF9IwtrTb7JVBdIo%3D"}],"max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 633ff13dfa4a4dfa-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51abd00004dfad6086000000001

GET
H2 200 boise.js Show response
excel-malin.com/detroitchicago/ 983 B
459 B 39ms
32ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/boise.js?gcb=194-2&cb=1
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 426

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-57437453-1

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa5c7486a8995f8a95ae4c8774b629f892362b19b116d253644ed1cc19e54299

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39131
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Mar 2021 13:59:45 GMT

GET
H2 200 head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css
cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/ 670 KB
150 KB 71ms
27ms Stylesheet
text/css 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acc25eac3c903d09b945dfc213fe0c10931fbde7e4e56c77c8677bf93237f2c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 64461
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51ad9000005f154aa8000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"a5e31-5bdfa6cc23a0f-gzip-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WeGlceVJ%2BTDdMqn7IrnqM6CLMgcXuFo5FyDecgGxeHK3TA3ZWOFUi%2Bomg0igAWnqkykRcAFe%2FiRZ46mqTfmW%2FSF%2FYg7FSGI84r2P%2FpfAWRjimOIPRmqw9d90HPacybRERFo%3D"}]}
content-type: text/css
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13e291605f1-FRA
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 cptch_desktop_style-v641c42c843dd758a9b132d2420d3da08757abcca.css
cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/item/ 1 KB
1 KB 60ms
16ms Stylesheet
text/css 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/item/cptch_desktop_style-v641c42c843dd758a9b132d2420d3da08757abcca.css

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca74e28e92ecead8f6f67e3d66adff96bcbcd5f837bd66c95852059fc20c00c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 22162
x-ezoic-cdn: Hit ds;mm;1b8eb81cfad16239bf9b75a0d1f28f4b;2-173563-50;87f1fd6e-492c-4845-669f-15649503c771
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51ada000005f166150000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"5c5-5bdf895000bbe-gzip-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BYhgmSoSKyd6m2hCAOCMghcRuvgGN5BEwpv6HqA3kQII8hO8s6j89dMcV0gTSH46KkHX4hoQf1uVtM3DxPVz7AQn%2FMcqNyMWv1Xk2%2FbgJIfYj4ZSDrRjSfgTVwmhN1Wh15I%3D"}]}
content-type: text/css
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13e291b05f1-FRA
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.2/css/ 28 KB
6 KB 14ms
13ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.6.2/css/font-awesome.min.css?ver=0.3.7

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5675b0d1ee88db374b1e60e301fda9f0c1d3585f47173468827115fc4e529c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617
age: 1017014
cdn-cachedat: 2021-03-10 20:27:51
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51aae00004e2035b7d000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: f590cab5ce05b01413df893751c8c0e7
cf-ray: 633ff13defbf4e20-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 head-b8a1ae72cf96842d974ef548cd86b85d15108480.js Show response
cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/js/ 187 KB
59 KB 61ms
19ms Script
application/javascript 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/js/head-b8a1ae72cf96842d974ef548cd86b85d15108480.js

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5ea8d4b345807e4893864109a1ad0680883684607a24297dc4cea398b5bb6d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 79151
cf-polished: origSize=192131
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51ada000005f1922b9000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"2ee83-5bdc343f51fd9-gzip-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oHPuPBU8XZIbnFtYyXwvpv2K3zHX2joHUdfd1h9T2vUWe%2BCqD8MiyfCYsqdCOIQXTX3gIhLRQgjuzmPmN2ZU8DAZh7hrR7uYUc82fLQeN%2F79MwG4l8liHHE6i9l7aPhYnUE%3D"}]}
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13e291c05f1-FRA
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H2 200 tc-scripts.min.js Show response
cdn-0.excel-malin.com/wp-content/themes/customizr-pro/assets/front/js/ 113 KB
31 KB 22ms
16ms Script
application/javascript 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/themes/customizr-pro/assets/front/js/tc-scripts.min.js?ver=2.4.3

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe1890672c80b7f1fd15562733afb7c6f7f81d457f94008bf79985c2dcffd926

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 71609
x-ezoic-cdn: Hit ds;dm;f6cf15e855e4f1b2d46eeb9891a130a2;2-173563-50;f6368bbf-b935-462b-61d8-d7a9f3429f59
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51b47000005f14bb23000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"1c3ae-5b90b99e827db-gzip-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qvAscu57IgW2YqMijl%2FlMcwPxZG80ptQxELWku6KVYtGp9YVj0FhACt699JmtDqOl2%2BDZmtbgRIwDDP4qzyBNwrkPIXHHRV0cmCw3JQIxwRUnIxN%2B2BOlrfaeHJICTWCti4%3D"}]}
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13eda5f05f1-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 72 B
560 B 44ms
14ms Script
text/javascript 2a04:4e42::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?version=3.52.1&features=Array.prototype.find%2CCustomEvent%2CElement.prototype.closest%2CElement.prototype.dataset%2CEvent%2CXMLHttpRequest%2CMutationObserver&flags=gated&ver=5.5.3

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 2195884
detected-user-agent: Chrome/89.0.4343
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Wed, 24 Feb 2021 14:13:00 GMT
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 customizr.woff2
excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/customizr/ 4 KB
5 KB 34ms
32ms Font
font/woff2 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/customizr/customizr.woff2?128396981

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

d16e7188d633449ef3846627c426f15de98e0b2f241bdc8358da715062d416ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
etag: "1154-5b90b99e8b093-gzip"
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;mm;51e7e13ea2cd8c044f8cee9119c5f39f;2-173563-50;4f075a10-0575-4312-4c6c-cc91b2a878d5
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400

GET
H2 200 ez-toc-icomoon.woff2
excel-malin.com/wp-content/plugins/easy-table-of-contents/vendor/icomoon/fonts/ 580 B
775 B 40ms
38ms Font
font/woff2 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/plugins/easy-table-of-contents/vendor/icomoon/fonts/ez-toc-icomoon.woff2

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

9a5d04f74cf2a5ac395114c141150def9ea2ec79fa5b06febc02cb396d2c88f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
etag: "244-5bb688e952dff-gzip"
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;mm;c425e3fc379d6d9a4a5c6e5af44b0875;2-173563-50;7eb5d2ea-915f-4f90-4a92-b15cee51f98d
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
content-length: 575
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400

GET
H2 200 fa-solid-900.woff2
excel-malin.com/wp-content/themes/customizr/assets/shared/fonts/fa/webfonts/ 74 KB
75 KB 78ms
76ms Font
font/woff2 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/themes/customizr/assets/shared/fonts/fa/webfonts/fa-solid-900.woff2

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
etag: "12958-5af10a14d9b55-gzip"
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;mm;908247e610a39f884a94ea651013ebf1;2-173563-50;1fdb0707-5d53-4418-5fad-2ef0f8a8faa5
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400

GET
H2 200 forkawesome-webfont.woff2
excel-malin.com/wp-content/plugins/shortcodes-ultimate/includes/fonts/fork-awesome/ 88 KB
88 KB 46ms
45ms Font
font/woff2 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/plugins/shortcodes-ultimate/includes/fonts/fork-awesome/forkawesome-webfont.woff2

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

ec8604d4eade6552031ca2e8d3af9b3a1393bdc11b39dcb8176c41f4e5fb678c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
etag: "16134-5bdc3251767a3-gzip"
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;mm;a68cc2198088eea6f63e22ac7eb8e5a2;2-173563-50;4ba95f0f-2130-402e-58d1-5ce748f145a0
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400

GET
H2 200 fa-brands-400.woff2
excel-malin.com/wp-content/themes/customizr/assets/shared/fonts/fa/webfonts/ 75 KB
75 KB 70ms
69ms Font
font/woff2 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/themes/customizr/assets/shared/fonts/fa/webfonts/fa-brands-400.woff2

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
etag: "12b04-5af10a14d39ad-gzip"
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;mm;5ddde8b6e65c1c6115e7163b2f9f8ed6;2-173563-50;7adb1df1-d122-4de7-42eb-b3e3238fd472
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400

GET
H2 200 cookieconsent.min.js Show response
excel-malin.com/ezoic/ 4 KB
2 KB 27ms
26ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/ezoic/cookieconsent.min.js
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
etag: "11a4-5be017775b200-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 1707
expires: Tue, 22 Mar 2022 13:59:45 GMT

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 35ms
6ms Image
image/png 2600:9000:206f:d200:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d200:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 02:36:22 GMT
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
x-sol: middleton
age: 127403
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
x-amz-cf-id: MiucObBlbz5IfvzoBQELNqi3XckW-40X0VjTMyUdrCHc4_4vvIdDEg==
last-modified: Fri, 12 Mar 2021 17:56:24 GMT
server: nginx/1.16.0
etag: "49d-5bd497273b080-gzip-gzip"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA56-C1
display: staticcontent_sol
expires: Sun, 28 Mar 2021 02:36:22 GMT

GET
H2 200 btn_donateCC_LG.gif
www.paypalobjects.com/fr_FR/BE/i/btn/ 2 KB
2 KB 130ms
32ms Image
image/webp 104.108.64.37
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/fr_FR/BE/i/btn/btn_donateCC_LG.gif

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-64-37.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

1a53ffbc133e6bea67b8da922559a7865ea2e52aa251c2ad351c9810f6551380

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 926
etag: "LKEQgOlQ8qLDU7PKHgIMSrYWwFxkCC4UJhOstM2bP9c"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: private, no-transform, max-age=43200
last-modified: Sun, 07 Feb 2021 08:46:44 GMT
content-length: 1670
server: Akamai Image Manager
expires: Tue, 23 Mar 2021 01:59:45 GMT

GET
H2 200 houston.js Show response
excel-malin.com/detroitchicago/ 3 KB
1 KB 33ms
28ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/houston.js?gcb=2&cb=36
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 08375cebca0d36f2fa3ec9e027a974146af7161553e4319a418d4cee6b38bed7

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1153

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 58 KB
20 KB 99ms
37ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

f24bd9007a64984a1fac394d0ed07ecdf282d143fb22cc331bb2fa8b0a12fd91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "819 / 57 of 1000 / last-modified: 1616411580"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19833
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:45 GMT

GET
H2 200 banger.js Show response
excel-malin.com/porpoiseant/ 50 KB
11 KB 38ms
33ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/banger.js?cb=194-2&bv=13&v=46&PageSpeed=off
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 701d5bff766ede4a292d9410b06f1dd649039b3bd7b30a5df793d97aa06552a7

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000, public
x-robots-tag: noindex
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 memphis.js Show response
excel-malin.com/detroitchicago/ 5 KB
2 KB 31ms
26ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1514

GET
H2 200 minneapolis.js Show response
excel-malin.com/detroitchicago/ 864 B
459 B 30ms
26ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/minneapolis.js?gcb=194-2&cb=3
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 419

GET
H2 200 raleigh.js Show response
excel-malin.com/detroitchicago/ 2 KB
804 B 32ms
28ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/raleigh.js?gcb=194-2&cb=5
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 771

GET
H2 200 tampa.js Show response
excel-malin.com/detroitchicago/ 773 B
440 B 31ms
27ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/tampa.js?gcb=194-2&cb=3
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 407

GET
H2 200 mts_wpshortcodes-v59f25b3c2241cf7724eb556ef56d914ee6da2848.css
cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/item/ 5 KB
2 KB 11ms
10ms Stylesheet
text/css 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/item/mts_wpshortcodes-v59f25b3c2241cf7724eb556ef56d914ee6da2848.css

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b67d60359df409e06ffc171f149e7355ed64922d845862f0dfe43c3ae11e36f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
cf-cache-status: HIT
x-sol: orig
age: 22748
cf-polished: origSize=5443
x-ezoic-cdn: Hit ds;dm;53d43b5c071c6d57b6e84a72632276a0;2-173563-50;9803fa4c-0025-4dea-7d33-9d0e613d0875
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51b10000005f173b17000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"1543-5bdf8a856d996-gzip-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wqlB8Z%2F%2Bbs1oFwFLxutaGPpzsLhfB%2B8XQytzFKotqhjg4Z1Uf7efINbPZUkteGOwm%2BGlLxBWDHnm%2BHLLrMaby4Ca5FRE%2F0HGCRQaMzhET3u0gjxZEyVD%2FkRb%2BCuSraASAtU%3D"}]}
content-type: text/css
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13e89ab05f1-FRA
display: staticcontent_sol, orig_site_sol
cf-bgj: minify

GET
H2 200 ace.js Show response
cdnjs.cloudflare.com/ajax/libs/ace/1.2.3/ 339 KB
77 KB 22ms
15ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ace/1.2.3/ace.js?ver=1.2.3

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cce5fdb60546fe634b9f1d7866552b61c67e6fd6440cd435ebef99ba8d2fa66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4032798
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78803
cf-request-id: 08fbd51b4600009808e02e6000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03cf4-54ad2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pVrtcq6Zqw6W0JGumzAoaBfAnDm4NO8awNvzXMkpT%2BrLz4DFsRJhvMLJw3u4zW2HMfa%2FUnCLQck4QPmBRt7yAKfm61%2FIMKKc7%2FY35bTrYuu2jBu%2FzxdCOH1rLq8WU1WJ5Q%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 633ff13edf469808-FRA
expires: Sat, 12 Mar 2022 13:59:45 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
688 B 22ms
15ms Script
text/javascript 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&ver=3.0

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0e32512897217d08356116d383a123e13b301c823d33c6f44e40c9f5939f9410

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Mon, 22 Mar 2021 13:59:45 GMT

GET
H2 200 body-62088a48f4827f023c982293e61be2708fb5030e.js Show response
cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/js/ 380 KB
114 KB 32ms
26ms Script
application/javascript 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/js/body-62088a48f4827f023c982293e61be2708fb5030e.js

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9e3564d6b477b6c313841b22f61bb5ea1ab7f1bfba1a52b4cbd2987a953328d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 79764
cf-polished: origSize=391517
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51b47000005f18221a000000001
response: 200
last-modified: Sun, 21 Mar 2021 14:19:03 GMT
server: cloudflare
etag: W/"5f95d-5be0ca1901fdd-gzip-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m5YqWw3VQL%2FoFLcES0VQguq9U1nJDyre9BLCnfpJBbXCv9P%2BjWpMfnIAAvDvBtzcnMUOeYyt62tcXgb0J2mJwzjhIiEuG4A2cC5n2R6mjb3Xz7u3gZHQcsgXOQJ1SSA2rcs%3D"}]}
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13eda5d05f1-FRA
display: staticcontent_sol, staticcontent_sol
cf-bgj: minify

GET
H2 200 augusta.js Show response
excel-malin.com/detroitchicago/ 1 KB
627 B 30ms
27ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/augusta.js?cb=9
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e965b21d6a23293b47f5deb510a49b0675f74ee2eeb6dc86c101c33ff921461c

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 594

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-57437453-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 7030
date: Mon, 22 Mar 2021 12:02:35 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Mon, 22 Mar 2021 14:02:35 GMT

GET
H2 200 ezosuigeneris.js Show response
g.ezoic.net/ 555 B
563 B 89ms
30ms Script
text/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigeneris.js?cmb=0
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: d91c08859a904dd7dc44bfdac195e7c8a620b74be69d3b2a483c7e2737b16d9e

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: br
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
etag: 5a478a5b40b3e109808261c954344b7c
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cache-control: max-age=999999, private
content-length: 276
expires: Mon, 29 Apr 2020 21:44:55 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 fa-solid-900.woff2
cdn-0.excel-malin.com/wp-content/plugins/wp-font-awesome/font-awesome/fonts/ 78 KB
80 KB 34ms
13ms Font
font/woff2 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/plugins/wp-font-awesome/font-awesome/fonts/fa-solid-900.woff2

Requested by

Host: cdn-0.excel-malin.com
URL: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 66530
x-ezoic-cdn: Hit ds;mm;e9906fd17f17be6c85ed873bea7bbc8f;2-173563-50;fa29e99d-f1e3-4723-5a6d-7a2274096dd6
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51b5c00002c2a6f13c000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"139ac-5bb68aa5881a0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PQnyUznLbbORAVTNth6YjgxV%2F3ruEmUfCWYKFKJ4L1549oKCXE%2BBxQ%2BGLJH4z2R336PzEHS14i%2FLx1PgpXzgndc5plIouaUl74COSf9WmDKS4h7yNbSrDdwsVirX%2FJmhpCg%3D"}]}
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13effda2c2a-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 customizr.woff2
cdn-0.excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/customizr/ 4 KB
5 KB 40ms
20ms Font
font/woff2 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/customizr/customizr.woff2?128396981

Requested by

Host: cdn-0.excel-malin.com
URL: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d16e7188d633449ef3846627c426f15de98e0b2f241bdc8358da715062d416ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 66530
x-ezoic-cdn: Hit ds;mm;51e7e13ea2cd8c044f8cee9119c5f39f;2-173563-50;4f075a10-0575-4312-4c6c-cc91b2a878d5
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51b5c00002c2a34839000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"1154-5b90b99e8b093-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wBjtB6whMMFU39fLXEmZ8VZPbgZS%2BS3KCsD2vBZiho0mjI%2FAhCicPtgn%2FnrXCG%2FRaw6a9Ox%2FDEox%2Fqm6eZunpAfRlektBCIqWMwbfA4XeG%2ByGUxX%2FQmoA8A6slyDRZ5aPsY%3D"}]}
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff13effe02c2a-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 polyfill.min.js
polyfill.io/v3/ 72 B
122 B 15ms
15ms Other
text/javascript 2a04:4e42::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 2195885
detected-user-agent: Chrome/89.0.4343
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Wed, 24 Feb 2021 14:13:00 GMT
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 302 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 682 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 425 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 780 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 71410de1f37e7f42ef4bc1e8d86672888211c1efb6b97ae0c52eb4e4d05dfd94

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 742 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8b5d59d6004bd8a9c1c6000a0421b32cd360819b7192918d00cef4516f66a2d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 440 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6094c4966b779bf91e2461773e30cb0dc965642321826ba0a54c6ae8dbdf0d89

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
66 B 13ms
13ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=1531357187&t=pageview&_s=1&dl=https%3A%2F%2Fexcel-malin.com%2F&ul=en-us&de=UTF-8&dt=Excel-Malin.com%20-%20Tout%20sur%20Excel%20et%20VBA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1027526990&gjid=2080603956&cid=294583633.1616421586&tid=UA-57437453-1&_gid=1264956076.1616421586&_r=1&did=dNDMyYj&gtm=2ou3a0&z=344650099

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 69ms
22ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fexcel-malin.com%2F&domain=excel-malin.com&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://excel-malin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://excel-malin.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1401
date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fexcel-malin.com%2F&domain=excel-malin.com&cw=1
https://mug.criteo.com/sid?cpp=QB-vOHxteWJFb3NxSXJLaWprNWdhRU9Ed0JEajN3MlQ5WFpiMGhTSDh2TGl4MWoxeUV1WlJpY2FrZCtkeVdrOXU1UTJEZTJjRHA1dndabmwrZHJZeGQ1eUFGb3U0ek50UzkrcHpFc1FHcWxwandCNE5wUXBjSnNyckozUl...

350 B
632 B

104ms
35ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=QB-vOHxteWJFb3NxSXJLaWprNWdhRU9Ed0JEajN3MlQ5WFpiMGhTSDh2TGl4MWoxeUV1WlJpY2FrZCtkeVdrOXU1UTJEZTJjRHA1dndabmwrZHJZeGQ1eUFGb3U0ek50UzkrcHpFc1FHcWxwandCNE5wUXBjSnNyckozUlpwZWdaS21iOUM2dHMxNDFKZUF1bkNCYzJKUVg3SkpKZDVJcmxzRzcyeHQzbXpMVVZpTXBXRDB6M21sbEdMTS9YRllCVnJBMEVMQnBSaG1LZ1NOTDFWTDZrOXVHMndrRjNTTndKdXBrTTF5ZWFUaitlb01rPXw&cppv=2

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

6f78e05f2ec076a0bceffb6c1f779eb9b85e9da4b124c96276eb297157f26fc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Mon, 22 Mar 2021 13:59:45 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2125
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 22 Mar 2021 13:59:45 GMT
location: https://mug.criteo.com/sid?cpp=QB-vOHxteWJFb3NxSXJLaWprNWdhRU9Ed0JEajN3MlQ5WFpiMGhTSDh2TGl4MWoxeUV1WlJpY2FrZCtkeVdrOXU1UTJEZTJjRHA1dndabmwrZHJZeGQ1eUFGb3U0ek50UzkrcHpFc1FHcWxwandCNE5wUXBjSnNyckozUlpwZWdaS21iOUM2dHMxNDFKZUF1bkNCYzJKUVg3SkpKZDVJcmxzRzcyeHQzbXpMVVZpTXBXRDB6M21sbEdMTS9YRllCVnJBMEVMQnBSaG1LZ1NOTDFWTDZrOXVHMndrRjNTTndKdXBrTTF5ZWFUaitlb01rPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1934
content-length: 482
expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
760 B 127ms
52ms XHR
application/json 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.27.0
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 497f104098486aa40cbe596c6b853e9ae856c477375780fc0db5d54d30828274

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 22 Mar 2021 13:59:46 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://excel-malin.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 200 c Show response
prebid.a-mo.net/a/ 781 B
769 B 397ms
136ms XHR
application/json 136.144.59.88
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.59.88 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: b3f416370ba010162cd52dd0f5b86f5becbdf218d75b4ff2ee95576de32d129b

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: gzip
server: envoy
vary: origin, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://excel-malin.com
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
content-length: 339

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
367 B 78ms
27ms XHR
application/json 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://excel-malin.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
145 B 157ms
51ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.27.0&cb=25634358870
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://excel-malin.com
date: Mon, 22 Mar 2021 13:59:45 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 472 B
1 KB 109ms
36ms XHR
application/json 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

34a19a738783f86d5ca6900221c3b34eddd1da37da53b6cea49f6a758833abce

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:46 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.55:80
AN-X-Request-Uuid: 5d48bd59-01f6-454e-831c-2dfdb94c6f4d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://excel-malin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 472
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 428 B
951 B 146ms
55ms XHR
application/json 63.33.123.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?si=20837&pi=3&bf=300x250&schain=1.0%2C1!ezoic.ai%2Cbb590b14ec1a3a8c345545be9d7b8a6d%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fexcel-malin.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%224.27.0%22%7D&ogu=https%3A%2F%2Fexcel-malin.com%2F&ns=9830
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.123.138 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-123-138.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a3a66e5c52016b74e629e487b10918cf680db5fed1f3617f964dbcad05c4ad0d

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: gzip
server: nginx
timing-allow-origin: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://excel-malin.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
715 B 109ms
38ms XHR
application/json 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:46 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.136:80
AN-X-Request-Uuid: 19f1136e-3a85-4d3e-b417-fde726467c89
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://excel-malin.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 8 KB
4 KB 132ms
70ms XHR
application/json 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: b508890fa78d2f2402373b726addab91325eedb62ca66573da0e7d3f71730ddd

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://excel-malin.com
date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: gzip
x-openrtb-version: 2.3
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json

POST
H2 204 ortb Show response
bid.contextweb.com/header/ 0
502 B 396ms
147ms XHR
text/plain 198.148.27.134
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.148.27.134 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
server: envoy
cwdl: 22/4211,22/4211
access-control-allow-origin: https://excel-malin.com
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 29
cw-server: bid-deployment-stage-5

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
525 B 131ms
49ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=305141&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%224101699d4226ad1%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fexcel-malin.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A6%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A6%2C%22ren%22%3Afalse%2C%22version%22%3A%224.27.0%22%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22ezoic.ai%22%2C%22sid%22%3A%22bb590b14ec1a3a8c345545be9d7b8a6d%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%224255779ef77c64b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2243e6a115657e799%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%224496f9ae4a5ef81%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305146%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2245bc05ff98baf97%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305137%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2246b00f9b35e7bf6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305136%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2247f4bd13f16ee2e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305140%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2c665b7528228b2f3709351d2cf93ebf8670ae51508347170642a576010623ba

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CH], RC:[ZH], CN:[EU], CIP:[185.156.175.107], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
access-control-allow-origin: https://excel-malin.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 45
x-ak-client-geo: 12
expires: Mon, 22 Mar 2021 13:59:46 GMT

GET
H2 200 rochester.js Show response
excel-malin.com/detroitchicago/ 3 KB
951 B 26ms
25ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/rochester.js?gcb=194-2&cb=5
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 64be3875a16cd57d662be94d9401706fe6425b88d9eb158a4d095167d0f2547c

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 895

GET
H2 200 ezosuigenerisc.js Show response
g.ezoic.net/ 0
77 B 30ms
29ms Script
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigenerisc.js?nogen=1&cmb=0
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
cache-control: max-age=300, private
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 nmash.js
excel-malin.com/porpoiseant/ 33 KB
9 KB 30ms
30ms Other
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/nmash.js?v=13
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
etag: "854d-5be017775b200;5be017775b200-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
85 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-57437453-1&cid=294583633.1616421586&jid=1027526990&gjid=2080603956&_gid=1264956076.1616421586&_u=IEBAAUAAAAAAAC~&z=921399535

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 22 Mar 2021 13:59:46 GMT
content-type: text/plain
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fa-brands-400.woff2
cdn-0.excel-malin.com/wp-content/plugins/wp-font-awesome/font-awesome/fonts/ 77 KB
77 KB 13ms
12ms Font
font/woff2 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-0.excel-malin.com/wp-content/plugins/wp-font-awesome/font-awesome/fonts/fa-brands-400.woff2

Requested by

Host: cdn-0.excel-malin.com
URL: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/css/head-96041cdf910cf3954b6213a327aa1f2ad5b16ce5.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 66531
x-ezoic-cdn: Hit ds;mm;9b3b59bb584e849674bdcb498d8eeebe;2-173563-50;2a086627-26e9-4dac-54e3-124f1dba014b
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51c9c00002c2a77b6a000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"1327c-5bb68aa5827c8-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=u8rS3pK1rqoeEvWGTZq%2FtvXUHGVProO9RJKw3%2BDQZWUPmPs5LqFui9%2FKPqllF3MkJZ2noCIjY%2FGGj7i%2FgvvzmoF5tYfmnIOuDsfdMiyTte1snEsIJyCBT5qZMpY1N%2BrsSXI%3D"}]}
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff140fab32c2a-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/ 331 KB
130 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6fcdd11c229160158b2399cfc0524bd1712b0b24e86e9d3432e5eec78d9e518

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:42:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1045
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132685
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 04:05:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Mar 2022 13:42:21 GMT

GET
H2 200 logo13.png
cdn-0.excel-malin.com/wp-content/uploads/2014/09/ 5 KB
6 KB 11ms
10ms Image
image/png 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-0.excel-malin.com/wp-content/uploads/2014/09/logo13.png

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

848625b8b958c19741dac848a6de9123ace358e5c36a8231eb9d43c88eaacb6a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 419617
x-ezoic-cdn: Hit ds;mm;0882ca3a1f26753adc16f2e73ee2ef90;2-173563-50;52e2a8c5-cd21-406f-714f-2d744b6d5b29
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51d0e000005f12888a000000001
response: 200
last-modified: Fri, 12 Mar 2021 17:56:24 GMT
server: cloudflare
etag: W/"1447-59dc14258b4e4-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mXktkrIQ2gCEtaLM%2BWesf7CyxjKLRwbqE253XXmWLtpeZOOKf2PVSSsY2JTi0qvRSpnsuK2IqOKITCQOipbg9eQfWzHyJOaPReJy9CG70hUr%2Bp6AIXHv80SGJm3VNgFEEeM%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff141bede05f1-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 anchorfix.js Show response
excel-malin.com/ezoic/ 879 B
456 B 28ms
27ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/ezoic/anchorfix.js?cb=194-2
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex, noindex
content-length: 383
expires: Tue, 22 Mar 2022 13:59:46 GMT

GET
H2 200 edmonton.webp Show response
excel-malin.com/detroitchicago/ 14 KB
4 KB 28ms
26ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/edmonton.webp?a=a&cb=194-2&shcb=34
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
x-robots-tag: noindex
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 jellyfish.webp Show response
excel-malin.com/porpoiseant/ 58 KB
11 KB 68ms
66ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/jellyfish.webp?a=a&cb=194-2&shcb=34
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
x-robots-tag: noindex
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 vitals.js Show response
excel-malin.com/tardisrocinante/ 4 KB
2 KB 28ms
27ms Script
application/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/tardisrocinante/vitals.js?gcb=2&cb=3
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 633411252cd3723532e0cb3c8c4214863de95cb26997c7ff3273aaf8f55d0d2a

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1657

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d7cd639c89358f19d898c0f407c362e22f9f3efb8f419bb35ede15d184daa71

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 css
fonts.googleapis.com/ 2 KB
666 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans&display=swap

Requested by

Host: cdn-0.excel-malin.com
URL: https://cdn-0.excel-malin.com/wp-content/themes/customizr-pro/assets/front/js/tc-scripts.min.js?ver=2.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5adcaeab7eb8cad07c7dc37d21a84aa09dc3b4d24ee14d9c80d8550b45b96450

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 12:42:55 GMT
server: ESF
date: Mon, 22 Mar 2021 13:59:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Mar 2021 13:59:46 GMT

GET
H2 200 Excel_liste_des_fonctions.png
cdn-0.excel-malin.com/wp-content/uploads/2015/01/ 17 KB
18 KB 15ms
13ms Image
image/png 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-0.excel-malin.com/wp-content/uploads/2015/01/Excel_liste_des_fonctions.png

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

940345062aebbc7e948f704d1bcf67ff0a17123e873b6302926801783c40a6d2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 73094
x-ezoic-cdn: Hit ds;dm;6f826acfed364c886ea9d187a86094a1;2-173563-50;30149549-4060-4419-6add-a06cd57325a1
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51d59000005f19e09d000000001
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: cloudflare
etag: W/"44d8-59dc12e48f71d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2Fn4aufMzJi2UmEMGnKkAhkAS0EJfBNHB8gQWxMMtnu%2Bihr8n3RFoGmmLYeNrgPPlIB%2BkdI7P%2FvzMHFWur6kTEkF635j4c5mPlvy3bVWrwsNMB85ddtwMRhwfQBqjDvA3lA%3D"}]}
content-type: image/png
cache-control: public, max-age=604800
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff1422fd105f1-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 code_source_blanc.jpg
cdn-0.excel-malin.com/wp-content/uploads/2014/11/ 10 KB
10 KB 14ms
12ms Image
image/jpeg 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-0.excel-malin.com/wp-content/uploads/2014/11/code_source_blanc.jpg

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc32433c2b6596cd473a96cb0696d4c1fea096cd8b6ab98fe76ca543e43cf79e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 414242
x-ezoic-cdn: Hit ds;mm;4a1f2013dcc4782fee7362c0ffa05f81;2-173563-50;9aefa50f-15b9-40c7-467d-e3eff5b4c98f
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51d59000005f1323ab000000001
response: 200
last-modified: Fri, 12 Mar 2021 17:56:24 GMT
server: cloudflare
etag: W/"27f4-59dc137509473-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aQwzyu2Gstl4fVXmQgUdblOMw66IoAeLVwKUoCTXgLBfouTor6j9nZzr6xJQXHEneRIYMlgBjZ41a6EORfExbNXDO%2BIh4%2BUjT0ypA4HZbBytjBy1QUdDVf9zLunYxx21PAs%3D"}]}
content-type: image/jpeg
cache-control: public, max-age=604800
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff1422fd305f1-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 Calendrier_mensuel_Excel-300x203.jpg
cdn-0.excel-malin.com/wp-content/uploads/2016/09/ 6 KB
7 KB 16ms
15ms Image
image/jpeg 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-0.excel-malin.com/wp-content/uploads/2016/09/Calendrier_mensuel_Excel-300x203.jpg

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d6f63573f232a1d4afe849ad6ef2d278dc1404e51bd6675579b4b6f0a2975c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 321598
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd51d5a000005f15b987000000001
response: 200
last-modified: Fri, 12 Mar 2021 17:56:24 GMT
server: cloudflare
etag: W/"1930-55366ebdc19d6-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RRknyfs9ilhZrftF6DlkzhE8qEnnxru4sknu%2FMAblyPzvQ%2FpXAkT78GPHB12IQEvyiyl2FEcK%2BG2Z7D9asbNvfb9fpQE6kBsu%2BJfcb4Z9L%2FYwweO%2B7TMc3vidQR%2F17QcAFU%3D"}]}
content-type: image/jpeg
cache-control: public, max-age=604800
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff1422fd405f1-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
104 B 25ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoidW5pdmVyc2FsX3VzZXJfaWQiLCJ2YWwiOiI1YTQ3OGE1YjQwYjNlMTA5ODA4MjYxYzk1NDM0NGI3YyJ9XX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:45 UTC

GET
H3-Q050 200 pubads_impl_2021031601.js Show response
securepubads.g.doubleclick.net/gpt/ 285 KB
100 KB 92ms
46ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Mar 2021 08:39:28 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 102421
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:46 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 120ms
39ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 974
date: Mon, 22 Mar 2021 13:59:45 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 imp.gif Show response
excel-malin.com/detroitchicago/ 43 B
128 B 28ms
26ms XHR
image/gif 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A3%2C%22ad_load_version%22%3A0%2C%22ad_location_ids%22%3A%226%2C5%2C34%2C1%2C0%2C4%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A4%2C%22city%22%3A%22Zurich%22%2C%22country%22%3A%22CH%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A173563%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221006%2C1100%2C1133%2C1134%2C1135%2C1143%22%2C%22page_view_count%22%3A2%2C%22page_view_id%22%3A%223881ebff-3984-4d59-6b97-6dfc18627d02%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%228010%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A85328%2C%22response_time_orig%22%3A5%2C%22serverid%22%3A%2218.156.6.107%3A12471%22%2C%22state%22%3A%22ZH%22%2C%22sub_page_ad_positions%22%3A%221006%2C1100%2C1133%2C1134%2C1135%2C1143%22%2C%22t_epoch%22%3A1616421585%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fexcel-malin.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A979%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://excel-malin.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 02:04:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 388537
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Fri, 18 Mar 2022 02:04:09 GMT

GET
H3-Q050 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 7285 19 KB
10 KB 25ms
25ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&co=aHR0cHM6Ly9leGNlbC1tYWxpbi5jb206NDQz&hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP&size=invisible&cb=gvrt6rcgowp2

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3fd7f0b687efb0f9dceb10559569e219ea7bd3ec4900a5668902155c41ce455b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-t9CPP3jc6otCqrE8Zj2BAw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&co=aHR0cHM6Ly9leGNlbC1tYWxpbi5jb206NDQz&hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP&size=invisible&cb=gvrt6rcgowp2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://excel-malin.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 22 Mar 2021 13:59:46 GMT
content-security-policy: script-src 'report-sample' 'nonce-t9CPP3jc6otCqrE8Zj2BAw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10085
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
42 B 25ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiZG9tYWluX2lkIjoiMTczNTYzIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMjIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInRfZXBvY2giOjE2MTY0MjE1ODUsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInRfZXBvY2giOjE2MTY0MjE1ODUsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:46 UTC

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
799 B 36ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 46ms
30ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 457 B
737 B 535ms
534ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=930421130088129&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D710166%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1133%26sap%3D1133%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dexcel_malin_com-box-2-710166%26eb_br%3D45a351e981f435b4c20fafca8a5d741c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D600%26br2%3D300%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1616421586&dt=1616421586505&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=97&adks=2276015470&ucis=1&ifi=1&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90&msz=728x90&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

a24769ce0c44e74c397a4f6a709638d5e25728e1dcbea999168c8288fad600c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:47 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 62ms
14ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 28ms
6ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
278 B 1135ms
1134ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=930421130088129&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C125x125&fluid=height&prev_scp=iid8%3D721116%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1135%26sap%3D1135%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dexcel_malin_com-box-1-721116%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D1200%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%252C14%252C28%252C4%252C51%252C0%252C88%252C0%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1616421586&dt=1616421586512&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=790&adks=2931237426&ucis=2&ifi=2&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

f05c2d2e10234a842da3ffd8e9309fc6ce05056e3e9ea85f7607791b858d407f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:47 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 477 B
321 B 1817ms
1815ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=930421130088129&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C180x150%7C234x60%7C300x1050%7C300x250%7C250x250%7C200x200%7C125x125%7C300x600%7C120x600%7C120x240&fluid=height&prev_scp=iid7%3D685266%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1143%26sap%3D1143%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dexcel_malin_com-large-billboard-2-685266%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D4%26bvr%3D5%26shp%3D2%26ftsn%3D3%26br1%3D1000%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1616421586&dt=1616421586515&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2475&adks=4002535631&ucis=3&ifi=3&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

70b2efddfdc17c18b9e246d323323552ec4b7474d7cf393bebc621ff8ee8b2c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 263
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 467 B
288 B 888ms
887ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=930421130088129&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D1300%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1616421586&dt=1616421586517&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=4779&adks=2801874487&ucis=4&ifi=4&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

28d349faf9db6a6d67ecad9bef969b751cbb2ca0a741f20e6156bbb28f457a0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:47 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 466 B
284 B 1374ms
1374ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=930421130088129&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid8%3D725166%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1100%26sap%3D1100%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-2-725166%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D3%26bvr%3D2%26shp%3D1%26ftsn%3D3%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%252C14%252C28%252C4%252C51%252C0%252C88%252C0%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1616421586&dt=1616421586520&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1104&adks=1944177510&ucis=5&ifi=5&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

b605039e0347485d32a6309e030417ee7c506858fa123751bbe8d7fc0e2132cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:47 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/ Frame 7285 50 KB
25 KB 8ms
8ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&co=aHR0cHM6Ly9leGNlbC1tYWxpbi5jb206NDQz&hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP&size=invisible&cb=gvrt6rcgowp2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:42:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 04:05:18 GMT
server: sffe
age: 1044
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Tue, 22 Mar 2022 13:42:22 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/ Frame 7285 331 KB
130 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/recaptcha__en.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6fcdd11c229160158b2399cfc0524bd1712b0b24e86e9d3432e5eec78d9e518

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:42:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1045
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132685
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 04:05:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Mar 2022 13:42:21 GMT

GET
H2 200 pixel.gif
www.paypalobjects.com/fr_FR/i/scr/ 42 B
290 B 31ms
31ms Image
image/gif 104.108.64.37
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/fr_FR/i/scr/pixel.gif

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.108.64.37 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-108-64-37.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 02 Feb 2021 01:37:41 GMT
server: Akamai Image Manager
etag: "dNSbNMYiK1Q98dwxkre+GOK5+qX2pefyT9A/BaBsoeM"
strict-transport-security: max-age=31536000
content-type: image/gif
cache-control: private, no-transform, max-age=43200
content-length: 42
expires: Tue, 23 Mar 2021 01:59:46 GMT

GET
H3-Q050 200 zfNYw6aEUKinKD6R_krurCbR1XjodxrQWHYuXACoA4s.js Show response
www.google.com/js/bg/ Frame 7285 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/zfNYw6aEUKinKD6R_krurCbR1XjodxrQWHYuXACoA4s.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdf358c3a68450a8a7283e91fe4aeeac26d1d578e8771ad058762e5c00a8038b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&co=aHR0cHM6Ly9leGNlbC1tYWxpbi5jb206NDQz&hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP&size=invisible&cb=gvrt6rcgowp2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 15:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 08 Mar 2021 18:00:00 GMT
server: sffe
age: 80083
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5755
x-xss-protection: 0
expires: Mon, 21 Mar 2022 15:45:03 GMT

GET
H2 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 7285 2 KB
2 KB 8ms
6ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/styles__ltr.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 16 Mar 2021 16:01:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 511079
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Tue, 23 Mar 2021 16:01:47 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7285 15 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 19:41:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 325101
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Fri, 18 Mar 2022 19:41:25 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7285 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 17 Mar 2021 19:40:13 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 411573
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
expires: Thu, 17 Mar 2022 19:40:13 GMT

GET
H3-Q050 200 webworker.js
www.google.com/recaptcha/api2/ Frame 7285 102 B
195 B 17ms
16ms Other
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9c2464add3c699d2be6d7ec889eed8d56ff71327ce4fc9e43955cea79b117fce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&co=aHR0cHM6Ly9leGNlbC1tYWxpbi5jb206NDQz&hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP&size=invisible&cb=gvrt6rcgowp2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Mon, 22 Mar 2021 13:59:46 GMT

GET
H2 200 dark-bottom.css
excel-malin.com/ezoic/styles/ 3 KB
787 B 31ms
27ms Stylesheet
text/css 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/ezoic/styles/dark-bottom.css
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/ezoic/cookieconsent.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: br
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
etag: "bd7-5be017775b200-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 725

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
19 B 27ms
26ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInRfZXBvY2giOjE2MTY0MjE1ODUsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjI0OSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiNDkzIn0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiIyNSJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiI1OTkifSx7Im5hbWUiOiJwZXJmX2NvbnRlbnRsb2FkZWQiLCJ2YWwiOiI2NjEifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMTMxNiJ9XX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:46 UTC

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
19 B 27ms
26ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiI3MTYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjcxNiJ9XX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:46 UTC

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
19 B 27ms
26ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiZG9tYWluX2lkIjoiMTczNTYzIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiI5LjYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:46 UTC

POST
H3-Q050 200 reload Show response
www.google.com/recaptcha/api2/ Frame 7285 9 KB
7 KB 45ms
45ms XHR
application/json 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f02c0f14ee5c8b096d499d906aa4675a6c5e2230e437b393237a56bdac34301c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfQCo4UAAAAAKWBV3zoooRT-LzKsLrxXPkKzxEs&co=aHR0cHM6Ly9leGNlbC1tYWxpbi5jb206NDQz&hl=en&v=6g5J7UfDQ9mLrweZHj04ekSP&size=invisible&cb=gvrt6rcgowp2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Mon, 22 Mar 2021 13:59:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6750
x-xss-protection: 1; mode=block
expires: Mon, 22 Mar 2021 13:59:46 GMT

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
65 B 25ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjE0ODcifV19XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:47 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:47 UTC

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 43ms
23ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021031601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8bfd448cdfd4d63a2df6c5a1f8be353bb5bfa4ab185fb3001419098dadb01d57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6612
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:47 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 2088 12 KB
5 KB 34ms
20ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://excel-malin.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Mon, 22 Mar 2021 13:18:09 GMT
expires: Tue, 22 Mar 2022 13:18:09 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2498
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 2088 14 KB
6 KB 35ms
20ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 19:13:29 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 67578
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Mon, 21 Mar 2022 19:13:29 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
224 B 41ms
41ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021031601&jk=3742499458100066&bg=!dnWldTHNAAbUo7L91KM7ACkAdvg8WhYZ7U2GRQ5ar0KRpaCJXzECVCTCZCOQD41rRqb7-I0D38JbPQIAAAB6UgAAAA1oAQcKASPL9S8jSaXxo-iUPImdBL2YJy-KlfC8GlQHgQHRoRrbseApo0hl-f3jfIKmhQ5RiTmE_owN7BaNFhReeGpi35QII00wFG91PHVFP6H-pZZ2Yn4MZ6Vh82mSojLjbQAd7bvAQRVQdE9E1vEQBCRAWBZoe3DkrU6YNgMGssOUFqwVlGWWJzO7rxRhI7WVEKJrAZtKGo7n0ZTZxW9N4opeF8UAIcLulX1JO-0oMxQaZ1gI7_OB6LH05dBixeixSvZkYUosgZFdlPePBCG-nhGt9LwCmPm9vcakxbPCSwY69V41qPVVwlm29POkSr-Fnyto4KlPmGV4uXymvyNnbnboAwANd-cgJf29OJUY1U2LdAOKDlVyRHBK2cWMsqRQvRsM2MWlaPCZAeHM6kduz_i1XjlU2AoZP6Ci4eHL-YnlJ_mPA9GnWB4iZA49t61pGbjxL-cqxXQmHkLap8aGfmaYQiLZDuUraXRiZNSe_7zhjuMRbkO1wZnREArIQy8EscSqyZKp40jzP0_HAQItB4wM9XNEkc2Ui-WHvClqWI-L_rAkpMQ8eZiRIRc8_WSbKg6R8Usi9nMD-6EywATYRXSO5BLt_36JZihdy12WZ5taV_WpKXyb_N8xCl-N4h-S7NEJ1FtLDuex0leydOafY88REwluA8CCKSqdiz0To58rvLeqwmyDiK1EqyMQWmBmjf0YdtRKTep7zghOyxsFVsZZifh5iY_WVRBfySrUcdQx4HSTjcf5omWkHlznCsGVlLocr9-q66Tus_wyTzquWTSgvAQ84UZNaucUQ80SC6SimSh6Pxm_g-sB-2fu8frpSevxMLMPPWyzaJaFkoQ4GW8SHWWy2wtBVlXrMqkPGl2zRgDXcJdyy4khshs_610is5s8D8OT7IS5yhhFflaQQoWbaGu0sDgjad5_jy0wb-XODxm_puGUvZUFRe-GRPrrJgc7XgELwh8wALgGVuDzMBIrQ2pa-vqWdbRzAFEDCtXrA5kVOpvs5tJKE8McSEseG-l7g6LcO2aRfZED

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Liste_des_Fonctions_Excel-par-Excel-Malin_apercu.jpg
cdn-0.excel-malin.com/wp-content/uploads/2019/10/ 38 KB
38 KB 11ms
10ms Image
image/jpeg 2606:4700:3033::ac43:cd64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-0.excel-malin.com/wp-content/uploads/2019/10/Liste_des_Fonctions_Excel-par-Excel-Malin_apercu.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:cd64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a768f6d90b2d960b06730c524d45ef934afde321bb8d3480453066e7ebd62275

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:47 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 419618
x-ezoic-cdn: Hit ds;dm;2123e4b9641cdbd81631fdde6ba34329;2-173563-50;bbc3477e-9643-4149-7db6-83286b941973
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd523f5000005f1552d2000000001
response: 200
last-modified: Fri, 12 Mar 2021 17:56:24 GMT
server: cloudflare
etag: W/"969c-595a765f122c6-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1U8p3Eep8FG%2BL%2F7uCiPLHZIRV%2BjeJ6fyDbh6aYzhgT0DOaFeAqDkuwOzPjKnpkOnC66V85ULUqInW2vK1sdjRU4zGZwHHVl07oPD2e%2BeOkVBBZ8FRraioAUJXGyblsJLr5E%3D"}]}
content-type: image/jpeg
cache-control: public, max-age=604800
content-security-policy: upgrade-insecure-requests;
cf-ray: 633ff14cb8ee05f1-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 71ms
25ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Tue, 23 Mar 2021 13:59:49 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame FB46 0
150 B 29ms
28ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=excel-malin.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=excel-malin.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://excel-malin.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 2130
date: Mon, 22 Mar 2021 13:59:48 GMT
content-length: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 91ms
43ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Tue, 23 Mar 2021 13:59:49 GMT

GET
H2 200 fontawesome-all.min.css
excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/css/ 56 KB
12 KB 37ms
36ms Stylesheet
text/css 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/css/fontawesome-all.min.css?2.4.3

Requested by

Host: cdn-0.excel-malin.com
URL: https://cdn-0.excel-malin.com/wp-content/themes/customizr-pro/assets/front/js/tc-scripts.min.js?ver=2.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

493cc3a1405ee478331433b65e47222faee874aef6d82558d71c14f5babfb78e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
display: staticcontent_sol, orig_site_sol
etag: "e0a6-5b90b99e90683-gzip-gzip"
x-ezoic-cdn: Hit ds;mm;50d44a753c631d506245b97bdc072328;2-173563-50;ee234aba-65b4-4709-6af1-5bc839d62776
content-type: text/css
x-middleton-display: staticcontent_sol, orig_site_sol
cache-control: public, max-age=86400
date: Mon, 22 Mar 2021 13:59:49 GMT
x-middleton-response: 200
x-sol: orig

GET
H2 200 fa-solid-900.woff2
excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/webfonts/ 74 KB
75 KB 50ms
50ms Font
font/woff2 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/webfonts/fa-solid-900.woff2?v=5.12.1

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/css/fontawesome-all.min.css?2.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/css/fontawesome-all.min.css?2.4.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
etag: "12958-5b90b99ea1bdb-gzip"
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;mm;bac34f7ac8b76ca758283688063df32b;2-173563-50;85c540e6-0a7e-4fba-6612-4f918934c154
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
date: Mon, 22 Mar 2021 13:59:49 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400

GET
H2 200 fa-brands-400.woff2
excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/webfonts/ 75 KB
75 KB 96ms
96ms Font
font/woff2 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/webfonts/fa-brands-400.woff2?v=5.12.1

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/css/fontawesome-all.min.css?2.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Origin: https://excel-malin.com
Referer: https://excel-malin.com/wp-content/themes/customizr-pro/assets/shared/fonts/fa/css/fontawesome-all.min.css?2.4.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
etag: "12b04-5b90b99e9be1b-gzip"
display: staticcontent_sol, staticcontent_sol
x-ezoic-cdn: Hit ds;mm;7937bd265b79bdbbd48f7381a90009b8;2-173563-50;a8a406c2-8229-4e9e-51e1-bb00b6204bd1
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-max-age: 1728000
x-middleton-response: 200
response: 200
last-modified: Sun, 21 Mar 2021 00:59:52 GMT
server: nginx/1.16.0
date: Mon, 22 Mar 2021 13:59:49 GMT
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://excel-malin.com
cache-control: public, max-age=86400

POST
H/1.1 200 457.json Show response
id5-sync.com/g/v2/ 345 B
1 KB 118ms
39ms XHR
application/json 54.36.109.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/457.json

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.155 , France, ASN16276 (OVH, FR),

Reverse DNS

p05.id5-sync.com

Software

Resource Hash

6813557063fbc6bcc884cdaa719c37ebe38e56bc8038c863c016a070aad138f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 22 Mar 2021 13:59:49 GMT
Vary: Origin
P3P: CP="CAO PSA OUR"
Access-Control-Allow-Origin: https://excel-malin.com
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 63BA 52 KB
17 KB 76ms
24ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://excel-malin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 19 Mar 2021 05:51:11 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 22 Mar 2021 13:59:49 GMT
Age: 29312
X-Served-By: cache-lga21976-LGA, cache-hhn4058-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 2, 506611
X-Timer: S1616421590.533507,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 298A 2 KB
1 KB 87ms
31ms Document
text/html 184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://excel-malin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 22 Mar 2021 13:59:49 GMT
Content-Length: 1151
Connection: keep-alive

GET
H2 200 visitormatch Show response
bh.contextweb.com/ Frame 52A5 4 KB
4 KB 375ms
127ms Document
text/html 198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL

https://bh.contextweb.com/visitormatch

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

35eeb78bb6ce7a8a764cf9535eb83cff528683c5ca158bcab7d9959fdb26a22f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: bh.contextweb.com
:scheme: https
:path: /visitormatch
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://excel-malin.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-568ff9c7d-xkfrj
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
set-cookie: V=CTXX7rlJzs2z;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Thu, 17-Mar-2022 13:59:49 GMT;Max-Age=31104000;SameSite=None pb_rtb_ev=3-162w|89b.0|88b.0|8ea.0|8fg.0|2JB.0|7Nq.0|7Bj.0|7aw.0|8as.0|7TY.0|7TZ.0|8cn.0|7br.0|7Fn.0|7bs.0|6zB.0|7Xh.0|83u.0|8dQ.0|87G.0|8bO.0|2N.0|7RY.0|7dN.0|85M.0|4is.0|89W.0|7Rn.0|7I7.0|3oy.0|81B.0;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Tue, 22-Mar-2022 13:59:49 GMT;Max-Age=31536000;SameSite=None INGRESSCOOKIE=63bd7abb117f8612; path=/; HttpOnly; Secure; SameSite=None
content-length: 3698
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 05B0 2 KB
818 B 24ms
24ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1616421586277

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?cb=1616421586277
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://excel-malin.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7E49 52 KB
17 KB 73ms
24ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://excel-malin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 19 Mar 2021 05:51:11 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 22 Mar 2021 13:59:49 GMT
Age: 29312
X-Served-By: cache-lga21976-LGA, cache-hhn4081-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 2, 512218
X-Timer: S1616421590.533670,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set beacon Show response
ap.lijit.com/ Frame 2F26
Redirect Chain

https://ap.lijit.com/beacon?informer=8711458
https://ap.lijit.com/beacon?informer=8711458&dnr=1

6 KB
2 KB

45ms
45ms

Document
text/html

216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 01def1f3b8031c25e3899b6fbfcd6ef4cd2aa264ae1e3f5c7f0f81d514e1b375

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://excel-malin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=dd217c0945da0e59fb89a2ac
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxlkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLszBBqL8imWIvu3eJ0cHE7Z1ceSjRnKfGPEZJ2YPNmJQGECxxtIErrf4cPuzo9SUynIZChZ0LIM2IHBL%2BiHRvLMh4Xl5pw7KeQZ5FnD1WDeC284G%2F0vu%2F1WHQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:49 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=dd217c0945da0e59fb89a2ac;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap6ams1

Redirect headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:49 GMT
Content-Length: 0
Set-Cookie: ljt_reader=dd217c0945da0e59fb89a2ac;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon?informer=8711458&dnr=1
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap6ams1

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 6358 37 KB
14 KB 111ms
47ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://excel-malin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27235
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 63BA
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
820 B

45ms
40ms

Script
text/html

185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.47:80
AN-X-Request-Uuid: 5793058c-dc84-4558-b19a-2e93340c929b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.187:80
AN-X-Request-Uuid: c20d7a94-f1b5-48de-aef1-7ed94ebec387
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 7E49
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
820 B

42ms
37ms

Script
text/html

185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.60:80
AN-X-Request-Uuid: e195eca2-0f5e-4795-8015-f0d76fa45d89
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.52:80
AN-X-Request-Uuid: 09ecb675-55ee-45c9-8607-b0f70eb0be04
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2F26
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZGQyMTdjMDk0NWRhMGU1OWZiODlhMmFj

170 B
506 B

94ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZGQyMTdjMDk0NWRhMGU1OWZiODlhMmFj

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=ZGQyMTdjMDk0NWRhMGU1OWZiODlhMmFj
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 200 generic
data.adsrvr.org/track/cmf/ Frame 2F26 70 B
265 B 177ms
49ms Image
image/gif 52.50.156.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.156.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=49&3pid=q8c5TvaauFje&ev=1&pid=558511&gdpr_consent=&gdpr=0

43 B
2 KB

37ms
37ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=49&3pid=q8c5TvaauFje&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://ce.lijit.com/merge?pid=49&3pid=q8c5TvaauFje&ev=1&pid=558511&gdpr_consent=&gdpr=0
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-568ff9c7d-f62h4
expires: -1

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://um.simpli.fi/lj_match?r=1616421589536&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=2&3pid=50165B84EC384071BD49338A6E72D25D

43 B
961 B

151ms
33ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=50165B84EC384071BD49338A6E72D25D
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Mon, 22 Mar 2021 13:59:49 GMT
x-content-type-options: nosniff
server: nginx
location: https://ce.lijit.com/merge?pid=2&3pid=50165B84EC384071BD49338A6E72D25D
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Sun, 21 Mar 2021 13:59:49 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=10&3pid=1875819618363947518

43 B
949 B

115ms
37ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=10&3pid=1875819618363947518
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: https://ce.lijit.com/merge?pid=10&3pid=1875819618363947518
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1
https://ce.lijit.com/merge?pid=85&3pid=

43 B
2 KB

88ms
38ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=85&3pid=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=85&3pid=
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=87&3pid=44072faf-417f-4f38-8eeb-a24ad10edff3

43 B
966 B

124ms
37ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=87&3pid=44072faf-417f-4f38-8eeb-a24ad10edff3
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: //ce.lijit.com/merge?pid=87&3pid=44072faf-417f-4f38-8eeb-a24ad10edff3
Date: Mon, 22 Mar 2021 13:59:49 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 2F26
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2777209633
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2777209633
https://sync.1rx.io/usersync/tradedesk/b71ca6c6-056d-4610-acee-48bc5971a7d3
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003

35 B
237 B

46ms
46ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Tengine
ETag: RXb70b231875b14ed387ecbcd1f575522c003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003
Connection: keep-alive
Content-Type: text/html

GET tum
ums.acuityplatform.com/ Frame 2F26 0
0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://bcp.crwdcntrl.net/5/c=5436/tp=SVRN/tpid=dd217c0945da0e59fb89a2ac/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent=
https://bcp.crwdcntrl.net/5/ct=y/c=5436/tp=SVRN/tpid=dd217c0945da0e59fb89a2ac/pv=y?https://ce.lijit.com%2Fmerge%3Fpid%3D5001%263pid%3D%24%7Bprofile_id%7D&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=5001&3pid=8129521f8a3f2d18ced56a743080b243&gdpr=0&gdpr_consent=

43 B
2 KB

37ms
36ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5001&3pid=8129521f8a3f2d18ced56a743080b243&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ce.lijit.com/merge?pid=5001&3pid=8129521f8a3f2d18ced56a743080b243&gdpr=0&gdpr_consent=
cache-control: no-cache
x-server: 10.45.28.116
content-length: 0
expires: 0

GET

sync
sync.srv.stackadapt.com/ Frame 2F26
Redirect Chain

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent=
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=fmx

0
0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=80&3pid=KMKNOHC6-1-JYL7&gdpr=0

43 B
3 KB

37ms
35ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=80&3pid=KMKNOHC6-1-JYL7&gdpr=0
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://ce.lijit.com/merge?pid=80&3pid=KMKNOHC6-1-JYL7&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8f31d5fb12ac7ec11f837ad8263e0f6c
Expires: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent=
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D613d7a...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D...
https://ce.lijit.com/merge?pid=16&3pid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=

43 B
3 KB

138ms
36ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=16&3pid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:51 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Mon, 22 Mar 2021 13:59:51 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://ce.lijit.com/merge?pid=16&3pid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E

43 B
2 KB

42ms
37ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=dd217c0945da0e59fb89a2ac&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=3&3pid=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=

43 B
2 KB

90ms
39ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=3&3pid=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date: Mon, 22 Mar 2021 13:59:47 GMT
Server: MT3 3611 f10363c master zrh-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ce.lijit.com/merge?pid=3&3pid=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 22 Mar 2021 13:59:46 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=12&3pid=8302895149037461874&gdpr=0&gdpr_consent=

43 B
2 KB

64ms
34ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=12&3pid=8302895149037461874&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.12:80
AN-X-Request-Uuid: 42c576f8-ac0b-40df-99a5-8cc52adcbc2d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ce.lijit.com/merge?pid=12&3pid=8302895149037461874&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://aorta.clickagy.com/pixel.gif?ch=185&cm=dd217c0945da0e59fb89a2ac&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed

43 B
4 KB

105ms
38ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:54 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Mon, 22 Mar 2021 13:59:54 GMT
server: Aorta/2.4.14-20210304.4cf0ca0
access-control-allow-origin
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
Location: https://ce.lijit.com/merge?pid=84&3pid=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
X-Aorta-Region: us-east-1
Connection: keep-alive
X-Aorta-Host: ip-10-42-16-11.ec2.internal
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
Content-Length: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame 2F26 45 B
372 B 3391ms
37ms Image
image/gif 104.76.200.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=sov&ovsid=dd217c0945da0e59fb89a2ac&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1023%263pid%3D%24%7BUSER%7D&gdpr=0&gdpr_consent=

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.76.200.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-76-200-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Mon, 22 Mar 2021 13:59:53 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Mon, 22 Mar 2021 13:59:53 GMT

GET
H/1.1

200
OK

reporting
ap.lijit.com/dsp/google/ Frame 2F26
Redirect Chain

https://ap.lijit.com/dsp/google/cookiematch/beacon?gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_hm=ZGQyMTdjMDk0NWRhMGU1OWZiODlhMmFj
https://ap.lijit.com/dsp/google/reporting

43 B
567 B

39ms
39ms

Image
image/gif

216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/dsp/google/reporting
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Content-Type: image/gif
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ap.lijit.com/dsp/google/reporting
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=83&3pid=KMKNOIAW-1B-5I55&gdpr=0

43 B
3 KB

439ms
35ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=83&3pid=KMKNOIAW-1B-5I55&gdpr=0
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:51 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://ce.lijit.com/merge?pid=83&3pid=KMKNOIAW-1B-5I55&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Expires: 0

GET ae12848777b41970a5f2
aax-eu.amazon-adsystem.com/s/x/ Frame 2F26 0
0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 2F26
Redirect Chain

https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
https://ams.creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1
https://ce.lijit.com/merge?pid=86&3pid=8fSsnqf3f9NDC8WJLEVi&pi=sovrn&gdpr_consent=&gdpr=0&tc=1

43 B
3 KB

103ms
37ms

Image
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=86&3pid=8fSsnqf3f9NDC8WJLEVi&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:51 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: https://ce.lijit.com/merge?pid=86&3pid=8fSsnqf3f9NDC8WJLEVi&pi=sovrn&gdpr_consent=&gdpr=0&tc=1
pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT, Mon, 22 Mar 2021 13:59:50 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0F1B 8 KB
3 KB 28ms
27ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ap.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=135874
Expires: Wed, 24 Mar 2021 03:44:23 GMT
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

cm Show response
us-u.openx.net/w/1.0/ Frame 920C
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_c...
https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&g...

776 B
811 B

39ms
39ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.203.0 /
Resource Hash: 619ba34c3476b5f27ffc81faf8a8449709d683519a142405ec50c42e40519587

Request headers

:method: GET
:authority: us-u.openx.net
:scheme: https
:path: /w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=d97455fc-af3f-0417-23f3-1e1b9380877d|1616421589
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=d97455fc-af3f-0417-23f3-1e1b9380877d|1616421589; Version=1; Expires=Tue, 22-Mar-2022 13:59:49 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1616421589|gekin0vNiygu; Version=1; Expires=Tue, 06-Apr-2021 13:59:49 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.203.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: text/html
content-length: 476
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=d97455fc-af3f-0417-23f3-1e1b9380877d|1616421589; Version=1; Expires=Tue, 22-Mar-2022 13:59:49 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.203.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
date: Mon, 22 Mar 2021 13:59:49 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B60C 8 KB
3 KB 49ms
29ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ap.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=135874
Expires: Wed, 24 Mar 2021 03:44:23 GMT
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 0608867b Show response
rtb.gumgum.com/usync/ Frame E1E7 3 KB
1 KB 136ms
44ms Document
text/html 52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: dd9e15d07a2bc5e2fd643859757f70fe2f1d3f159abc7499923fa8b392ce9599

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ap.lijit.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3; Domain=.gumgum.com; Expires=Tue, 22-Mar-2022 13:59:49 GMT; Path=/; Secure; SameSite=None
etag: W/"01015f69546feae642c6226c24b7f9515"
timing-allow-origin: *
content-encoding: gzip

GET
H/1.1

200
OK

Cookie set merge Show response
ce.lijit.com/ Frame 4829
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xMjcvY2lkLzI4NTUyOTczL3QvMg/url/https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D1%263pid%3D%24!%7BTURN_UUID%7D&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=1&3pid=7049653180921765701&gdpr=0&gdpr_consent=

43 B
948 B

106ms
36ms

Document
image/gif

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=1&3pid=7049653180921765701&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon?informer=8711458&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ap.lijit.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=dd217c0945da0e59fb89a2ac; ljtrtbexp=eJxlkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLszBBqL8imWIvu3eJ0cHE7Z1ceSjRnKfGPEZJ2YPNmJQGECxxtIErrf4cPuzo9SUynIZChZ0LIM2IHBL%2BiHRvLMh4Xl5pw7KeQZ5FnD1WDeC284G%2F0vu%2F1WHQ%3D%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ap.lijit.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:49 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_1=7049653180921765701;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:49 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtbexp=eJxlkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLszBBqL8imWIvu3eJ0cHE7Z1ceSjRnKfGPEZJ2YPNmJQGECxxtIErrf4cPuzo9SUynIZChZ0LIM2IHBL%2BiHRvLMh4Xl5pw7KeQZ5FnD1WDeC284G%2F0vu%2F1WHQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:49 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=dd217c0945da0e59fb89a2ac;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap5ams1

Redirect headers

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=7049653180921765701; Domain=.turn.com; Expires=Sat, 18-Sep-2021 13:59:49 GMT; Path=/; Secure; SameSite=None
location: https://ce.lijit.com/merge?pid=1&3pid=7049653180921765701&gdpr=0&gdpr_consent=
content-length: 0
date: Mon, 22 Mar 2021 13:59:49 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame E763
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

48ms
45ms

Document
text/html

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1089c2f68420aef2895f37f7d95c326ae96842bd1878a26f9da778f9fec10e3c

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YFii1dUNIClqNm94vvYZwgAA; CMPS=3202
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|45|230|241|176|195|4|5
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1606
Expires: Mon, 22 Mar 2021 13:59:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Set-Cookie: CMID=YFii1dUNIClqNm94vvYZwgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 22 Mar 2022 13:59:49 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 20 Jun 2021 13:59:49 GMT CMPRO=1107;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 20 Jun 2021 13:59:49 GMT CMRUM3=046058a2d505a0&2d6058a2d505a0&f16058a2d505a00&056058a2d505a0&e66058a2d527600&c36058a2d505a00&b06058a2d505a00&276058a2d50b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 22 Mar 2022 13:59:49 GMT CMST=YFii1WBYotUA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 23 Mar 2021 13:59:49 GMT

Redirect headers

Server: Apache
Content-Length: 338
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Mon, 22 Mar 2021 13:59:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Set-Cookie: CMID=YFii1dUNIClqNm94vvYZwgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 22 Mar 2022 13:59:49 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 20 Jun 2021 13:59:49 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 6358 8 KB
9 KB 131ms
47ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 3c5c21129792f39bae5ab83c9022e6be9d2ca05f95fec7ff715a877371228327

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:48 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame E2C9 37 KB
14 KB 37ms
32ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=156983:2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=137711&s=137812&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D58%263pid%3D&gdpr=0&gdpr_consent=

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27235
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 0E7E 37 KB
14 KB 49ms
46ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=156983:2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156212&predirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D71%263pid%3D&gdpr=1&gdpr_consent=ABCFETYFDJLNBFCV&gdpr=0&gdpr_consent=

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27235
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 920C 43 B
966 B 126ms
38ms Image
image/gif 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=76&3pid=6636b465-ec0c-01ed-3e99-60558f168bd2&gdpr=0&gdpr_consent=
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:51 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 920C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=81e26058-a2d5-4900-9437-5d8ef3ac3130

43 B
106 B

47ms
29ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=81e26058-a2d5-4900-9437-5d8ef3ac3130
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.203.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
via: 1.1 google
server: OXGW/16.203.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 22 Mar 2021 13:59:47 GMT
Server: MT3 3611 f10363c master zrh-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=81e26058-a2d5-4900-9437-5d8ef3ac3130
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 22 Mar 2021 13:59:46 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 920C
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=4caJF7bE2Br6lY5L5caRHuLBiRj6z40XspcqZIk-
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072956&gdpr=0&val=4caJF7bE2Br6lY5L5caRHuLBiRj6z40XspcqZIk-

43 B
106 B

35ms
34ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072956&gdpr=0&val=4caJF7bE2Br6lY5L5caRHuLBiRj6z40XspcqZIk-
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.203.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
via: 1.1 google
server: OXGW/16.203.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072956&gdpr=0&val=4caJF7bE2Br6lY5L5caRHuLBiRj6z40XspcqZIk-
date: Mon, 22 Mar 2021 13:59:49 GMT
via: 1.1 google
server: OXGW/16.203.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 920C
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4412835407363554486

43 B
106 B

34ms
32ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4412835407363554486
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.203.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
via: 1.1 google
server: OXGW/16.203.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=4412835407363554486
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 920C 70 B
264 B 55ms
50ms Image
image/gif 52.50.156.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=0ad86aa5-06b8-3be0-7925-d6f3f7a7b480&gdpr=0
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.156.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame 920C 170 B
201 B 85ms
48ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MjZiN2I5NmYtY2ZjZi02NTQ0LTZjYzUtOGM0YTNkNDU3YWUw

Requested by

Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 920C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBzbwqs2qb7xaYPzt6FtojI&google_cver=1

43 B
172 B

34ms
33ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBzbwqs2qb7xaYPzt6FtojI&google_cver=1
Requested by: Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=dc2068a3-fa3d-4b5f-8a61-3d5a1a58fc05&ph=21f03281-5b83-4670-a0e0-dc15f7542014&r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D76%263pid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.203.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://us-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
via: 1.1 google
server: OXGW/16.203.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBzbwqs2qb7xaYPzt6FtojI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=8302895149037461874

35 B
237 B

53ms
42ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=8302895149037461874
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 824.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.180:80
AN-X-Request-Uuid: 144afe90-9d1d-45e4-9535-7cc3911891e3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=8302895149037461874
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3&gdpr=0&gdpr_consent=&us_privacy=
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3&gdpr=0&gdpr_consent=&us_privacy=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=0768523a-618a-415e-a254-00f29f03667f&ssp=gumgum2
https://rtb.gumgum.com/usersync?b=bsw&i=2e4bed9e-dc7e-4707-8c07-c96df592e9b3

35 B
237 B

46ms
45ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:52 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: //rtb.gumgum.com/usersync?b=bsw&i=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
date: Mon, 22 Mar 2021 13:59:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28v6SmfSriuwhGIXvt-gvellM2GxuRXjd9zQ6Ec2YslPjm_Y3QuTLIfYOvkvbHuz0R%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...

35 B
237 B

46ms
45ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28v6SmfSriuwhGIXvt-gvellM2GxuRXjd9zQ6Ec2YslPjm_Y3QuTLIfYOvkvbHuz0R%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28v6SmfSriuwhGIXvt-gvellM2GxuRXjd9zQ6Ec2YslPjm_Y3QuTLIfYOvkvbHuz0R%29
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28v6SmfSriuwhGIXvt-gvellM2GxuRXjd9zQ6Ec2YslPjm_Y3QuTLIfYOvkvbHuz0R%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28v6SmfSriuwhGIXvt-gvellM2GxuRXjd9zQ6Ec2YslPjm_Y3QuTLIfYOvkvbHuz0R%29
Date: Mon, 22 Mar 2021 13:59:50 GMT
Connection: close
X-TraceId: e098b286232e6538e5a446cdc8404fdb
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=fde5ced5-2ead-03b6-1e5e-c61e3ff7b5c6

35 B
237 B

47ms
46ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=fde5ced5-2ead-03b6-1e5e-c61e3ff7b5c6
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-encoding: gzip
server: OXGW/16.203.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=fde5ced5-2ead-03b6-1e5e-c61e3ff7b5c6
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET sync
sync.srv.stackadapt.com/ Frame E1E7 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-xH1W35pE2pdG0pum1zbr943aJJxDlpW.eXkg~A

35 B
237 B

98ms
42ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-xH1W35pE2pdG0pum1zbr943aJJxDlpW.eXkg~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 22 Mar 2021 13:59:49 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-xH1W35pE2pdG0pum1zbr943aJJxDlpW.eXkg~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%...
https://rtb.gumgum.com/usersync?b=vnt&i=e1956da7-8b16-11eb-941a-699bb1a7e05f

35 B
238 B

387ms
47ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=e1956da7-8b16-11eb-941a-699bb1a7e05f
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:55 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=e1956da7-8b16-11eb-941a-699bb1a7e05f
Date: Mon, 22 Mar 2021 13:59:54 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: e1956da8-8b16-11eb-941a-699bb1a7e05f

GET services
sync.technoratimedia.com/ Frame E1E7 0
0

GET
H2 200 142
match.deepintent.com/usersync/ Frame E1E7 0
44 B 501ms
107ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3D72%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-length: 0
server: a

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3&gdpr=0&gdpr_consent=&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0

35 B
237 B

47ms
46ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0
Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 78
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4248758891
https://sync.1rx.io/usersync/tradedesk/b71ca6c6-056d-4610-acee-48bc5971a7d3
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003

35 B
237 B

46ms
45ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Tengine
ETag: RXb70b231875b14ed387ecbcd1f575522c003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003
Connection: keep-alive
Content-Type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame E1E7
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=6Hz2s1lOTkuF&ev=1&pid=558355

35 B
237 B

48ms
45ms

Image
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=6Hz2s1lOTkuF&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=6Hz2s1lOTkuF&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-568ff9c7d-bhs64
expires: -1

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame E1E7 43 B
2 KB 66ms
38ms Image
image/gif 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=36&3pid=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:51 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 2041
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=

35 B
237 B

46ms
45ms

Document
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 22 Mar 2021 13:59:47 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Cache-Control: no-cache
set-cookie: uuid=22636058-a2d5-4200-8031-f794f5c55550; domain=.mathtag.com; path=/; expires=Tue, 19-Apr-2022 13:59:49 GMT; SameSite=None; Secure
location: https://rtb.gumgum.com/usersync?b=mmh&i=22636058-a2d5-4200-8031-f794f5c55550&gdpr=0&gdpr_consent=
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 3611 f10363c master zrh-pixel-x29
Expires: Mon, 22 Mar 2021 13:59:46 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 6872
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS
https://rtb.gumgum.com/usersync?b=atm&i=YFii3QAAAKd8vFLS&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS

35 B
237 B

51ms
51ms

Document
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YFii3QAAAKd8vFLS&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YFii3QAAAKd8vFLS&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_2e235821-b706-402b-b0b2-6aeaba7f2b6d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 22 Mar 2021 13:59:57 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YFii3QAAAKd8vFLS&gdpr=0&gdpr_consent=&_test=YFii3QAAAKd8vFLS
accept-ranges: bytes
date: Mon, 22 Mar 2021 13:59:57 GMT
via: 1.1 varnish
x-served-by: cache-fra19131-FRA
x-cache: HIT
x-cache-hits: 0
x-timer: S1616421597.356779,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-Q050

200

pixel Show response
cm.g.doubleclick.net/ Frame 3B83
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent=&google_tc=

170 B
190 B

34ms
32ms

Document
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent=&google_tc=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent=&google_tc=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlae2YtFf4_b0x9_eLw9frdrYcg6DQG-vMn7ivjhVvnZl6lHHUWxDbDC-Bn71c; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Mon, 22 Mar 2021 13:59:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV82ZDQxZmM0Ny1jZTkwLTQ0NjEtOGViZS03MmE4ZmU4NzJkYzM=&gdpr=0&gdpr_consent=&google_tc=
date: Mon, 22 Mar 2021 13:59:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 364
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 22-Mar-2021 14:14:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6717 8 KB
3 KB 50ms
30ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=135874
Expires: Wed, 24 Mar 2021 03:44:23 GMT
Date: Mon, 22 Mar 2021 13:59:49 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 0163
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=b71ca6c6-056d-4610-acee-48bc5971a7d3&t=1619013589

35 B
237 B

99ms
41ms

Document
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=b71ca6c6-056d-4610-acee-48bc5971a7d3&t=1619013589
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=ttd&i=b71ca6c6-056d-4610-acee-48bc5971a7d3&t=1619013589
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=b71ca6c6-056d-4610-acee-48bc5971a7d3&t=1619013589
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=b71ca6c6-056d-4610-acee-48bc5971a7d3; domain=.adsrvr.org; expires=Tue, 22-Mar-2022 13:59:49 GMT; path=/; secure; SameSite=None TDCPM=CAEYBSABKAIyCwigidnYr9G2ORAFOAE.; domain=.adsrvr.org; expires=Tue, 22-Mar-2022 13:59:49 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 1EF4 0
0 6672ms
24ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Mon, 22 Mar 2021 13:59:56 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame A3D3
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YFii1sCo5soAACT4slMAAAAA

35 B
237 B

47ms
46ms

Document
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YFii1sCo5soAACT4slMAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YFii1sCo5soAACT4slMAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:50 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YFii1sCo5soAACT4slMAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Set-Cookie: SOC=YFii1sCo5soAACT4slMAAAAA; path=/; expires=Wed, 22-Mar-23 13:59:50 GMT; domain=socdm.com; secure; SameSite=None
X-SO-Ads-Time: 2
X-SO-HostName: a-ad40354.dc2p.scaleout.jp
X-SO-LB-Hostname: a-tgng40006.dc2p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":38,"gdpr":false,"ipv4":"185.156.175.107","key":"YFii1sCo5soAACT4slMAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40354"}
X-SO-Key: YFii1sCo5soAACT4slMAAAAA
X-SO-IP: 185.156.175.107
X-SO-Cluster-ID: 38
X-SO-Upstream-ID: a-ad40354

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7A6F
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=2159827869682617939

35 B
237 B

47ms
47ms

Document
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=2159827869682617939
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=2159827869682617939
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 22 Mar 2021 13:59:49 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: eud=H4sIAAAAAAAAAFslxmtoZmhmYmRoamFpYWEJAGqkXL8QAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 16 Apr 2022 13:59:49 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjI0tbQwMrcwszSzMDIzNLc0thTiM9Q1TTXMyU4xyPIoNkiX4jU0MzQzAaq0sLSwsAQAIM-yOTQAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 16 Apr 2022 13:59:49 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNjI0tbQwMrcwszSzMDIzNLc0thTiM9Q1TTXMyU4xyPIoNkgHAK1A1MwlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=2159827869682617939
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 9A93
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://ams.creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=8fSsnqf3f9NDC8WJLEVi&pi=gumgum&tc=1

35 B
237 B

46ms
45ms

Document
image/gif

52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=8fSsnqf3f9NDC8WJLEVi&pi=gumgum&tc=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/0608867b?r=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D36%263pid%3D&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=8fSsnqf3f9NDC8WJLEVi&pi=gumgum&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Mon, 22 Mar 2021 13:59:50 GMT Mon, 22 Mar 2021 13:59:50 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=8fSsnqf3f9NDC8WJLEVi&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
165 B 27ms
11ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 30ms
18ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 460 B
678 B 347ms
346ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=3742315776184653&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C180x150%7C234x60%7C300x1050%7C300x250%7C250x250%7C200x200%7C125x125%7C300x600%7C120x600%7C120x240&fluid=height&ris=3&rcs=1&prev_scp=iid7%3D685266%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1143%26sap%3D1143%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dexcel_malin_com-large-billboard-2-685266%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D4%26bvr%3D5%26shp%3D2%26ftsn%3D3%26br1%3D500%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26hb_bidder%3Dpubmatic%26hb_adid%3D49a8e4cb079f1fb%26hb_pb%3D0.03%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D1000%26reqt%3D1616421589840&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1616421589&dt=1616421589863&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2572&adks=4002535631&ucis=6&ifi=6&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

00b45e73e4860bd9481c7bd7df4a17bccacaf1c0547542ad30eccbba44e6a6d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 456 B
325 B 367ms
367ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=4079350568495924&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=3&rcs=1&prev_scp=iid8%3D725166%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1100%26sap%3D1100%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-2-725166%26eb_br%3Dd81e229576f8cb8a43ff5c6a8e596727%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D3%26bvr%3D2%26shp%3D1%26ftsn%3D3%26br1%3D1500%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%252C14%252C28%252C4%252C51%252C0%252C88%252C0%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D1500%26reqt%3D1616421589868&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1616421589&dt=1616421589873&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1104&adks=1944177510&ucis=7&ifi=7&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

682ac4e14b7a7ed29a1d9b305a04b9b6d137ecbf2315bc72964e9252356dacc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 250
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 448 B
309 B 387ms
386ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=3489921328326763&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C125x125&fluid=height&ris=3&rcs=1&prev_scp=iid8%3D721116%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1135%26sap%3D1135%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dexcel_malin_com-box-1-721116%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D1000%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%252C14%252C28%252C4%252C51%252C0%252C88%252C0%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26hb_bidder%3Dpubmatic%26hb_adid%3D500eb6245ca2c66%26hb_pb%3D0.04%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D1200%26reqt%3D1616421589876&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1616421589&dt=1616421589880&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=790&adks=2931237426&ucis=8&ifi=8&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

304d4e2ee3ab55281bb6b29f3ae0b3c402f335f5925c9ed795ea631e75788fce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 457 B
323 B 328ms
326ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=4082202991580470&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D1300%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D1300%26reqt%3D1616421589882&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1616421589&dt=1616421589886&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=4875&adks=2801874487&ucis=9&ifi=9&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

1f4a6c5c98372f5313630f477ddad6b68a0f39f895ccd4afbf606c83663ae584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
9 KB 465ms
464ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=2061691445933101&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=3&rcs=1&prev_scp=iid8%3D710166%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1133%26sap%3D1133%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dexcel_malin_com-box-2-710166%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D500%26br2%3D300%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D600%26reqt%3D1616421589889&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1616421589&dt=1616421589898&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=97&adks=2276015470&ucis=a&ifi=10&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x90&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

56a68598a57a3ac0db59a0f8e8eda2b9d1cb7f88f0d29dbcd63d70ff719e0f3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8965
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0E7E 8 KB
9 KB 42ms
41ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 7497cafbecbeff290be8bb47c4d1f3f81649de14af16e681f80b736909daaf51

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:49 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 7F5B
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790

42 B
769 B

30ms
30ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KRTBCOOKIE_153=1923-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&19420-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&22979-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s; PUBMDCID=3; KRTBCOOKIE_57=22776-8302895149037461874; KRTBCOOKIE_409=22966-dwBrwYCiyhzRmEBvV67bWg6H&KRTB&23212-dwBrwYCiyhzRmEBvV67bWg6H; KRTBCOOKIE_80=16514-CAESECLXzpA8ONNRIrsK6WKXP7w&KRTB&22987-CAESECLXzpA8ONNRIrsK6WKXP7w&KRTB&23025-CAESECLXzpA8ONNRIrsK6WKXP7w; PugT=1616421596; KRTBCOOKIE_699=22727-AAD33E7AsUYAABHSRg1mVw; KRTBCOOKIE_188=3189-613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348; KADUSERCOOKIE=B8EA40A3-794C-413A-A9B9-38671109C60C; SPugT=1616421597
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:57 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_336=5844-8706888896705067790; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:57 GMT; path=/ PugT=1616421597; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:57 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 20-Jun-2021 13:59:57 GMT; path=/
X-lat: amspug004:0:302
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 3989 43 B
284 B 1130ms
42ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Mon, 22 Mar 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1154
date: Mon, 22 Mar 2021 13:59:50 GMT
content-length: 43

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame D9F6
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDT3ZFN0FzVVlBQUJCTkwwQVJxUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACOvE7AsUYAABBNL0ARqQ&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AACOvE7AsUYAABBNL0ARqQ&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir

43 B
181 B

147ms
40ms

Document
image/gif

185.86.137.131
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Host: rtb-csync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-type: image/gif
transfer-encoding: chunked
x-smrt-reason: 5

Redirect headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
location: https://rtb-csync.smartadserver.com/redir
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET

Pug
simage2.pubmatic.com/AdServer/ Frame BB8C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865619880087

0
0

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 7583
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H

42 B
811 B

33ms
30ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KRTBCOOKIE_153=1923-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&19420-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&22979-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s; PugT=1616421596; PUBMDCID=3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:56 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_409=22966-dwBrwYCiyhzRmEBvV67bWg6H&KRTB&23212-dwBrwYCiyhzRmEBvV67bWg6H; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:56 GMT; path=/ PugT=1616421596; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:56 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 20-Jun-2021 13:59:56 GMT; path=/
X-lat: amspug016:0:410
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

server: openresty
date: Mon, 22 Mar 2021 13:59:57 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=dwBrwYCiyhzRmEBvV67bWg6H; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame BFEE 43 B
408 B 147ms
33ms Document
image/gif 72.251.241.206
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.206 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-4
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame A6A3
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
443 B

169ms
167ms

Document
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ANON_ID=aXnoeUOZb3VxUEjUGwkNZbfpQEIbVraRuWjRjjiNNY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif; charset=utf-8
content-length: 43
set-cookie: __cfduid=dc83d4b516059db0493836f397580f5521616421590; expires=Wed, 21-Apr-21 13:59:50 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=acnseFr2PKcFuYnRYa7PO6YHIhZdZdpGkf8Tsdqolb4MZdTiZc2dM7Jb0Fq3clFZbYqM61An7rx3O7GPF3yfCRghE; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT; SameSite=None; Secure; ANON_ID_old=acnseFr2PKcFuYnRYa7PO6YHIhZdZdpGkf8Tsdqolb4MZdTiZc2dM7Jb0Fq3clFZbYqM61An7rx3O7GPF3yfCRghE; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
cf-request-id: 08fbd52c75000005b706911000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 633ff15a58ed05b7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: text/html
set-cookie: __cfduid=d453c2183623c6265b963a2400b2e17a21616421589; expires=Wed, 21-Apr-21 13:59:49 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=aXnoeUOZb3VxUEjUGwkNZbfpQEIbVraRuWjRjjiNNY; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT; SameSite=None; Secure; ANON_ID_old=aXnoeUOZb3VxUEjUGwkNZbfpQEIbVraRuWjRjjiNNY; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 1254
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
cf-request-id: 08fbd52bc5000005b75db89000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 633ff1593f3305b7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 dpe Show response
ad4m.at/ad/ Frame FD8F 42 B
1 KB 93ms
27ms Document
image/gif 2606:4700:3039::6815:c00b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c00b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif
content-length: 42
set-cookie: __cfduid=d9f1c8e3fc93c798d538f6b79520f978a1616421590; expires=Wed, 21-Apr-21 13:59:50 GMT; path=/; domain=.ad4m.at; HttpOnly; SameSite=Lax; Secure
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-3wfd
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 08fbd52bed00004e9ecf14d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 633ff1597c574e9e-FRA

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 1C24
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%%
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219

0
0

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 7C81
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
52 B

33ms
33ms

Document
text/plain

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=76450352&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Mon, 22 Mar 2021 13:59:53 GMT
via: 1.1 varnish
x-served-by: cache-fra19161-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1616421594.746483,VS0,VE8
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859;Version=1;Path=/;Domain=.taboola.com;Expires=Tue, 22-Mar-2022 13:59:53 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=34643362-8549-4720-b0ef-2fc904411e41-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Mon, 22 Mar 2021 13:59:53 GMT
via: 1.1 varnish
x-served-by: cache-fra19161-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1616421594.652094,VS0,VE69
x-vcl-time-ms: 69
content-length: 0

GET Pug
simage2.pubmatic.com/AdServer/ Frame 5836 0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 7117
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7DERisSy1Lol605&gdpr=0&gdpr_consent=

0
0

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6358
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=eTPtOXrmRZOU3YFLJ6QpFQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

59ms
29ms

Image
text/html

184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=135873
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Wed, 24 Mar 2021 03:44:23 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 6358 95 B
386 B 31ms
27ms Image
image/png 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=7933ED39-7AE6-4593-94DD-814B27A42915
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 633ff1592af35364-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 08fbd52bb8000053645cb03000000001

GET info
uipglob.semasio.net/pubmatic/1/ Frame 6358 0
0

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7933ED39-7AE6-4593-94DD-814B27A42915&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=7933ED39-7AE6-4593-94DD-814B27A42915&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7933ED39-7AE6-4593-94DD-814B27A42915&addseg=31

7 B
147 B

125ms
34ms

Image
text/plain

185.64.189.249
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7933ED39-7AE6-4593-94DD-814B27A42915&addseg=31
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.189.249 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:57 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Mon, 22 Mar 2021 13:59:57 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=7933ED39-7AE6-4593-94DD-814B27A42915&addseg=31
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzkzM0VEMzktN0FFNi00NTkzLTk0REQtODE0QjI3QTQyOTE1&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
505 B

7326ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:55 GMT
X-lat: amspug005:0:405
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1

42 B
855 B

7316ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug012:0:445
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 6358 43 B
609 B 36ms
28ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 21 Mar 2021 13:59:49 GMT

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b71ca6c6-056d-4610-acee-48bc5971a7d3

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7236353981170428696

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:81e26058-a2d5-4900-9437-5d8ef3ac3130&gdpr=0&gdpr_consent=

0
0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=

42 B
769 B

7233ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:55 GMT
X-lat: amspug005:0:361
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:49 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.41:80
AN-X-Request-Uuid: 168e8632-fb51-4e3b-859e-277f3c832962
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

sync
sync.srv.stackadapt.com/ Frame 6358
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=pubmatic

0
0

GET
H2 200 7933ED39-7AE6-4593-94DD-814B27A42915
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 6358 43 B
566 B 38ms
32ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/7933ED39-7AE6-4593-94DD-814B27A42915?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7933ED39-7AE6-4593-94DD-814B27A42915&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=7933ED39-7AE6-4593-94DD-814B27A42915&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-h_kYPIpE2uWVxpySkxA2_CZd8MGf6hQ-~A&gdpr=0&gdpr_consent=

0
418 B

122ms
30ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-h_kYPIpE2uWVxpySkxA2_CZd8MGf6hQ-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:51 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 22 Mar 2021 13:59:52 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-h_kYPIpE2uWVxpySkxA2_CZd8MGf6hQ-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s

42 B
894 B

7233ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug014:0:392
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:49 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YFii3QAAAHBcPyrK&gdpr=0&gdpr_consent=&_test=YFii3QAAAHBcPyrK

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8248286069948666349&gdpr=0&gdpr_consent=&us_privacy=

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:71e3b31c-2cb3-4139-bf81-c488ce138ff1&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

0
0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=

42 B
800 B

4832ms
31ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug008:0:433
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 6358 0
104 B 48ms
23ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=7933ED39-7AE6-4593-94DD-814B27A42915&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:57 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA%3D%26piggybackCookie%3D%24UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=7885162345081131483

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6358
Redirect Chain

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_2e235821-b706-402b-b0b2-6aeaba7f2b6d

0
0

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame E763 70 B
264 B 76ms
35ms Image
image/gif 52.50.156.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_user_id=YFii1dUNIClqNm94vvYZwgAA&cm_dsp_id=70
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.156.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame E763
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YFii1mL.OFNj-PO9LOX5BQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2

43 B
894 B

36ms
34ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 22 Mar 2021 13:59:50 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame E763
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YFii1dUNIClqNm94vvYZwgAABFMAAAIB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEB4Bl6awAYvT1O10HYg6THY&google_cver=1

43 B
315 B

40ms
33ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEB4Bl6awAYvT1O10HYg6THY&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 22 Mar 2021 13:59:50 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEB4Bl6awAYvT1O10HYg6THY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame E763
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YFii1dUNIClqNm94vvYZwgAABFMAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YFii1dUNIClqNm94vvYZwgAABFMAAAIB&dcc=t

43 B
720 B

257ms
138ms

Image
image/gif

52.46.130.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YFii1dUNIClqNm94vvYZwgAABFMAAAIB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.46.130.13 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:53 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:53 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YFii1dUNIClqNm94vvYZwgAABFMAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 113
match.deepintent.com/usersync/ Frame E763 0
16 B 372ms
108ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/113
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:49 GMT
content-length: 0
server: a

GET user-sync
nep.advangelists.com/xp/ Frame E763 0
0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E763
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8176228475910738413
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8176228475910738413&C=1

43 B
1006 B

136ms
37ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8176228475910738413&C=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 22 Mar 2021 13:59:50 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8176228475910738413&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 281
Expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H2 200 ix
ad4m.at/ad/sim/ Frame E763 0
0 79ms
4ms Image
text/html 2606:4700:3039::6815:c00b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad4m.at/ad/sim/ix
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame E763 43 B
425 B 85ms
27ms Image
image/gif 184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YFii1dUNIClqNm94vvYZwgAA%261107
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://excel-malin.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "902a3d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1901
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 22 Mar 2021 14:31:31 GMT

GET
H2 204 current
pulsepoint-match.dotomi.com/match/bounce/ Frame 52A5 0
104 B 165ms
56ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 52A5
Redirect Chain

https://px.owneriq.net/eucm/p/cwc
https://px.owneriq.net/ecc?redir=https%3a%2f%2fpx.owneriq.net%2ffr%2fepx.gif&uid=Q6697079911177171096&ref=%2Feucm%2Fp%2Fcwc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

37ms
37ms

Image
image/gif

88.221.62.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.62.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-62-154.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:52 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Mon, 22 Mar 2021 13:59:52 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 52A5
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=95&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=95&gdpr=0&gdpr_consent=
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&partner_url=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd...
https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr_in_effect=0&gdpr_consent=

49 B
806 B

188ms
188ms

Image
image/gif

198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr_in_effect=0&gdpr_consent=

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-568ff9c7d-bhs64
expires: -1

Redirect headers

date: Mon, 22 Mar 2021 13:59:51 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=543793&ev=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr_in_effect=0&gdpr_consent=
alt-svc: clear
content-length: 0

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 52A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=eUw1bzdzZXI4Y2k0RE50d0VWUDRBUQ&gdpr=0&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEACJh1OR2hhdWr6nmpYdaoU&google_cver=1

49 B
676 B

173ms
152ms

Image
image/gif

198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEACJh1OR2hhdWr6nmpYdaoU&google_cver=1

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-568ff9c7d-bhs64
expires: -1

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEACJh1OR2hhdWr6nmpYdaoU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 335
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 52A5
Redirect Chain

https://x.bidswitch.net/sync?ssp=pulsepoint
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pulsepoint&bsw_custom_parameter=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pulsepoint&bsw_custom_parameter=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
https://x.bidswitch.net/sync?dsp_id=4&user_id=d8696cb0-1bf1-41b5-a8e2-2447ab99e599&ssp=pulsepoint&expires=30&user_group=5&bsw_param=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
https://bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=2e4bed9e-dc7e-4707-8c07-c96df592e9b3

49 B
749 B

122ms
121ms

Image
image/gif

198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=2e4bed9e-dc7e-4707-8c07-c96df592e9b3

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-568ff9c7d-bhs64
expires: -1

Redirect headers

location: //bh.contextweb.com/bh/rtset?do=add&pid=556010&ev=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
date: Mon, 22 Mar 2021 13:59:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55972/ Frame 52A5
Redirect Chain

https://pixel.advertising.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent=
https://pixel.advertising.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent=&verify=true
https://ups.analytics.yahoo.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent=&apid=UPde834baf-8b16-11eb-b48a-02e98585498e

0
964 B

2151ms
26ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent=&apid=UPde834baf-8b16-11eb-b48a-02e98585498e

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.128 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:52 GMT
Server: ATS/7.1.2.128
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55972/sync?uid=CTXX7rlJzs2z&_origin=1&gdpr=0&gdpr_consent=&apid=UPde834baf-8b16-11eb-b48a-02e98585498e
date: Mon, 22 Mar 2021 13:59:50 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

xuid
eb2.3lift.com/ Frame 52A5
Redirect Chain

https://eb2.3lift.com/xuid?mid=2636&xuid=CTXX7rlJzs2z&dongle=8bee
https://eb2.3lift.com/xuid?ld=1&mid=2636&xuid=CTXX7rlJzs2z&dongle=8bee&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

27ms
26ms

Image
image/gif

18.185.82.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=2636&xuid=CTXX7rlJzs2z&dongle=8bee&gdpr=1&cmp_cs=&us_privacy=
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.82.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-82-201.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:58 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=2636&xuid=CTXX7rlJzs2z&dongle=8bee&gdpr=1&cmp_cs=&us_privacy=
date: Mon, 22 Mar 2021 13:59:58 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 v1
match.sharethrough.com/sync/ Frame 52A5 68 B
263 B 1879ms
26ms Image
image/png 18.158.174.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=790d3e0174b12a86f1cbebf4&source_user_id=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.174.89 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-174-89.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-length: 68
content-type: image/png

GET
H/1.1

200
OK

redir
rtb-csync.smartadserver.com/ Frame 52A5
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pp
https://match.prod.bidr.io/cookie-sync/pp?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEMzNFN0FzVVlBQUJIU1JnMW1Wdw&bee_sync_partners=pm%2Csas%2Cpp&bee_sync_current_partner=adx&bee_sync_initiator=pp&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp&bee_sync_current_partner=adx&bee_sync_initiator=pp&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD33E7AsUYAABHSRg1mVw&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2&_bee_ppp=1
https://rtb-csync.smartadserver.com/redir

43 B
181 B

374ms
42ms

Image
image/gif

185.86.137.131
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:57 GMT
x-smrt-reason: 5
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir
Date: Mon, 22 Mar 2021 13:59:57 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 52A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_cm&google_hm=CTXX7rlJzs2z
https://bh.contextweb.com/bh/rtset?pid=559960&ev=1&google_gid=CAESECAfVuJZpzolj_IYRss8Fmc&google_cver=1

49 B
642 B

170ms
150ms

Image
image/gif

198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?pid=559960&ev=1&google_gid=CAESECAfVuJZpzolj_IYRss8Fmc&google_cver=1

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-568ff9c7d-bhs64
expires: -1

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?pid=559960&ev=1&google_gid=CAESECAfVuJZpzolj_IYRss8Fmc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 52A5
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8185&uid=CTXX7rlJzs2z
https://sync.search.spotxchange.com/partner?adv_id=8185&uid=CTXX7rlJzs2z&__user_check__=1&sync_id=dfb66231-8b16-11eb-872d-1e588e901b06

43 B
548 B

36ms
36ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=8185&uid=CTXX7rlJzs2z&__user_check__=1&sync_id=dfb66231-8b16-11eb-872d-1e588e901b06
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:52 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 71
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Mon, 22 Mar 2021 13:59:52 GMT
Server: nginx
Location: /partner?adv_id=8185&uid=CTXX7rlJzs2z&__user_check__=1&sync_id=dfb66231-8b16-11eb-872d-1e588e901b06
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 118
Connection: keep-alive
Content-Length: 0

GET
H2 200 /
trc.taboola.com/sg/rtb-pulsepoint-network/1/rtb-h/ Frame 52A5 0
183 B 3745ms
93ms Image
text/plain 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/rtb-pulsepoint-network/1/rtb-h/?taboola_hm=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 69
date: Mon, 22 Mar 2021 13:59:53 GMT
via: 1.1 varnish
server: nginx
x-timer: S1616421594.652249,VS0,VE69
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19161-FRA

GET
H2 200 sync
partners.tremorhub.com/ Frame 52A5 43 B
183 B 275ms
88ms Image
image/gif 2600:1f18:612b:4264:9a95:fbee:2d35:58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?uipp=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:9a95:fbee:2d35:58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 52A5
Redirect Chain

https://red.erne.co/pulsepoint/cm
https://pixel.onaudience.com/?mapped=zGbK8V63p6QjzrW8aAGKWg6H&partner=2&redirect=red.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fbh.contextweb.com%252Fbh%252Frtset%253Fdo%253Dadd%2526pid%253D5609...
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fred.erne.co%252Fct%2...
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fred.erne.co%252...
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=8129521f8a3f2d18ced56a743080b243&redirect=https%3A%2F%2Fred.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fbh.contextweb.com%252Fbh%252Frtse...
https://red.erne.co/ct/cm?red=https%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D560956%26ev%3DzGbK8V63p6QjzrW8aAGKWg6H
https://bh.contextweb.com/bh/rtset?do=add&pid=560956&ev=zGbK8V63p6QjzrW8aAGKWg6H

49 B
704 B

374ms
127ms

Image
image/gif

198.148.27.140
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=560956&ev=zGbK8V63p6QjzrW8aAGKWg6H

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-568ff9c7d-7xqmm
expires: -1

Redirect headers

location: https://bh.contextweb.com/bh/rtset?do=add&pid=560956&ev=zGbK8V63p6QjzrW8aAGKWg6H
date: Mon, 22 Mar 2021 13:59:57 GMT
server: openresty
strict-transport-security: max-age=0; includeSubDomains;
content-type: text/html; charset=UTF-8

GET
H2 200 um
sync.teads.tv/ Frame 52A5 23 B
172 B 1166ms
58ms Image
image/gif 23.210.248.12
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=84&uid=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.12 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-12.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:52 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 22 Mar 2021 13:59:52 GMT
server: akka-http/10.1.9
content-length: 23
content-type: image/gif

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 52A5 43 B
344 B 1492ms
118ms Image
image/gif 52.46.130.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/ecm3?id=CTXX7rlJzs2z&ex=Pulsepoint
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.46.130.13 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:53 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 sync
ads.yieldmo.com/v000/ Frame 52A5 43 B
431 B 153ms
46ms Image
image/gif 54.76.222.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/v000/sync?userid=CTXX7rlJzs2z&pn_id=pp
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.222.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-222-161.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 22 Mar 2021 13:59:52 GMT
content-type: image/gif
content-length: 43
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame 52A5 42 B
775 B 2628ms
34ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Content-Type: image/gif

GET cm.gif
rudy.adsnative.com/ Frame 52A5 0
0

GET rum
dsum.casalemedia.com/ Frame 52A5 0
0

GET
H2 200 user.sync
match.sync.ad.cpe.dotomi.com/w/ Frame 52A5 43 B
156 B 43ms
11ms Image
image/gif 2a02:fa8:8806:12::1460
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sync.ad.cpe.dotomi.com/w/user.sync?ptrid=9&userid=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:12::1460 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:52 GMT
cache-control: no-cache
server: nginx
content-type: image/gif
content-length: 43
expires: 0

GET
H/1.1 200
OK pp.gif
sync.colossusssp.com/ Frame 52A5 42 B
648 B 840ms
112ms Image
image/gif 88.214.193.99
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.colossusssp.com/pp.gif?puid=CTXX7rlJzs2z

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.214.193.99 , United Kingdom, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:53 GMT
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0

GET
H2 204 /
trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/ Frame 52A5 0
179 B 1151ms
91ms Image
text/plain 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/pulsepointrtb-network/1/rtb-h/?taboola_hm=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 67
date: Mon, 22 Mar 2021 13:59:53 GMT
via: 1.1 varnish
server: nginx
x-timer: S1616421594.652225,VS0,VE67
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19161-FRA

GET
H2

200

receive
pixel.tapad.com/idsync/ex/ Frame 52A5
Redirect Chain

https://demand.trafficroots.com/sync.php?buyer=2228&buyeruid=https://demand.trafficroots.com/sync.php?buyer=2228&buyeruid=CTXX7rlJzs2z
https://pixel.tapad.com/idsync/ex/receive?partner_id=3263&partner_device_id=CTXX7rlJzs2z

95 B
596 B

81ms
33ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=3263&partner_device_id=CTXX7rlJzs2z

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:55 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

Redirect headers

Location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3263&partner_device_id=CTXX7rlJzs2z
Date: Mon, 22 Mar 2021 13:59:54 GMT
Server: nginx/1.10.3
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

55660
i6.liadm.com/s/ Frame 52A5
Redirect Chain

https://i.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z
https://i.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z&_li_chk=true&previous_uuid=5db0741161834319bda906836c3d38a5
https://i6.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z

43 B
419 B

274ms
90ms

Image
image/gif

2600:1f18:444a:4602:a911:dd8a:407b:f40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z

Requested by

Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:444a:4602:a911:dd8a:407b:f40 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:54 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/55660?bidder_id=98251&bidder_uuid=CTXX7rlJzs2z
Date: Mon, 22 Mar 2021 13:59:54 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 52A5
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=400&user_id=CTXX7rlJzs2z&expires=30&user_group=[NUMERICAL_VALUE]
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2e4bed9e-dc7e-4707-8c07-c96df592e9b3&gdpr=&gdpr_consent=&gdpr_pd=

0
0

GET
H2 200 dspreply
public-prod-dspcookiematching.dmxleo.com/ Frame 52A5 0
176 B 1085ms
34ms Image
text/plain 34.120.25.144
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=1003&dspUserId=CTXX7rlJzs2z
Requested by: Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.25.144 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 144.25.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bh.contextweb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 3DF3 37 KB
14 KB 74ms
39ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=156212:2; KADUSERCOOKIE=DD5F50ED-6A4E-4089-860A-E1F8FB716145; chkChromeAb67Sec=1; DPSync3=1617580800%3A201_227_226_221; SyncRTB3=1617235200%3A63%7C1617580800%3A81_88_13_55_230_222_21_71_189_176_220_161_204_54_56_7_22_3_8_166_165_78_5%7C1616976000%3A15_67_2_223%7C1618963200%3A203%7C1617667200%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27234
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:50 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1

42 B
855 B

7326ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug007:0:409
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECLXzpA8ONNRIrsK6WKXP7w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 0E7E 43 B
409 B 68ms
27ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 21 Mar 2021 13:59:50 GMT

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b71ca6c6-056d-4610-acee-48bc5971a7d3

0
0

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 50B9
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790

42 B
769 B

44ms
30ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KRTBCOOKIE_153=1923-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&19420-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&22979-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s; PUBMDCID=3; KRTBCOOKIE_57=22776-8302895149037461874; KRTBCOOKIE_409=22966-dwBrwYCiyhzRmEBvV67bWg6H&KRTB&23212-dwBrwYCiyhzRmEBvV67bWg6H; KRTBCOOKIE_80=16514-CAESECLXzpA8ONNRIrsK6WKXP7w&KRTB&22987-CAESECLXzpA8ONNRIrsK6WKXP7w&KRTB&23025-CAESECLXzpA8ONNRIrsK6WKXP7w; PugT=1616421596; KRTBCOOKIE_699=22727-AAD33E7AsUYAABHSRg1mVw; KRTBCOOKIE_188=3189-613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348; KADUSERCOOKIE=B8EA40A3-794C-413A-A9B9-38671109C60C; SPugT=1616421597
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:57 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_336=5844-8706888896705067790; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:57 GMT; path=/ PugT=1616421597; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:57 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 20-Jun-2021 13:59:57 GMT; path=/
X-lat: amspug009:0:346
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8706888896705067790
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 9FFC 43 B
284 B 1016ms
43ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Mon, 22 Mar 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1148
date: Mon, 22 Mar 2021 13:59:50 GMT
content-length: 43

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2498908320531930185

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:81e26058-a2d5-4900-9437-5d8ef3ac3130&gdpr=0&gdpr_consent=

0
0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=

42 B
769 B

7351ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug016:0:377
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.235:80
AN-X-Request-Uuid: da656beb-0fc2-4a5e-8905-b608a88e6901
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8302895149037461874&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=51abd0a1-58c8-43c7-b690-3ab72b1839ab&ssp=pubmatic&user_group=1
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2e4bed9e-dc7e-4707-8c07-c96df592e9b3&gdpr=&gdpr_consent=&gdpr_pd=

0
0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s

42 B
894 B

7336ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug008:0:409
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s
pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame CC91
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDT3ZrN0FzVVlBQUJCTkwwQVJxUQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAD33E7AsUYAABHSRg1mVw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAD33E7AsUYAABHSRg1mVw&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir

43 B
181 B

159ms
41ms

Document
image/gif

185.86.137.131
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Host: rtb-csync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif
transfer-encoding: chunked
x-smrt-reason: 5

Redirect headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
location: https://rtb-csync.smartadserver.com/redir
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame 0E7E
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...

85 B
160 B

34ms
34ms

Image
image/png

151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YFii3QAAAEvxkzoG
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.3.8.v20160314) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:57 GMT
via: 1.1 varnish
server: Jetty(9.3.8.v20160314)
age: 295
x-served-by: cache-fra19131-FRA
x-cache: HIT
content-type: image/png
cache-control: no-cache
accept-ranges: bytes
x-timer: S1616421597.356760,VS0,VE0
content-length: 85
x-cache-hits: 1386

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:57 GMT
via: 1.1 varnish
server: Jetty(9.3.8.v20160314)
x-timer: S1616421597.224668,VS0,VE95
x-served-by: cache-fra19131-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YFii3QAAAEvxkzoG
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2819760768618582509&gdpr=0&gdpr_consent=&us_privacy=

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 3506
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865620600983

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:57e27f52-318c-467a-867e-9beebfec02ac&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

0
0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=

42 B
800 B

7247ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug016:0:454
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8302895149037461874

0
0

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 68ED
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H

42 B
811 B

64ms
30ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KRTBCOOKIE_153=1923-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&19420-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s&KRTB&22979-6nSiAr128w_xIPQO7Ca6Cexyr17xfK8KuSHdpX2s; PugT=1616421596; PUBMDCID=3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:55 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_409=22966-dwBrwYCiyhzRmEBvV67bWg6H&KRTB&23212-dwBrwYCiyhzRmEBvV67bWg6H; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:55 GMT; path=/ PugT=1616421595; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 21-Apr-2021 13:59:55 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sun, 20-Jun-2021 13:59:55 GMT; path=/
X-lat: amspug002:0:407
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

server: openresty
date: Mon, 22 Mar 2021 13:59:57 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=dwBrwYCiyhzRmEBvV67bWg6H; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=dwBrwYCiyhzRmEBvV67bWg6H
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 93D9 43 B
408 B 71ms
33ms Document
image/gif 72.251.241.206
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.206 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-4
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_2e235821-b706-402b-b0b2-6aeaba7f2b6d

0
0

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 2CF1
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
423 B

166ms
166ms

Document
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ANON_ID=aNnoeUyg6AqrA7uaRUy2BfvFQBSS2wVrvcjjiONQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif; charset=utf-8
content-length: 43
set-cookie: __cfduid=dc83d4b516059db0493836f397580f5521616421590; expires=Wed, 21-Apr-21 13:59:50 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=a6nseFMZaAC6pqGpS71crHCQFQZcZbK9YBkyBHsbo0FYqS5FZcUfZcQTHjGtKefZboscH1IQx62vTIGiRNQqyh8iZdR; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT; SameSite=None; Secure; ANON_ID_old=a6nseFMZaAC6pqGpS71crHCQFQZcZbK9YBkyBHsbo0FYqS5FZcUfZcQTHjGtKefZboscH1IQx62vTIGiRNQqyh8iZdR; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
cf-request-id: 08fbd52cec000005b75db9c000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 633ff15b0a0305b7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: text/html
set-cookie: __cfduid=dc83d4b516059db0493836f397580f5521616421590; expires=Wed, 21-Apr-21 13:59:50 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=aNnoeUyg6AqrA7uaRUy2BfvFQBSS2wVrvcjjiONQ; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT; SameSite=None; Secure; ANON_ID_old=aNnoeUyg6AqrA7uaRUy2BfvFQBSS2wVrvcjjiONQ; path=/; domain=.tribalfusion.com; expires=Sun, 20-Jun-2021 13:59:50 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 506
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
cf-request-id: 08fbd52c34000005b740935000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 633ff159e85f05b7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 dpe Show response
ad4m.at/ad/ Frame 7585 42 B
143 B 39ms
16ms Document
image/gif 2606:4700:3039::6815:c00b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c00b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-type: image/gif
content-length: 42
set-cookie: __cfduid=d9f1c8e3fc93c798d538f6b79520f978a1616421590; expires=Wed, 21-Apr-21 13:59:50 GMT; path=/; domain=.ad4m.at; HttpOnly; SameSite=Lax; Secure
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-0h5f
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 08fbd52c3600004e9ed41eb000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 633ff159fd034e9e-FRA

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 6877
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%%
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219

0
0

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame E316
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
52 B

36ms
34ms

Document
text/plain

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=99614100&p=156212&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Mon, 22 Mar 2021 13:59:53 GMT
via: 1.1 varnish
x-served-by: cache-fra19161-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1616421594.742483,VS0,VE9
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859;Version=1;Path=/;Domain=.taboola.com;Expires=Tue, 22-Mar-2022 13:59:53 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=33580de6-f8d2-4d7e-8630-bfe6b90a0151-tuct7522859&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Mon, 22 Mar 2021 13:59:53 GMT
via: 1.1 varnish
x-served-by: cache-fra19161-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1616421594.652072,VS0,VE61
x-vcl-time-ms: 61
content-length: 0

GET Pug
simage2.pubmatic.com/AdServer/ Frame CDFD 0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame E1BF
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:60aCtMlp1Lol605&gdpr=0&gdpr_consent=

0
0

GET
H/1.1 200
OK Cookie set merge Show response
ce.lijit.com/ Frame 0D92 43 B
2 KB 41ms
35ms Document
image/gif 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=71&3pid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: _ljtrtb_1=7049653180921765701; ljtrtbexp=eJxlkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLszBBqL8imWIvu3eJ0cHE7Z1ceSjRnKfGPEZJ2YPNmJQGECxxtIErrf4cPuzo9SUynIZChZ0LIM2IHBL%2BiHRvLMh4Xl5pw7KeQZ5FnD1WDeC284G%2F0vu%2F1WHQ%3D%3D; ljt_reader=dd217c0945da0e59fb89a2ac; _ljtrtb_2=50165B84EC384071BD49338A6E72D25D; _ljtrtb_87=44072faf-417f-4f38-8eeb-a24ad10edff3; _ljtrtb_76=6636b465-ec0c-01ed-3e99-60558f168bd2; _ljtrtb_10=1875819618363947518; ljtrtb=eJwNyrkNwzAQBdFeGJvAfu5JZ9ZRiCSSTRju3ZtM8uZbUN7FSbopI6g3uKkTyqu0FCWYbiHnziHk2A7pzPGx09vR9MgtPD9JbOtaVeCZxVFjzrteTa4BmmMtzheUL8I10A3Bxl1cEUluSWZst5jW%2BdBTCXNUnr1XI9VYsLhHK78%2FGAMpGw%3D%3D; _ljtrtb_5001=8129521f8a3f2d18ced56a743080b243; _ljtrtb_49=q8c5TvaauFje; _ljtrtb_43=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:51 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_49=q8c5TvaauFje;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_5001=8129521f8a3f2d18ced56a743080b243;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_2=50165B84EC384071BD49338A6E72D25D;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_1=7049653180921765701;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_87=44072faf-417f-4f38-8eeb-a24ad10edff3;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_76=6636b465-ec0c-01ed-3e99-60558f168bd2;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_10=1875819618363947518;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_43=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None ljtrtb=eJwVzE9LAzEQBfDvsmcDM5k%2FmXiz3bUUVAQFbS%2BS3SS1heJW0Yv43c1e5vDeb95vh911F4CjCqFB9BhUAmB31fnWCKDKynhYkzEEXPUciexGh%2BB7L31jArBsGPooHqslqj6jTSWLpsAEBqNnapJjcxeb5Pknpe%2FbU2mZhZZxm%2FY1VccY2qlkzkoZXfKcMkLJtS7%2FCM2iBTGMikZKkYOgLdPUqulj%2FjoeX7aPuzzT6bLJD%2B9weH263%2BX9fDhv1tv8dv68w6H5oM2rko6s4soEkwMs2VGJ0SmIWEW1Mfvu7x%2Fwk0g2;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:51 GMT;Max-Age=31536000;Secure;SameSite=None _ljtrtb_71=DD5F50ED-6A4E-4089-860A-E1F8FB716145;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:51 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=dd217c0945da0e59fb89a2ac;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ljtrtbexp=eJxlkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLszBBqL8imWIvu3eJ0cHE7Z1ceSjRnKfGPEZJ2YPNmJQGECxxtIErrf4cPuzo9SUynIZChZ0LIM2IHBL%2BiHRvLMh4Xl5pw7KeQZ5FnD1WDeC284G%2F0vu%2F1WHQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:51 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap5ams1

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0E7E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3V9Q7WpOQImGCuH4-3FhRQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

30ms
27ms

Image
text/html

184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=135873
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Wed, 24 Mar 2021 03:44:23 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 0E7E 95 B
386 B 25ms
24ms Image
image/png 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 633ff187ea694dfa-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 08fbd548ed00004dfa88b03000000001

GET info
uipglob.semasio.net/pubmatic/1/ Frame 0E7E 0
0

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&addseg=31

7 B
147 B

92ms
31ms

Image
text/plain

185.64.189.249
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&addseg=31
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.189.249 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:57 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Mon, 22 Mar 2021 13:59:57 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&addseg=31
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REQ1RjUwRUQtNkE0RS00MDg5LTg2MEEtRTFGOEZCNzE2MTQ1&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
505 B

7381ms
30ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
X-lat: amspug019:0:318
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 DD5F50ED-6A4E-4089-860A-E1F8FB716145
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 0E7E 43 B
192 B 41ms
32ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/DD5F50ED-6A4E-4089-860A-E1F8FB716145?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame 0E7E
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zALNjVVE2uUvf47vCJ3A3tPb6L8mswg-~A&gdpr=0&gdpr_consent=

0
418 B

34ms
34ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zALNjVVE2uUvf47vCJ3A3tPb6L8mswg-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:57 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 22 Mar 2021 13:59:57 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-zALNjVVE2uUvf47vCJ3A3tPb6L8mswg-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 0E7E 0
103 B 12ms
12ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=DD5F50ED-6A4E-4089-860A-E1F8FB716145&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:57 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
777 B 43ms
29ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 356 B
211 B 357ms
356ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=786277778197703&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C180x150%7C234x60%7C300x1050%7C300x250%7C250x250%7C200x200%7C125x125%7C300x600%7C120x600%7C120x240&fluid=height&ris=1&rcs=2&prev_scp=iid7%3D685266%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1143%26sap%3D1143%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dexcel_malin_com-large-billboard-2-685266%26eb_br%3D90c3c48d0172916d27c102ea4aa9d49c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D4%26bvr%3D5%26shp%3D2%26ftsn%3D3%26br1%3D300%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26hb_bidder%3Dpubmatic%26hb_adid%3D49a8e4cb079f1fb%26hb_pb%3D0.03%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D500%26reqt%3D1616421590368&eri=1&cookie=ID%3D276304f4f6d4614c%3AT%3D1616421589%3AS%3DALNI_MbVnnHSt1_qEGE7RdIvX2aBOuH1YA&bc=31&abxe=1&lmt=1616421590&dt=1616421590372&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2572&adks=4002535631&ucis=b&ifi=11&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

9b8c008dfbfa4016ee8fdb2e952accba56cc6016d9cba40b57d885364787560d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 352 B
189 B 352ms
351ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=2552796496342661&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid8%3D725166%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1100%26sap%3D1100%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-2-725166%26eb_br%3D39abb99448d54704c4afa42efe76e15d%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D3%26bvr%3D2%26shp%3D1%26ftsn%3D3%26br1%3D1100%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%252C14%252C28%252C4%252C51%252C0%252C88%252C0%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D1500%26reqt%3D1616421590384&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421590&dt=1616421590386&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1104&adks=1944177510&ucis=c&ifi=12&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

a0581f9c5f34fa09c169e3309ab93b6427808ee581bee7b0d5fa92bbc366fcc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 155
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 1F72 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://excel-malin.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Mon, 22 Mar 2021 13:59:46 GMT
expires: Tue, 22 Mar 2022 13:59:46 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 4
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 37ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980824644616"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28204
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
65 B 25ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQ4MzEifV19XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:50 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEwMTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxMDE2NiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjVmMmI5NGJiMjZhNWFhOWIxYTAwZTY2ZDMwY2ZkNWVjIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTAxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwNSwiYWRfcG9zaXRpb24iOjExMzMsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwNSwiYmlkX2Zsb29yX3ByZXYiOjAuMDA2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEwMTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgyMDg2MTEwOTUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxMDE2NiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:50 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
93 B 85ms
27ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/porpoiseant/banger.js?cb=194-2&bv=13&v=46&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 25ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEwMTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wMy0yMiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjEifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:50 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 25ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzEwMTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhdWN0aW9uX2Vwb2NoIjoxNjE2NDIxNTkwLCJhZF9wb3NpdGlvbiI6MTEzMywiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImJpZF9mbG9vcl9pbml0aWFsIjo2MDAsImJpZF9mbG9vcl9wcmV2Ijo2MDAsImJpZF9mbG9vcl9maWxsZWQiOjUwMCwiYXVjdGlvbl9jb3VudCI6MiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDk5LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:50 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 5 KB
3 KB 403ms
403ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=4028725519796039&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C125x125&fluid=height&ris=1&rcs=2&prev_scp=iid8%3D721116%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1135%26sap%3D1135%26a%3D%257C124%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D3%26at%3Dbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dexcel_malin_com-box-1-721116%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D0%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%252C14%252C28%252C4%252C51%252C0%252C88%252C0%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26hb_bidder%3Dpubmatic%26hb_adid%3D500eb6245ca2c66%26hb_pb%3D0.04%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D1000%26reqt%3D1616421590411%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421590&dt=1616421590413&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=790&adks=2931237426&ucis=d&ifi=13&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

d8b19fb12b0ecac91095a1f6eb4dbc7d53d0d700f2d94244a6443a3080826f18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2520
x-xss-protection: 0
google-lineitem-id: 89932634
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 111357690914
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 353 B
192 B 382ms
382ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=106483592586381&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D1000%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D1300%26reqt%3D1616421590416&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421590&dt=1616421590417&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=4875&adks=2801874487&ucis=e&ifi=14&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=6

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

58a9747af0a9fbaa03e40bbb3fa35a8d68fccd1a4783a0077df720d1b4f48cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0C18 478 B
408 B 20ms
19ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJKH9ZkBMAE&v=APEucNX1YPtCvzT6vdIfWGQSnf2msucjiAN_LeX7oGJdVEaVwF7yCrjYMy4cox9RSywrtmHFXiy_IbaWuv2eutJwdYFNDEMrAg

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLS7QxDXu7cBGJKH9ZkBMAE&v=APEucNX1YPtCvzT6vdIfWGQSnf2msucjiAN_LeX7oGJdVEaVwF7yCrjYMy4cox9RSywrtmHFXiy_IbaWuv2eutJwdYFNDEMrAg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlae2YtFf4_b0x9_eLw9frdrYcg6DQG-vMn7ivjhVvnZl6lHHUWxDbDC-Bn71c; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 22 Mar 2021 13:59:50 GMT
server: cafe
cache-control: private
content-length: 230
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1F72 55 KB
22 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DSjnVATLY7wUm9ulSTrCRIKgvdkutRv_Au7U7J_bK9BM2UfKNESWElgj3lxZx-EZg7rPkFyuTO9-gk3bLOj7uco8I1faFxdz1WHY_JwMwtA9BX7lBkb1mGl3sHYVaIspWWWTwaLSxH5w4QOsQm840JPhf86Q&dbm_d=AKAmf-AvMKpQqmHTBXh97fArUQdI9FA5NMqoAUbNa87EAAugdYzRJJAQA0mRO_yzg3HNP-pmoSGLV-xM5gTOVCWO2vGITJrAbH-gKaD8OpVACSRagx8fPm4_FeaMiW-Ijk4vqOPE-ljFPZUfbEd5gLjigvyLBnm2k1FSCFwMzyfJj9N26aJC56zQQPQwdK5QixN7jrDyZtCIojLgXQlWuokmLxI0OWk9qEa8z5OK0a8CYfbLmyi1ilNnjm8r_c2SJph7eWVycoQaXf6ptBNW_wgLnYWst53kNAaK2ENDzOVDxt9gqdutyiMZY8cS1NVi3xYPDWeREO95caAA5gZwjq5tLe96rQTBqCzammQ12mWgiasfdfzuCPksusmYcgYZHARAdxytGVsf_p4XfWFW47pFoKPloIVGnFDVpF_OyHG0OxezMvRpz0FVAb8guAImtl004SpxbrToSRUV27ZN0T-gbbNOJfyTTTNVPvFM0hqvl_96AjSvSNAF1gUqMlotgjZRokFzmgJxkRnsE3RaCO9e8p4EfMBFh-tWW46lw7oJCPYQHX94drgYJZSBGeLURMzKmuMkEzfojUJsI0pULKdaomM6eCueXJcVuNDM5xzkJZ2-KwVzWSleEAc4u3VQ7p7H4ew5HY5852-zHXhgpHDgaFAi9Q4-MtY_MsL6M3xdRYv3AfinECpKRpjNWbD46YbTn2KQKuNFFSSCP4bIVIXM0MyqPBEP2Vr0DH2XU7bemxIjT8wrW5_gR6ULFqxOQZG3YUVmVt_GXwV2k-0KFjSPJN2-FgU8YjD3zcXmMcEhPDtYFuTw357svzQdr-yGqFHpy_v5FJKKfkCZ1ZXegEdcjAB9i97xLpQ9GgOY8Gaf0ofXBpllbELsxi2y5aLyPVtuHduh813tPszkTGHqZiHk0atxXLQ2WJAYXn-gcOlbzEf2ZWCV9i2ZYbHgS3617uZWuq7ppSm5ikcoJeziLo1fFKYVj5TWXkeX2WkfegbPu4wLl1kTzy9s_L6myn6-1_DjvTpjFITF8c8F-RGINAkTNFRlh7a4aPq0b28Jn9qkXAIhzCs5jSbbRET6FHIqYt4xxSqOBtyI-6WYVpNcL995PKbTzJpSPn4Yat4IHSlLbYFJTkreQ_gMv6ROqTf7D1_BDAFz18Upb-Gmgx7Oej5pCI5Qp5_hYGlCQ6NBgTMtuW9T7-W5NayNlV9tBqxe98PHN5GH1-ZF86a34FNTM8ZhW0nVmVLz0UBG1vY-bujEJcn-aEEJg6KocABybuhyNHS9b3CEcvS_MRsY8lqrx3ztdWSGW7yJx_tg4is40cq-9f23PSDN4xZRBQF_VML_cBrb5ujHM9ucQ74FOvQxYkAwgi6W5ZcsXQaP7w5fAszk-tAc9O_wderDqtScM58TdklnClnD0zWUXvVA8DjgoV_zpGUJAJfmtWgkx1g3_e3XnwpNMI-sir6CZNOAoDJICtC585UvhN7-7XEE5NFMVYoY8LIX7C5JhbLJAlQ0-5BHb1V540SCc_svRg8igjigaez0DDTlsbjGrYlYYTXkoOteygIg7D3g4eNqLI8HY409F_Nq2I3nP3QIvvfB6FJ5UwJUir73vSqeLfP8fkGWmtDIWZZhvC9zQMlKGUW_Jt3_hR8bjdG-JNlDefDIbtvmAGeGDM6cQmYqIJ41JuPONznMWNVmxmNh94rJTP5T8jvsRsrU8ME5Ov75plOrthNtxxt0eXol_OkeiASLpHNJtRTw5HtDQQL2GHa1SiBRAkvdAio5Ce-UGBUjwBr_t_XadHRNnphxSyyYWoOQYdVz-59SMm6c4FjQuhjJ09jlBbymjQRen5oHH2_qOFUxGiUSmUJz09p-Fx9eXW6VxetMZ_pYxqjMJ9Mqv0hq8rVGd-GScRwh-6hVop5qiNv9GT-VsGbaCfUUC3zyi3ThZ18ep3iWEYLFehXiMiB4DnDIDtUMNsAkjeIAyTZ4VVZUFlvxbrXtubSPqryOiEROSKmzAumy-7uslljgivzwMwKfCb52DBEmYExe4zlsTrWhXwRBRUfzXbD5SivoJAt0TFNvPaoq7OVwuUbZXI6Kzqt-0T-UIEl9aUzcXCgFNoPNVmfFnn-JyAOCR0Ru1yg_PhHPmuAyREZXKgtRxFJ3YQViSKLszS4RDeH6NR61B34RjxPrQqMhrMUaETLp40nhpia4_rR4YYnTLLHuVqe7aeSsUdNvAsIJ0QgHoUjdD0guYImxQzYRtUuQE4_AR9JKaOnyWFi3AXrKKR1FNkmh8R8RdCFAM4IWoAJku4Skk6KkxVG88W3Zlf9fwlw4dgBI_oWy-1gLYbY8hlOMMvol83LFITKovQ_DYLSivl2neGwOkXcJ6Fu6iHf31EtKJoSZuGdCeFtJZ8bKT-m10TcQ8U2SJIiqd0kvN7-sRX6e01Z2a-p1AHRPC9xXNmODe89CKes9ZGHXFaZ2UDyy670cesxYeU2_H8G4CwYGlza_XvKZSNX0ZAjl5BIcLebemTKbswz0DBu-l9_K_WWY9PQGwl7U6UwbQP2RrPmDkoRNQLJJS5agu0xBj68rYDsG7eh0PmwE3bOI1Dfz7dQBVS1Ur7kxqUTkByUgPyQrImJeF0DTkc5j0guIZ_oWfcHKYdbB9JLM4qaCTx8cYpKbo6EuUB2vGTAzSWlcce5R_yUYi7UKSq7U7a-XwTHgdkI53A5Sehgb4dMqTxlaAPKQFtAsFZINUeQsbpIDbhX8f4IhXTMpEnqMlf_60N_wIzpXp3whisqYywMBqfD01ug1v2uAeXeUgtbK24vsvyNQeTvqfjge1mp1KaWhCossPFjlYMEnME7xb6Y9hrPMtOM8-Pr-JesqoKlWVyIv2m6hCNclDJ4inbo_wBdeGE14Al6RaNWGq7zYbA1bSpD9obr3zAbonvigGvHhoMGOKE7_4PP2POs5CNEOxU8mLm41OdQ9suugBw4MDWIXOdaIGGKajCGbxf-YkMirhTDMs5A25zbD0EKYNrOcEneBEwoYfU4pMaYYit_38pJV147tVOgguZmIpmq6V4mWQgNsSGXRv_-p_-7-XIvFYeQV_Xmj__OetE8WOOJFRLJoLPcPc9uKQ49OH5RYXIZEjsrw08iGcbfCIXYhWf-BdlOVjIqWWxnqHa1PHUrIxXNzpFe-ctFDngfCvNeGNvI9RqLrPP0muNc&cid=CAASEuRoINHXYzSyFZlNNKzdE9whIg&rfl=1%2Chttps%253A%252F%252Fexcel-malin.com%252F%240

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f6a815ee3aaa7e858456f2b460131d0a63d1f97a15782f1663100d612ad299b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22516
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1F72 42 B
498 B 60ms
40ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CNCs2V-9o6lMtaZi_SxmDIoWJfYzlTV7b7HXVOwoySqu5C2uBW7X8YIWYWCwwtXj7UQjmOz6EYfMMQGyG4U8hdtheiFFTsm76cw1t5X6igMPm1J9g

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 1F72 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Apr 2021 13:58:51 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F72 117 KB
36 KB 42ms
28ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 1F72 13 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Apr 2021 13:57:18 GMT

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame 0C18 170 B
190 B 34ms
34ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJKH9ZkBMAE&v=APEucNX1YPtCvzT6vdIfWGQSnf2msucjiAN_LeX7oGJdVEaVwF7yCrjYMy4cox9RSywrtmHFXiy_IbaWuv2eutJwdYFNDEMrAg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0C18
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&C=1

43 B
1014 B

89ms
50ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJKH9ZkBMAE&v=APEucNX1YPtCvzT6vdIfWGQSnf2msucjiAN_LeX7oGJdVEaVwF7yCrjYMy4cox9RSywrtmHFXiy_IbaWuv2eutJwdYFNDEMrAg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 22 Mar 2021 13:59:50 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0C18
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YFii1mL.OFNj-PO9LOX5CwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2

43 B
894 B

34ms
34ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLS7QxDXu7cBGJKH9ZkBMAE&v=APEucNX1YPtCvzT6vdIfWGQSnf2msucjiAN_LeX7oGJdVEaVwF7yCrjYMy4cox9RSywrtmHFXiy_IbaWuv2eutJwdYFNDEMrAg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 22 Mar 2021 13:59:50 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM8xVdQCVg4gXFjU8nyb9TM&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 1F72 176 KB
61 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 14:56:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82977
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62241
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:47 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Mar 2021 14:56:53 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/ Frame 1F72 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DSjnVATLY7wUm9ulSTrCRIKgvdkutRv_Au7U7J_bK9BM2UfKNESWElgj3lxZx-EZg7rPkFyuTO9-gk3bLOj7uco8I1faFxdz1WHY_JwMwtA9BX7lBkb1mGl3sHYVaIspWWWTwaLSxH5w4QOsQm840JPhf86Q&dbm_d=AKAmf-AvMKpQqmHTBXh97fArUQdI9FA5NMqoAUbNa87EAAugdYzRJJAQA0mRO_yzg3HNP-pmoSGLV-xM5gTOVCWO2vGITJrAbH-gKaD8OpVACSRagx8fPm4_FeaMiW-Ijk4vqOPE-ljFPZUfbEd5gLjigvyLBnm2k1FSCFwMzyfJj9N26aJC56zQQPQwdK5QixN7jrDyZtCIojLgXQlWuokmLxI0OWk9qEa8z5OK0a8CYfbLmyi1ilNnjm8r_c2SJph7eWVycoQaXf6ptBNW_wgLnYWst53kNAaK2ENDzOVDxt9gqdutyiMZY8cS1NVi3xYPDWeREO95caAA5gZwjq5tLe96rQTBqCzammQ12mWgiasfdfzuCPksusmYcgYZHARAdxytGVsf_p4XfWFW47pFoKPloIVGnFDVpF_OyHG0OxezMvRpz0FVAb8guAImtl004SpxbrToSRUV27ZN0T-gbbNOJfyTTTNVPvFM0hqvl_96AjSvSNAF1gUqMlotgjZRokFzmgJxkRnsE3RaCO9e8p4EfMBFh-tWW46lw7oJCPYQHX94drgYJZSBGeLURMzKmuMkEzfojUJsI0pULKdaomM6eCueXJcVuNDM5xzkJZ2-KwVzWSleEAc4u3VQ7p7H4ew5HY5852-zHXhgpHDgaFAi9Q4-MtY_MsL6M3xdRYv3AfinECpKRpjNWbD46YbTn2KQKuNFFSSCP4bIVIXM0MyqPBEP2Vr0DH2XU7bemxIjT8wrW5_gR6ULFqxOQZG3YUVmVt_GXwV2k-0KFjSPJN2-FgU8YjD3zcXmMcEhPDtYFuTw357svzQdr-yGqFHpy_v5FJKKfkCZ1ZXegEdcjAB9i97xLpQ9GgOY8Gaf0ofXBpllbELsxi2y5aLyPVtuHduh813tPszkTGHqZiHk0atxXLQ2WJAYXn-gcOlbzEf2ZWCV9i2ZYbHgS3617uZWuq7ppSm5ikcoJeziLo1fFKYVj5TWXkeX2WkfegbPu4wLl1kTzy9s_L6myn6-1_DjvTpjFITF8c8F-RGINAkTNFRlh7a4aPq0b28Jn9qkXAIhzCs5jSbbRET6FHIqYt4xxSqOBtyI-6WYVpNcL995PKbTzJpSPn4Yat4IHSlLbYFJTkreQ_gMv6ROqTf7D1_BDAFz18Upb-Gmgx7Oej5pCI5Qp5_hYGlCQ6NBgTMtuW9T7-W5NayNlV9tBqxe98PHN5GH1-ZF86a34FNTM8ZhW0nVmVLz0UBG1vY-bujEJcn-aEEJg6KocABybuhyNHS9b3CEcvS_MRsY8lqrx3ztdWSGW7yJx_tg4is40cq-9f23PSDN4xZRBQF_VML_cBrb5ujHM9ucQ74FOvQxYkAwgi6W5ZcsXQaP7w5fAszk-tAc9O_wderDqtScM58TdklnClnD0zWUXvVA8DjgoV_zpGUJAJfmtWgkx1g3_e3XnwpNMI-sir6CZNOAoDJICtC585UvhN7-7XEE5NFMVYoY8LIX7C5JhbLJAlQ0-5BHb1V540SCc_svRg8igjigaez0DDTlsbjGrYlYYTXkoOteygIg7D3g4eNqLI8HY409F_Nq2I3nP3QIvvfB6FJ5UwJUir73vSqeLfP8fkGWmtDIWZZhvC9zQMlKGUW_Jt3_hR8bjdG-JNlDefDIbtvmAGeGDM6cQmYqIJ41JuPONznMWNVmxmNh94rJTP5T8jvsRsrU8ME5Ov75plOrthNtxxt0eXol_OkeiASLpHNJtRTw5HtDQQL2GHa1SiBRAkvdAio5Ce-UGBUjwBr_t_XadHRNnphxSyyYWoOQYdVz-59SMm6c4FjQuhjJ09jlBbymjQRen5oHH2_qOFUxGiUSmUJz09p-Fx9eXW6VxetMZ_pYxqjMJ9Mqv0hq8rVGd-GScRwh-6hVop5qiNv9GT-VsGbaCfUUC3zyi3ThZ18ep3iWEYLFehXiMiB4DnDIDtUMNsAkjeIAyTZ4VVZUFlvxbrXtubSPqryOiEROSKmzAumy-7uslljgivzwMwKfCb52DBEmYExe4zlsTrWhXwRBRUfzXbD5SivoJAt0TFNvPaoq7OVwuUbZXI6Kzqt-0T-UIEl9aUzcXCgFNoPNVmfFnn-JyAOCR0Ru1yg_PhHPmuAyREZXKgtRxFJ3YQViSKLszS4RDeH6NR61B34RjxPrQqMhrMUaETLp40nhpia4_rR4YYnTLLHuVqe7aeSsUdNvAsIJ0QgHoUjdD0guYImxQzYRtUuQE4_AR9JKaOnyWFi3AXrKKR1FNkmh8R8RdCFAM4IWoAJku4Skk6KkxVG88W3Zlf9fwlw4dgBI_oWy-1gLYbY8hlOMMvol83LFITKovQ_DYLSivl2neGwOkXcJ6Fu6iHf31EtKJoSZuGdCeFtJZ8bKT-m10TcQ8U2SJIiqd0kvN7-sRX6e01Z2a-p1AHRPC9xXNmODe89CKes9ZGHXFaZ2UDyy670cesxYeU2_H8G4CwYGlza_XvKZSNX0ZAjl5BIcLebemTKbswz0DBu-l9_K_WWY9PQGwl7U6UwbQP2RrPmDkoRNQLJJS5agu0xBj68rYDsG7eh0PmwE3bOI1Dfz7dQBVS1Ur7kxqUTkByUgPyQrImJeF0DTkc5j0guIZ_oWfcHKYdbB9JLM4qaCTx8cYpKbo6EuUB2vGTAzSWlcce5R_yUYi7UKSq7U7a-XwTHgdkI53A5Sehgb4dMqTxlaAPKQFtAsFZINUeQsbpIDbhX8f4IhXTMpEnqMlf_60N_wIzpXp3whisqYywMBqfD01ug1v2uAeXeUgtbK24vsvyNQeTvqfjge1mp1KaWhCossPFjlYMEnME7xb6Y9hrPMtOM8-Pr-JesqoKlWVyIv2m6hCNclDJ4inbo_wBdeGE14Al6RaNWGq7zYbA1bSpD9obr3zAbonvigGvHhoMGOKE7_4PP2POs5CNEOxU8mLm41OdQ9suugBw4MDWIXOdaIGGKajCGbxf-YkMirhTDMs5A25zbD0EKYNrOcEneBEwoYfU4pMaYYit_38pJV147tVOgguZmIpmq6V4mWQgNsSGXRv_-p_-7-XIvFYeQV_Xmj__OetE8WOOJFRLJoLPcPc9uKQ49OH5RYXIZEjsrw08iGcbfCIXYhWf-BdlOVjIqWWxnqHa1PHUrIxXNzpFe-ctFDngfCvNeGNvI9RqLrPP0muNc&cid=CAASEuRoINHXYzSyFZlNNKzdE9whIg&rfl=1%2Chttps%253A%252F%252Fexcel-malin.com%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:53:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 377
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Apr 2021 13:53:33 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/ Frame 1F72 21 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210316/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:57:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8471
x-xss-protection: 0
server: cafe
etag: 753583566593306265
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Apr 2021 13:57:50 GMT

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1F72 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 19:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 154172
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Mar 2022 19:10:18 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E7A6 1 KB
858 B 6ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Mar 2021 03:14:09 GMT
expires: Tue, 23 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 38741
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1F72 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5598c70d71a8481db535a878e52d9ba74b892939154ac24d1da493d843ce3810

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 63BA 0
749 B 36ms
35ms Script
text/html 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.155:80
AN-X-Request-Uuid: 02505c75-1f52-43d8-9a94-a011b1d9b9ff
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 41FE 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sat, 20 Mar 2021 19:10:20 GMT
expires: Sun, 20 Mar 2022 19:10:20 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 154170
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7E49 0
748 B 58ms
58ms Script
text/html 185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:50 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.48:80
AN-X-Request-Uuid: 51a7c112-d97e-4cbc-a956-718775671b9f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/ Frame C33E 21 KB
6 KB 49ms
35ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_271.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c61b588e93535e01578deb67b69452d3e40d7c9fd713a01654411013d445589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6018
date: Mon, 22 Mar 2021 13:59:50 GMT
expires: Tue, 23 Mar 2021 13:59:50 GMT
cache-control: public, max-age=86400
last-modified: Sat, 13 Feb 2021 11:32:54 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1F72 0
575 B 125ms
69ms Other
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsun89qXeaEQ3JD8YWfycEtrfbciw8IOSNOWTAuPgg7rEsZuNhsMmyAF9yP8HmkkoNPegbSSvQiZ3MN79y8fvr7Nh8cfm9pq0KDGYRD7fK7ym39N1NLAaxDhPa6DDW8VI0Izw-GQXcbHWNJ3qdpuFDLv7yE0hd1FL_hx-EozviR6EJTGKJpmwg6VXlgsBZSjl2bcv-zyke3uPo2-ty287D0AYMgGgShVM3j0Ba4RQVI-gvkkkX2sV5frlsHGBQHjWAbLo9ExNgYQbubhxLMbMpezeyTMZCdPibI0iEailXepj_i07-4SxmXj5DZwsGpdyhoAzB0FtNVRb1xqVQuIoyxi-dxzSZXnFB9_xBGzib86TMKtqP4kwNv_lMaer1r_W8oeGLPBQvSigJ8DyJ6-Yj7qZTncWi8O9pSWujloOyA87lKF6R6nACbr6yBHPDwoTqJsZxU-YtbCSKVnRrwAKtS8GykbFMj2AakQteD1giDUU-SlnOvB3WGtMzlAR_VrX_b1xSCqKqIvlVd_lCyX129e71K71WNI6e6VE1fzDaDOFFDIxdbECvcZ24Y9PzvAU6oHsmzEeaEQ2FEI5Yu9rdOq_8UDZfs_G_Wf_xltZ9YOtyQZoqhwZw35bJJNBRZGl47FrsJ3mY-GdtbkGyBcI4jx3oBmd5x8ca9SJ0Zq6M28jzPqmhY4BudoBR7zGGzsb-FXtbviY5mkOpNjtxwm8E12GXBn1mysMvEhWDmSb3YuwWuYrutMIpckNp3g9Pn5S0lQ002dxUqH6_iYSK90sHtKYXap0Iw28wt170hg_AxCZh_wo7dCKGuUChaVvOXvPR9VuVLsfnjzDc6P5Gjai5d363nT20nNi18L5OHroC3XdA8MgdxoDmbpAmTTDn_Wtiju-QT0mkIBmyhsmBMC4W5socEly60oX2_KrCrmCLoDglFxCSryThnYhHp13dVxC_dzqne_8f3Xhz2OZ9TWFHNrUSjhzkT8rMtC1RDZkhFI0dzeFolyt9sZ5aUQM7y4dsV50ZkMjRhsPfb7YmpLhuXI9qrjJ8fwmtx4iyHDLLMPIutzHBnMeLSNp_K5MQF170V_VNAkCrqVZzzg-DP58pGbEYuJhjPwecasY-AHiqUrz-k1F4C24SwbrZh1duVKYXfMXJ3NTC3s5FxtBA-88tvISxPIc7b_CydU-yvsATs2iq85_C_HAURZpTFVq_SwDCVaj7X0iZeaYa4SU2RIItGDiuLJq4WpHCJ_r_LlJb3UY2hhwDmYVId38s8eqgGkwV6oLa3DC_W38gQWMqw3aA&sai=AMfl-YSGI75c_rjVK3zIwbUN-DqU5unnxNqa_5D0ObmHSjlTZCjlqFgjwdljhDKqmepnvmJPK0GfqTWSvqy7zThFHTbHwDSWu-HunuhtSWPObz76lZZHxXywpiUsUSCgn--XMtyBTnxAGXawlE966knTc6VAvZLLdA4RrCH7uaD_uGfgP7vCsxyUUQ&sig=Cg0ArKJSzALNpJQCM1NNEAE&urlfix=1&omid=0&rm=1&ctpt=115&cbvp=1&cstd=109&cisv=r20210316.12232&adurl=

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 22 Mar 2021 13:59:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame E7A6 0
103 B 16ms
11ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOP4JBqICMStP_NSCD3OpOo&google_cver=1&google_push=AQvitUIYpk2Q9ZGVhighaJ-di0-Up2ldJtTK-7l1RK044QHqTRaQ7k8HLYga1mTQo3S_ra2bI7gnoTX54_jOn-jnM5f6w5I1GGB6
Requested by: Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame E7A6
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEGvMXW0u6lbHr7fwNABbh5k&google_cver=1&google_push=AQvitUISdVYSKtFsnoxgBMBXptFhI21WdQE8esk2SK95egnSF-Lo7ax2xd-GMPdLOxd_Wuqs258qF...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUISdVYSKtFsnoxgBMBXptFhI21WdQE8esk2SK95egnSF-Lo7ax2xd-GMPdLOxd_Wuqs258qFwLgflJHBbiR2zbpOJD0S0k

170 B
213 B

32ms
32ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUISdVYSKtFsnoxgBMBXptFhI21WdQE8esk2SK95egnSF-Lo7ax2xd-GMPdLOxd_Wuqs258qFwLgflJHBbiR2zbpOJD0S0k

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AQvitUISdVYSKtFsnoxgBMBXptFhI21WdQE8esk2SK95egnSF-Lo7ax2xd-GMPdLOxd_Wuqs258qFwLgflJHBbiR2zbpOJD0S0k
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: K0nJd9+ubhagpCMpICsAAA==

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame E7A6
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEDftSmwttJmrn2Ycncvn32g&google_cver=1&google_push=AQvitUI1mfCFWWq4MdmS-vu8lvum0RtK9HQStg-0fFxqsg4iiDwTxNg3TvOCYEZVsx4B8j9YYHUV0b6jlZz...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUI1mfCFWWq4MdmS-vu8lvum0RtK9HQStg-0fFxqsg4iiDwTxNg3TvOCYEZVsx4B8j9YYHUV0b6jlZzT1hHv73CGRPC40ThB&google_hm=UQgOtv-fQJeoqJbjGdShsGs

170 B
190 B

35ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUI1mfCFWWq4MdmS-vu8lvum0RtK9HQStg-0fFxqsg4iiDwTxNg3TvOCYEZVsx4B8j9YYHUV0b6jlZzT1hHv73CGRPC40ThB&google_hm=UQgOtv-fQJeoqJbjGdShsGs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUI1mfCFWWq4MdmS-vu8lvum0RtK9HQStg-0fFxqsg4iiDwTxNg3TvOCYEZVsx4B8j9YYHUV0b6jlZzT1hHv73CGRPC40ThB&google_hm=UQgOtv-fQJeoqJbjGdShsGs
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame E7A6
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOwvBvnquUQOtNdlq3Vh1xs&google_cver=1&google_push=AQvitUKeFTpvHcoyVTMokwgWQqllTPC39p-3GAnRaSAy5tOPiAk4YiZ9HIQZbyNL0niCATWWK9E0xPRAAaIpR0...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MjQ3Nzg2NTYyMTUxODQ4Nw%3D%3D&google_push=AQvitUKeFTpvHcoyVTMokwgWQqllTPC39p-3GAnRaSAy5tOPiAk4YiZ9HIQZbyNL0niCATWWK9E0xPRAAaIpR0Stzn...

170 B
190 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MjQ3Nzg2NTYyMTUxODQ4Nw%3D%3D&google_push=AQvitUKeFTpvHcoyVTMokwgWQqllTPC39p-3GAnRaSAy5tOPiAk4YiZ9HIQZbyNL0niCATWWK9E0xPRAAaIpR0StznBHmyPHjUg

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk0MjQ3Nzg2NTYyMTUxODQ4Nw%3D%3D&google_push=AQvitUKeFTpvHcoyVTMokwgWQqllTPC39p-3GAnRaSAy5tOPiAk4YiZ9HIQZbyNL0niCATWWK9E0xPRAAaIpR0StznBHmyPHjUg
Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame E7A6
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUJKWKsismBhXH795MnW51_j_6zLeJ0STc8mLq8UCQhby3WVzNQWxZtFpE78vDdynIJhXl_QdFzwCn...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJKWKsismBhXH795MnW51_j_6zLeJ0STc8mLq8UCQhby3WVzNQWxZtFpE78vDdynIJhXl_QdFzwCnIZ1cvLxAMFoAodl58&google_hm=b7afc7a4-6d85-4ccd-9fa...

170 B
190 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJKWKsismBhXH795MnW51_j_6zLeJ0STc8mLq8UCQhby3WVzNQWxZtFpE78vDdynIJhXl_QdFzwCnIZ1cvLxAMFoAodl58&google_hm=b7afc7a4-6d85-4ccd-9fa2-43ad7a071b56

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:51 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUJKWKsismBhXH795MnW51_j_6zLeJ0STc8mLq8UCQhby3WVzNQWxZtFpE78vDdynIJhXl_QdFzwCnIZ1cvLxAMFoAodl58&google_hm=b7afc7a4-6d85-4ccd-9fa2-43ad7a071b56
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame E7A6
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAQvitULi8avqBNIqxD2HbXfkQ...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitULi8avqBNIqxD2HbXfkQCUiPUA7BVytF0-PHOQnnKMrlbDQOVyytx-HjzXTkmO1bEBetRnI6H5-UREnnkgl0OYJL0PNmVo&google_hm=A7cLIxh1sU7Th-y80fV1Uiw

170 B
190 B

38ms
38ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitULi8avqBNIqxD2HbXfkQCUiPUA7BVytF0-PHOQnnKMrlbDQOVyytx-HjzXTkmO1bEBetRnI6H5-UREnnkgl0OYJL0PNmVo&google_hm=A7cLIxh1sU7Th-y80fV1Uiw

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 22 Mar 2021 13:59:50 GMT
Server: Tengine
ETag: RXb70b231875b14ed387ecbcd1f575522c003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AQvitULi8avqBNIqxD2HbXfkQCUiPUA7BVytF0-PHOQnnKMrlbDQOVyytx-HjzXTkmO1bEBetRnI6H5-UREnnkgl0OYJL0PNmVo&google_hm=A7cLIxh1sU7Th-y80fV1Uiw
Connection: keep-alive
Content-Type: text/html

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame E7A6 0
44 B 7346ms
280ms Image
text/plain 54.250.196.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEE0RERNCfw2Kbm3ljOrBaUo&google_cver=1&google_push=AQvitULVh_ne3_DIinEO9nVYaiV_pgJEUDykZ876qJCzjkNFGjFpjuUe8t0bZZ-pdU_-_Ibf-iqo2j709TT0VIfROgWrbho1Uk7n
Requested by: Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.250.196.226 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:57 GMT
server: awselb/2.0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame E7A6 0
26 B 35ms
32ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ltfsw2lKRiasMnPZS12snlLOhP1nbvost-2yF8Fh6buBEfxwUQ-DqO1_6wJPzSFE4aDHgK

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 41FE 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 19:13:29 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 67581
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Mon, 21 Mar 2022 19:13:29 GMT

GET
H3-Q050 200 Museo700-Regular-webfont.woff
s0.2mdn.net/creatives/assets/4033635/ Frame C33E 24 KB
24 KB 7ms
7ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4033635/Museo700-Regular-webfont.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2704a01f20ed6fe631b5aa4baaa5300823bcddbe7d8f35c43edad1f86aff05db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:21 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 16:01:58 GMT
server: sffe
age: 29
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24912
x-xss-protection: 0
expires: Mon, 22 Mar 2021 14:14:21 GMT

GET
H3-Q050 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame C33E 60 KB
24 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H3-Q050 200 SplitText.min.js Show response
s0.2mdn.net/creatives/assets/4033635/ Frame C33E 15 KB
5 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4033635/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fba520a3fb705157417bb5574a3c8d57a33b7d907892b0d397374fd546fa65c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5139
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 16:25:34 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Mar 2021 14:14:21 GMT

GET
H3-Q050 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame C33E 110 KB
38 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 14:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82976
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 22 Mar 2021 14:56:54 GMT

GET
H3-Q050 200 logo-de-728x90.png
s0.2mdn.net/creatives/assets/4033635/ Frame C33E 4 KB
4 KB 7ms
6ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4033635/logo-de-728x90.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f85566eb2b6044c17b4e6f2dcabb5bd33fa385e80b6de8accd6bbd9739aee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:20 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 11:26:16 GMT
server: sffe
age: 30
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3759
x-xss-protection: 0
expires: Mon, 22 Mar 2021 14:14:20 GMT

GET
H3-Q050 200 logo-fr-728x90.png
s0.2mdn.net/creatives/assets/4033635/ Frame C33E 3 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4033635/logo-fr-728x90.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edb29173908b3066bc5870b8858e3e5ac4d243b07e496da506de2d424885d61a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:21 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 11:26:32 GMT
server: sffe
age: 29
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2953
x-xss-protection: 0
expires: Mon, 22 Mar 2021 14:14:21 GMT

GET
H3-Q050 200 logo-it-728x90.png
s0.2mdn.net/creatives/assets/4033635/ Frame C33E 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4033635/logo-it-728x90.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e70f6024b548bd737be725ac2e20b3ff7b060cbd16a72f606c125296364510a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:21 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 11:26:47 GMT
server: sffe
age: 29
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3152
x-xss-protection: 0
expires: Mon, 22 Mar 2021 14:14:21 GMT

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1F72 0
515 B 136ms
60ms Other
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C33E 5 KB
4 KB 47ms
33ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

608bfbeb794a96d4fa1734659f8e7412d2ad49c1962daf1fbc917a04ab912e7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4122
x-xss-protection: 0

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame E3D0 0
0 61ms
60ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsteLj2CUAMAXFO3o3ognneWIibjkXbCDLOLR9320BNQYLXFmsLn5KddwOQiHuK8aGsqLSBvn9S8GsFCI9TK03H9kCvHJZwgtzFmgms4fJfdyF2bVdyNHqz5RhczN-wqI49pTw5-mXe7pxhEoS2T5Ss0OT4H5DspnHV_Js0m8AQzo9cJv8prSnLyWBJhli6eIX27CIPiclGUYzdZ8z20GgBZUt-FSgXfn3dQrAsTDBf6FQLacIKGjqQP8h1AJpeA9x2rubGuf2kgnchXGnN6X-dTeqn4NdIZT66PB2jsq5d0Y_ywhplYhDQ&sig=Cg0ArKJSzJX_hKEZNGTrEAE&urlfix=1&adurl=

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
42 B 40ms
38ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMzUsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoic3RhdF9zb3VyY2VfaWQiLCJ2YWwiOiIxMDA2MSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 AdDisplayTrackerServlet Show response
pr.ybp.yahoo.com/ab/secure/true/imp/TgeznKSpPGr4jT07XVu5u2kfLGEBuYVtDg11gDNIVr-t7zD4XeBe7En-J6_ZEqr54NCGz7NYEBXATnnGOWi1jDpn3R2uibIO1w83Bp3JlJ2W1KnjGTtACKeuvQRhDu5muWt-pouuMjirB0sHkEvBnqLYioyNfP_Ih... Frame E3D0 3 KB
4 KB 57ms
38ms Script
text/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://pr.ybp.yahoo.com/ab/secure/true/imp/TgeznKSpPGr4jT07XVu5u2kfLGEBuYVtDg11gDNIVr-t7zD4XeBe7En-J6_ZEqr54NCGz7NYEBXATnnGOWi1jDpn3R2uibIO1w83Bp3JlJ2W1KnjGTtACKeuvQRhDu5muWt-pouuMjirB0sHkEvBnqLYioyNfP_Ih-nLCNcaGKDpM_91XQ5pQZinOYP_b1195XH7J3a_xSo-teOpZbCfrFmYoSjhZQobeOT45TiE0Y47HpUwxutxcXFompvdBPmg7Svl6LaOSifEDcZWJ2_eXrAfjK5Mncnj_IjCNN7nMlqtftVrpdkNQYDIIuwZA39VkDMT22okJ2dfEA1p97l17ii7lAqfPFEpqRGQX9NZS97YA5RAwgHXb1Ogvbn8-JZNzX-hAmxfUmtf5eXuQZ7BhqDtJcn3iauivQcVsX3-CaAWmQaRcJmayEubCbMP3hnv74Wy0tTNsT-BC10Lkup8EaXmebvTcZv2mp6tvUXrSOXfL21AIdQPkq7-8JE4--FW-O5XqZ4PN2DdTtmZvmIKh017LvTMJZu23ACWJ8-eDFeAX4eWQfGstenXg6fm5f9k0EHT-HfIu5KEduIl1fTB7oxKQmipyzCUhKHTdU9C1q2aJVEcdWQL5Y_QFSCqThxXKkwMd9-Yh2Jgy9I_mXYlTLS9WSRbZWJOmIPVvtNpY49U_Z5e2JUXtJRy1nfqtoFNDxeeObOL5dusav1sU62b1ffojyTHk1ikbXPBojPlhXVHc9V8owOIfzS6Zv5_5s-3kD5Z2iECzAFkcmADqU-U7sKyvW0DfhOn3GMOkVsCGidQQhJlHGLgIYdpB6HOxYZzctR-RYIY6kE8bOmevCN4PKitydNzgMff-umi-MFeZHleFHCpuW2wtAET5668F4NpZHOVnhG25-xv9D2n8Q0nzeyMSgaS5gDEdBQOV-QaR0WveNIGUktirCbTbfkoIDTChV3e6HQA_XxooliflirE2FPB3OEjR9YJug42_dZnTUuemC-EyrjtNLOrSt_-DQRWrnfdRy_S6FEWItWw4GaUrZ1XKWn8A6Cm6aLwuSRKvCyWG4qFcYpPxSkOytuIiE4Mivk3MkifkqP5pJTcsrYwPFoqG3aytS3-Z6N2UeGTp6W8C8Wn_zxTOA_IRtVZcPJlGxKLufBA5Khe3ike0BEvqLnqW6V6XvRJ71_0mZ0sThHZ9voxkGnqHwnUPCK4DLPB5DSf_tKOqTtZBNWIgbR-tS5Ot6S4gFbjWdLK_AsyC9_KW3QVuwMxXxu9c6WX9J1OTzP8M6dy9JWSlcBUd5sA3V8aglv-K344uRArataA80qblIS2Bo22MDjlpxBZG9PhLUzQVKi0A1ADh0dvnhGhpA/wp/0.048950/pclick/https://clicktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=JnB1YklkPTE1Njk4MyZzaXRlSWQ9NzIzMTcwJmFkSWQ9Mjk3NTAxNyZrYWRzaXplaWQ9MTAmdGxkSWQ9NjE0NTI2ODQmY2FtcGFpZ25JZD0yMzAyNiZjcmVhdGl2ZUlkPTAmdWNyaWQ9MTY1Nzg0MDM5NjMxNTM1MzY4NDAmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9QjA2MEMxNkEtMDQ4QS00NTkwLUI0Q0YtMTIwNjdFRTM3QUMzJnBhc3NiYWNrPTA=_url=

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,criteo,gumgum,ix,oftmedia,onetag,pubmatic,pulsepoint,sovrn&cb=194-2-11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

587214628a2363d47444a2ddc59023128dd1cb83aed813a2bfd721b3a8634e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript
x-xss-protection: 1; mode=block
expiry: Thu, 01 Jan 1970 00:00:00 GMT
public-key-pins-report-only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="Gtk3r1evlBrs0hG3fm3VoM19daHexDWP//OCmeeMr5M="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="iduNzFNKpwYZ3se/XV+hXcbUonlLw09QPa6AYUwpu4M="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
content-length: 3045
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E3D0 117 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 35ms
31ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcyMTExNiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo4OTkzMjYzNCwiY3JlYXRpdmVfaWQiOjExMTM1NzY5MDkxNCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcyMTExNiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwicmV2ZW51ZSI6MC4wMDAwNCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTM1LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAwNCwiYmlkX2Zsb29yX3ByZXYiOjAuMDEsInN0YXRfc291cmNlX2lkIjoxMDA2MSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6ODk5MzI2MzQsImNyZWF0aXZlX2lkIjoxMTEzNTc2OTA5MTQsImRhdGEiOlt7Im5hbWUiOiJzdGF0X3NvdXJjZV9pZCIsInZhbCI6IjEwMDYxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjExMTYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAxLCJzdGF0X3NvdXJjZV9pZCI6MTAwNjEsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMTEzNTc2OTA5MTQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:50 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 34ms
30ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI4OTkzMjYzNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:50 UTC

GET
H2 200 89932634 Show response
g.ezoic.net/dac/ 0
17 B 33ms
32ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/89932634
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/porpoiseant/banger.js?cb=194-2&bv=13&v=46&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 32ms
31ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wMy0yMiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjEifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 31ms
30ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhdWN0aW9uX2Vwb2NoIjoxNjE2NDIxNTkxLCJhZF9wb3NpdGlvbiI6MTEzNSwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImJpZF9mbG9vcl9pbml0aWFsIjoxMjAwLCJiaWRfZmxvb3JfcHJldiI6MTAwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDM3LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0fV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:50 UTC

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 18ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 356 B
187 B 349ms
349ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=2081601325662493&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C180x150%7C234x60%7C300x1050%7C300x250%7C250x250%7C200x200%7C125x125%7C300x600%7C120x600%7C120x240&fluid=height&ris=1&rcs=3&prev_scp=iid7%3D685266%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1143%26sap%3D1143%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dexcel_malin_com-large-billboard-2-685266%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D4%26bvr%3D5%26shp%3D2%26ftsn%3D3%26br1%3D120%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26hb_bidder%3Dpubmatic%26hb_adid%3D49a8e4cb079f1fb%26hb_pb%3D0.03%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D300%26reqt%3D1616421590891&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421590&dt=1616421590895&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2572&adks=4002535631&ucis=f&ifi=15&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=7

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

2e1f5f9a4faaa2d437190dcff6923805e99491ad1ee3bb809b8b550d948282e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 153
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C33E 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:50 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 9 KB
4 KB 188ms
187ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=3974526524309153&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=3&prev_scp=iid8%3D725166%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1100%26sap%3D1100%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D4%26at%3Dbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-2-725166%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D3%26bvr%3D2%26shp%3D1%26ftsn%3D3%26br1%3D0%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%252C14%252C28%252C4%252C51%252C0%252C88%252C0%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26lb%3D1100%26reqt%3D1616421590911%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421590&dt=1616421590913&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1104&adks=1944177510&ucis=g&ifi=16&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

406c30eee508c1dd7a84f47d6ca9e37b62a6ca936bf00a653c1123e4c7a04dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4518
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inside.js Show response
s.yimg.com/rq/iv/ Frame E3D0 43 KB
15 KB 9ms
7ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/iv/inside.js

Requested by

Host: pr.ybp.yahoo.com
URL: https://pr.ybp.yahoo.com/ab/secure/true/imp/TgeznKSpPGr4jT07XVu5u2kfLGEBuYVtDg11gDNIVr-t7zD4XeBe7En-J6_ZEqr54NCGz7NYEBXATnnGOWi1jDpn3R2uibIO1w83Bp3JlJ2W1KnjGTtACKeuvQRhDu5muWt-pouuMjirB0sHkEvBnqLYioyNfP_Ih-nLCNcaGKDpM_91XQ5pQZinOYP_b1195XH7J3a_xSo-teOpZbCfrFmYoSjhZQobeOT45TiE0Y47HpUwxutxcXFompvdBPmg7Svl6LaOSifEDcZWJ2_eXrAfjK5Mncnj_IjCNN7nMlqtftVrpdkNQYDIIuwZA39VkDMT22okJ2dfEA1p97l17ii7lAqfPFEpqRGQX9NZS97YA5RAwgHXb1Ogvbn8-JZNzX-hAmxfUmtf5eXuQZ7BhqDtJcn3iauivQcVsX3-CaAWmQaRcJmayEubCbMP3hnv74Wy0tTNsT-BC10Lkup8EaXmebvTcZv2mp6tvUXrSOXfL21AIdQPkq7-8JE4--FW-O5XqZ4PN2DdTtmZvmIKh017LvTMJZu23ACWJ8-eDFeAX4eWQfGstenXg6fm5f9k0EHT-HfIu5KEduIl1fTB7oxKQmipyzCUhKHTdU9C1q2aJVEcdWQL5Y_QFSCqThxXKkwMd9-Yh2Jgy9I_mXYlTLS9WSRbZWJOmIPVvtNpY49U_Z5e2JUXtJRy1nfqtoFNDxeeObOL5dusav1sU62b1ffojyTHk1ikbXPBojPlhXVHc9V8owOIfzS6Zv5_5s-3kD5Z2iECzAFkcmADqU-U7sKyvW0DfhOn3GMOkVsCGidQQhJlHGLgIYdpB6HOxYZzctR-RYIY6kE8bOmevCN4PKitydNzgMff-umi-MFeZHleFHCpuW2wtAET5668F4NpZHOVnhG25-xv9D2n8Q0nzeyMSgaS5gDEdBQOV-QaR0WveNIGUktirCbTbfkoIDTChV3e6HQA_XxooliflirE2FPB3OEjR9YJug42_dZnTUuemC-EyrjtNLOrSt_-DQRWrnfdRy_S6FEWItWw4GaUrZ1XKWn8A6Cm6aLwuSRKvCyWG4qFcYpPxSkOytuIiE4Mivk3MkifkqP5pJTcsrYwPFoqG3aytS3-Z6N2UeGTp6W8C8Wn_zxTOA_IRtVZcPJlGxKLufBA5Khe3ike0BEvqLnqW6V6XvRJ71_0mZ0sThHZ9voxkGnqHwnUPCK4DLPB5DSf_tKOqTtZBNWIgbR-tS5Ot6S4gFbjWdLK_AsyC9_KW3QVuwMxXxu9c6WX9J1OTzP8M6dy9JWSlcBUd5sA3V8aglv-K344uRArataA80qblIS2Bo22MDjlpxBZG9PhLUzQVKi0A1ADh0dvnhGhpA/wp/0.048950/pclick/https://clicktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?clickData=JnB1YklkPTE1Njk4MyZzaXRlSWQ9NzIzMTcwJmFkSWQ9Mjk3NTAxNyZrYWRzaXplaWQ9MTAmdGxkSWQ9NjE0NTI2ODQmY2FtcGFpZ25JZD0yMzAyNiZjcmVhdGl2ZUlkPTAmdWNyaWQ9MTY1Nzg0MDM5NjMxNTM1MzY4NDAmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9QjA2MEMxNkEtMDQ4QS00NTkwLUI0Q0YtMTIwNjdFRTM3QUMzJnBhc3NiYWNrPTA=_url=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

1fa16c1f74876eaeaf66d6f29d57c641c619fcf69ac55187039f4f82ff9a701f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 22 Mar 2021 12:39:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4814
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 14524
x-amz-id-2: C7GPc8MDbWK1mvYqZiUTPa0PocAytQbSJUriR6TNhVBHNh7ta8Obu+0gOpEENZDyXR8e0o93WWg=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 11 Mar 2021 20:30:45 GMT
server: ATS
etag: "88b82e15c9ac0270fa9e031df01dd8dc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: APPM5BXVPAYDQ9TQ
x-xss-protection: 1; mode=block
cache-control: public,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 c448902b-7d65-4fde-ac26-ec9b13aa1d13.jpeg
s.yimg.com/ch/ Frame E3D0 70 KB
70 KB 15ms
13ms Image
image/jpeg 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/ch/c448902b-7d65-4fde-ac26-ec9b13aa1d13.jpeg

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

4dbb6c1052bc2e3f2cdb1c7fffd7c2ef37d8b19fa3977bda85f5b72f4f8132eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 14:07:09 GMT
x-content-type-options: nosniff
age: 85962
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 71283
x-amz-id-2: 586C5YgrLR7koTBZWRg7nRWdv3ljChas0TXeDQSF9/LZ86RotTe0evg5twRHwbtKjlLv1kilVHc=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Mar 2021 19:45:49 GMT
server: ATS
etag: "7d9543498d4c9e5900a07baeede2cb39"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 22MX9XY36GNBCQZ1
x-xss-protection: 1; mode=block
cache-control: max-age=15552000, public
x-amz-version-id: null
accept-ranges: bytes
content-type: image/jpeg

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 353 B
193 B 220ms
220ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=598253583996157&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D1000%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D1000%26reqt%3D1616421590924&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421590&dt=1616421590926&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=4875&adks=2801874487&ucis=h&ifi=17&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=8

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

5e76055b1b5382b0ae0a912f19ed489d9c61b1581a3c4832f2e35b89f1f93a7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adchoicesblue.png
s.yimg.com/ch/icons/adchoices/ Frame E3D0 565 B
782 B 16ms
16ms Image
image/png 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/ch/icons/adchoices/adchoicesblue.png

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Wed, 17 Mar 2021 17:08:07 GMT
x-content-type-options: nosniff
age: 420704
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 565
x-amz-id-2: e/AfJ2UDnLe3Ev6GxIJ3BFJaaCVHYsq2B0HmTtEIrZviPTi/ZayVbJ3QPJllnfb4WZPhH//RlzQ=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 22 Jul 2020 18:15:42 GMT
server: ATS
etag: "349bad1100a940608cb9109eb2b166a2"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: ACE1NEBE6HKD5EPR
x-xss-protection: 1; mode=block
cache-control: max-age=15552000, public
x-amz-version-id: null
accept-ranges: bytes
content-type: image/png

GET
H3-Q050 200 Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0113 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ttnmja7GWy_egJOPMyxoEySbUmHRsVi1cDV04sNKFMM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 19:13:29 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:45:00 GMT
server: sffe
age: 67581
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5785
x-xss-protection: 0
expires: Mon, 21 Mar 2022 19:13:29 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A501 37 KB
14 KB 1920ms
43ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://excel-malin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=156212:2; KADUSERCOOKIE=DD5F50ED-6A4E-4089-860A-E1F8FB716145; chkChromeAb67Sec=1; DPSync3=1617580800%3A201_227_226_221; SyncRTB3=1617235200%3A63%7C1617580800%3A81_88_13_55_230_222_21_71_189_176_220_161_204_54_56_7_22_3_8_166_165_78_5%7C1616976000%3A15_67_2_223%7C1618963200%3A203%7C1617667200%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27232
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:52 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK AdDisplayTrackerServlet Show response
aktrack.pubmatic.com/AdServer/ Frame AD37 0
124 B 3340ms
28ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=156983&siteId=723170&adId=2975017&adType=10&adServerId=243&kefact=0.047067&kaxefact=0.047067&kadNetFrequecy=0&kadwidth=160&kadheight=600&kadsizeid=10&kltstamp=1616421586&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.048950&dcId=3&tldId=61452684&passback=0&svr=BID22479U&adsver=_2344862218&adsabzcid=0&ekefact=0qJYYCaGAgBQa9wMPT3QU4IEHOxekeXfZU4uuwJjkcZyQGEN&ekaxefact=0qJYYDSGAgDgy2KLdc5Br7e1b2rpxNxfD1zgDbAlvIJZrNXA&ekpbmtpfact=0qJYYECGAgBtCT9PeLqplbgaMTw4eStoJxbnPsAJBkIhsv58&enpp=0qJYYEuGAgCFnBivdS83NGbZIXqLUDo6tN4g7cy5RhmPu4s9&pfi=1&dc=AMS&pubBuyId=30384&crID=3213530&lpu=hoeren-heute.ch&ucrid=16578403963153536840&campaignId=23026&creativeId=0&pctr=0.000000&wDSPByrId=OATH101788000&wDspId=452&wbId=6&wrId=0&wAdvID=1157489&wDspCampId=1516979&isRTB=1&rtbId=24D7ECA5-4223-4FE0-9073-C102A6F68A50&imprId=B060C16A-048A-4590-B4CF-12067EE37AC3&oid=B060C16A-048A-4590-B4CF-12067EE37AC3&cntryId=45&domain=excel-malin.com&pageURL=https%3A%2F%2Fexcel-malin.com%2F&sec=1&pAuSt=3
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: aktrack.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://excel-malin.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156212:2; KADUSERCOOKIE=DD5F50ED-6A4E-4089-860A-E1F8FB716145; chkChromeAb67Sec=1; DPSync3=1617580800%3A201_227_226_221; SyncRTB3=1617235200%3A63%7C1617580800%3A81_88_13_55_230_222_21_71_189_176_220_161_204_54_56_7_22_3_8_166_165_78_5%7C1616976000%3A15_67_2_223%7C1618963200%3A203%7C1617667200%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

Content-Type: text/html
Content-Length: 0
Date: Mon, 22 Mar 2021 13:59:54 GMT
Connection: keep-alive

GET
DATA 200
OK truncated
/ Frame E3D0 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9483b5c007aadd1c45d5a391c9c905e30de674c7dd17cd36108077e878a56c78

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 41FE 0
46 B 42ms
41ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BempL1qJYYIGIHOeT7_UPxOav6AIAAAAAOAHgBAI&bg=!QUKlQgbNAAbUo7L91KM7ACkAdvg8Wgj7z1v2vEOFiYAVsxt3MqUo45X22Mikc3gdsjho0ykLgOUT7wIAAADNUgAAABRoAQcKAHvIzarjBrzDz2_NJ6tyy_oANk5rGfl-qzsVMngDSDKOBGuAxUc_gIRgxcsnBU04VyQxodzlW5sXrJJJiDeMSYjrPar9mwyROClAo-D9fXOb6-Z3k8OhkZT11vfySklfm42gLGaveLlkseQc-iXrTwsBkbxd9EW56JBVvqGZAmZQhP4MRywU9rJEQgs_1VS7Q9GZhVtz9euToBcZxeTfpRJTEZBubehztMCnjTbkRlQJ8wZ8DgxGio8J5E9PszTahxK_Ohxl9e6foGqdae5PoJ09xM6aKta-IlfgTMw06-lHU_FLjZMbrRQ-R57KW2RJryY7pgCYDBVLZ5AUbIaoCEitlE3ABYx5q1geA9gGTSzqJWl7T9mNcr7PI_swwaOwqijb6G1jGjJEKZ8cMKqQ_dhKYCWYN7sCxLNHEh90mLvEx-Gcqga1Mjz1Uud6z1-R5RJYDfJFWrhOLhttF-2lwR_9lxD_FnF2J66GaCjruIBa9abPFPA0PUva77mYOg2DHPBYL__YUrGUZqHGOVTpn1duxRum7zbBwlp4FUCjtvSqIwheyiJffd3dWhD4_QM249mTtlrPCZi9wlruyb82_B1vUh293fNogRuylsNP3KIgmVZuVXjGtfj8K3QnR_WT1cbItQZGNfTTQ8aIOlGfALCpWwYWmDXKlEsZBLSiiN8MBHjhIVyBH6cF6X_AM_CEVq16NdWt7hbEA1L8gx8h1xwGPw8X9LhncZTg3Eatit2d0XNv0enQgoq3emq90vovWEPmdr2troeoMhSZohCBMsyJAbIh-zykFIDGJ0nDww5Dkn0GSqIC6BV2tILv-Z4AXdmAmBgtJ5MkGGI5RFKsNQtCnT3RzEkgQgSQWLXJdE8_Q23JSrSrEJGWj4zWsRbH-lhHJbNCKCFDk-w_ACOo8C8oyZwVuaY-2ezAWVzXY2F17eoAgiQkw92fbkgYY4VypZrk86mFapmppKpVPRntg923R1Ke-A

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 view
securepubads.g.doubleclick.net/pcs/ Frame E3D0 0
0 105ms
73ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssBzinHRgm1Y_QYX_1o4dq9n8yCfIIGk4GNnMHChkNM6txn5hk8inKq-E9RTGSJgVeZNQyeo1VoSrpf_t8s17wChefOS9lNE3e3sbfFcCYWtqGkR4n1mrIipMcaYiVr19V8HwTDq-YgWIdhowHwMfEzLo1f9UVrpUVByYxEd7D6NHizKisl8daq5qI0kgCAoD6Av80J1tCtrMeHUZP6WYGVYWAmpsHitSZ-L0V8tNJ0N1NNcURjQLyptKhS-kWSqKuaa_ijCX68F2c1rHhnSciU03j8BSFhaZEE1qJc63Wk3Fvr7BOmTRDgJw&sig=Cg0ArKJSzObmyF5owxEsEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 22 Mar 2021 13:59:51 GMT

GET
H3-Q050 200 44244949_20210211033046602_AW_Police_728x90_bgImg_2021.jpg
s0.2mdn.net/ads/richmedia/studio/44244949/ Frame C33E 21 KB
21 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/44244949/44244949_20210211033046602_AW_Police_728x90_bgImg_2021.jpg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9c7c7ff0c50a82dd60b4a0ce7f3741dd4ab6f1abb24ef320316a5ae4994bac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 07:51:14 GMT
x-content-type-options: nosniff
last-modified: Thu, 11 Feb 2021 11:30:46 GMT
server: sffe
age: 22117
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21853
x-xss-protection: 0
expires: Tue, 23 Mar 2021 07:51:14 GMT

GET
H3-Q050 200 44244949_20210213030639918_AW_Police_728x90_handy_2021_fr.png
s0.2mdn.net/ads/richmedia/studio/44244949/ Frame C33E 17 KB
17 KB 7ms
7ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/44244949/44244949_20210213030639918_AW_Police_728x90_handy_2021_fr.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84c29bf6544bcd798cd5206a7febb2b935a174480d8094f4abc48d34916c8526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 21 Mar 2021 21:23:28 GMT
x-content-type-options: nosniff
last-modified: Sat, 13 Feb 2021 11:06:40 GMT
server: sffe
age: 59783
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17510
x-xss-protection: 0
expires: Mon, 22 Mar 2021 21:23:28 GMT

GET
H3-Q050 200 container.html Show response
cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 39C0 6 KB
3 KB 34ms
20ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://excel-malin.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://excel-malin.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Mon, 22 Mar 2021 13:59:46 GMT
expires: Tue, 22 Mar 2022 13:59:46 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 5
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
42 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI1MTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI1MTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjUxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDExLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjUxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjQ2MTA1ODQyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjUxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDgxNzczNTQyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
40 B 27ms
26ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/porpoiseant/banger.js?cb=194-2&bv=13&v=46&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI1MTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTIyIn0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTQifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiMSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
26ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzI1MTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhdWN0aW9uX2Vwb2NoIjoxNjE2NDIxNTkxLCJhZF9wb3NpdGlvbiI6MTEwMCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImJpZF9mbG9vcl9pbml0aWFsIjoxNTAwLCJiaWRfZmxvb3JfcHJldiI6MTEwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MjE2LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 39C0 0
0 62ms
61ms Fetch
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CACjp1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE7gFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRd1L-Osi5R0zPzAdLpJ20QsRsG4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjGACgP6CwIIAYAMAbIXGAoWEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=M1zuBad8qsY&tpd=AGWhJmvFmr-_TO6vfl_oHv8DELB_ka9BFhZpEA0AQ12ydZYMfA
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 39C0 2 KB
2 KB 2627ms
39ms Script
text/javascript 37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=35230877;rtbwp=YFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ;rtbdata=213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ&num=1&sig=AOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ&client=ca-pub-6396844742497208&adurl=

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

28e4dd02f1e0bd534327060b428ac81be0fc8b4736a8abce7a13fb5a436499c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:53 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1592
expires: -1

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 39C0 2 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/window_focus_fy2019.js

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:58:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Apr 2021 13:58:51 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 39C0 117 KB
36 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1615980836519751"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36389
x-xss-protection: 0
expires: Mon, 22 Mar 2021 13:59:51 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/ Frame 39C0 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 153
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5991
x-xss-protection: 0
server: cafe
etag: 8832118191516519848
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 05 Apr 2021 13:57:18 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 39C0 0
0 14ms
13ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRKhiXRSsv_AB-AdLoxn3hZOa1WU5w-yoN8gyn2qZD0Qs-wX06CMjq6V5wlUZO6XdImCv9htQCp8CmkupfzkURyLrK2dw
Requested by: Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-37/js/ Frame 39C0 24 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-37/js/ext.js

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c978eaee9473c367fd30eea148b6cd5233e58a317a36157c24e5dd2af62a97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 20 Mar 2021 19:53:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 151588
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7485
x-xss-protection: 0
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Mar 2022 19:53:23 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 17ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 356 B
184 B 221ms
220ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=1397662223755855&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C180x150%7C234x60%7C300x1050%7C300x250%7C250x250%7C200x200%7C125x125%7C300x600%7C120x600%7C120x240&fluid=height&ris=1&rcs=4&prev_scp=iid7%3D685266%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1143%26sap%3D1143%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dexcel_malin_com-large-billboard-2-685266%26eb_br%3Dd31e71883d00099e275b6c5878eed023%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D4%26bvr%3D5%26shp%3D2%26ftsn%3D3%26br1%3D32%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26hb_bidder%3Dpubmatic%26hb_adid%3D49a8e4cb079f1fb%26hb_pb%3D0.03%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D120%26reqt%3D1616421591411&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421591&dt=1616421591419&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2572&adks=4002535631&ucis=i&ifi=18&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=9

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

3ddf39fe42cf5e347723957fc6eec62761711be001c25457f909ee2384513d59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 353 B
188 B 214ms
213ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=3045506119951557&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D750%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D1000%26reqt%3D1616421591440&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421591&dt=1616421591445&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=4875&adks=2801874487&ucis=j&ifi=19&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=10

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

c79559d2226972ac27413ed946bedcd1766457c378f0c43a36c2ea9a4d868c94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1F72 42 B
155 B 52ms
48ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkKMnNiBrrrcP4KkzI0UDTqX7ThnBjkGqTYMomvAmbbwMupVx58YuzKIwZVsxX8SDp2CYXVWIT0hxTdXMpG5vlQFKc8OEWCL2Gag7dUL8w1GJ4K7MwN1Lp2ys&sai=AMfl-YT1x9ItEAeKWuOX4uYFGR5MUBvmjqm9f9Lzzl45Zk0UY4hVymCZR5bltHODYtCyGFFYUScdCy1PMatiiBcwkriq1c4p8gl9Hr_ibuIiS672pW5T90j2fhDJoKg&sig=Cg0ArKJSzJtHEJvO4cpgEAE&cid=CAASEuRoINHXYzSyFZlNNKzdE9whIg&id=lidar2&mcvt=1000&p=97,436,187,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2276015470&rs=4&met=ce&la=0&cr=0&osd=1&vs=4&rst=1616421590402&dlt=21&rpt=180&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 24ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEwMTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMzMsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEwMTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzEwMTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzMywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxMDE2NiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 audins.js Show response
go.ezoic.net/detroitchicago/ 466 B
875 B 6ms
6ms Script
application/javascript 2600:9000:206f:d200:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezoic.net/detroitchicago/audins.js?cb=194-2
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d200:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: fd78f51affedcaa173cd1f15fca8f1fbecdbaafa7020cec2ae0fe3befbed5ea1

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 19 Mar 2021 23:49:54 GMT
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
last-modified: Fri, 12 Mar 2021 17:56:24 GMT
server: nginx/1.16.0
age: 223797
etag: "1d2-5bd5a9e4b6200;5bd5a9e4b6200-gzip"
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-robots-tag: noindex
content-length: 466
x-amz-cf-id: GPCjlf4HX4W_hloC1gUMr3WB6RV1H76BH88ECcXF0mswTZPmpztO7Q==

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
42 B 25ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc2NzE1IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiODI3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODUyNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTQzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI1MDAifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcxMDE2NiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjEyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjUxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjEyNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiNTgifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:52 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 24ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc2NzE1IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiI2NTAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjQ4NzUifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODUyNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTQzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjExODEifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjI1NzIifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MTAxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTMzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjQzNiJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiOTcifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjUxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTA5MCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMTgxIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI3OTAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 9ms
8ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: go.ezoic.net
URL: https://go.ezoic.net/detroitchicago/audins.js?cb=194-2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
etag: "YoFsxqR3BwPygbSjh02Dug=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Mon, 29 Mar 2021 13:59:51 GMT

GET
H/1.1 200
OK SPug Show response
simage4.pubmatic.com/AdServer/ Frame 6358 0
418 B 31ms
30ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156983&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:55 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 44 KB
11 KB 238ms
237ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=1517669325872794&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-large-billboard-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C180x150%7C234x60%7C300x1050%7C300x250%7C250x250%7C200x200%7C125x125%7C300x600%7C120x600%7C120x240&fluid=height&ris=1&rcs=5&prev_scp=iid7%3D685266%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1143%26sap%3D1143%26a%3D%257C0%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1034%26compid%3D0%26tap%3Dexcel_malin_com-large-billboard-2-685266%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D0%26bvm%3D4%26bvr%3D5%26shp%3D2%26ftsn%3D3%26br1%3D4%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26hb_bidder%3Dpubmatic%26hb_adid%3D49a8e4cb079f1fb%26hb_pb%3D0.03%26hb_format%3Dbanner%26hb_ssid%3D10061%26lb%3D32%26reqt%3D1616421591938&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421591&dt=1616421591941&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=1181&adys=2572&adks=4002535631&ucis=k&ifi=20&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=294x614&msz=294x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=11

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

f8c286b8bacd19d185bae050c2e9b350b19bddd12d990ca882fd4c991c4d01c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11294
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
347 B 30ms
9ms Script
application/x-javascript 2600:9000:2182:6a00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:6a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 03:09:10 GMT
via: 1.1 375e9ad5042f2098d2251daf2e517c52.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
age: 39042
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: Ik31-n3teaagBC-AEMXy-nu5AsDx_OzrHK7JxLVW9bO7i29gA4qK1w==

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 353 B
212 B 205ms
204ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=854951450493469&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3D6ac330e431a70c7d8ce9fb95aee95c72%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D750%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D750%26reqt%3D1616421591955&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421591&dt=1616421591959&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=4875&adks=2801874487&ucis=l&ifi=21&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=12

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

4ff246efb996207e120dae73eca5ad57e780fa76c3a49a8d7cffdcd451662e48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 yv
beap-bc.yahoo.com/ Frame E3D0 43 B
795 B 35ms
34ms Other
image/gif 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://beap-bc.yahoo.com/yv?sek=6318353387347286591:1616421586143&as=YAMPViewableImpressionPayload&av=2.19.0&kv=0&ea=1&ap=K7OlV3L1RkFGTWMKTq31GhY6pF8H-Ko0mflIzEf7MNu9gwmI8vXiCGx7XEx5CwmtC2tKeCnlBtnG6pEulcJOK8B-xYA4k7VAJN81z2cS1zzLddzSQUegHYiidKBvDKsycEIIk4Sc6zvKAOovLeVA5GfCWkeG16VhcII3xIl1OmeFSuuCt-hkS4ZE0yhFQaqiWQLQg4krqCHpmpbP49WABLYprAqmupKLGVhegG2nez4&iv=68&v=1&m=2&r=1616421591977&im=1&b=100&ad=jv=1.0.254:vd=0:na=0:ed=1:tpv=:tp=1:mt=7

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/iv/inside.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 22 Mar 2021 13:59:51 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 2
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
x-xss-protection: 1; mode=block
cache-control: no-cache, private
content-type: image/gif
content-length: 43
x-content-type-options: nosniff
accept-charset: utf-8

GET
H2 200 pixel;r=387264689;labels=Domain.excel_malin_com%2CDomainId.173563;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fexcel-malin.com%2F;uht=2;fpan=1;fpa=P0-1138973223-1616421591983;ns=0;ce=1;qjs=1;qv=e576aef...
pixel.quantserve.com/ 35 B
210 B 8ms
8ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=387264689;labels=Domain.excel_malin_com%2CDomainId.173563;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fexcel-malin.com%2F;uht=2;fpan=1;fpa=P0-1138973223-1616421591983;ns=0;ce=1;qjs=1;qv=e576aef5-20210317211205;cm=;gdpr=0;ref=;d=excel-malin.com;je=0;sr=1600x1200x24;dst=1;et=1616421591983;tzo=-60;ogl=locale.fr_FR%2Ctype.website%2Ctitle.Excel-Malin%252Ecom%20-%20Tout%20sur%20Excel%20et%20VBA%2Cdescription.Tous%20les%20moyens%20efficaces%20pour%20(mieux)%20ma%C3%AEtriser%20Excel%20et%20VBA%3A%20trucs%20%26%20astuces%252C%20%2Curl.https%3A%2F%2Fexcel-malin%252Ecom%2F%2Csite_name.Excel-Malin%252Ecom%2Cimage.https%3A%2F%2Fexcel-malin%252Ecom%2Fwp-content%2Fuploads%2F2020%2F01%2Fexcel-malin_image%252Ejpg%2Cimage%3Awidth.711%2Cimage%3Aheight.400

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:51 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E3D0 42 B
89 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstQdZdlCh22JmzT0JNjsZEYy1Cw7fo--da5SNoXkpGlg4-1gUxMggWc2lP22cYJ71YCOomt96BjenJJ610mh3rtctoBY-9347j1clX405g&sig=Cg0ArKJSzHicAzriW0IHEAE&id=lidar2&mcvt=1001&p=790,1248,1394,1408&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&v=20210317&bin=7&avms=nio&bs=1600,1200&mc=0.68&app=0&itpl=19&adk=2931237426&rs=4&met=ie&la=0&cr=0&osd=1&vs=4&rst=1616421590852&dlt=0&rpt=121&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK SPug Show response
simage4.pubmatic.com/AdServer/ Frame 0E7E 0
573 B 31ms
31ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156212&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
42 B 25ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMzUsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:51 UTC

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 8FFB 185 KB
53 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2591
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 8FFB 12 KB
5 KB 38ms
17ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2591
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 8FFB 87 KB
27 KB 38ms
17ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2591
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 8FFB 3 KB
1 KB 40ms
19ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2591
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 8FFB 40 KB
13 KB 40ms
20ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2591
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
DATA 200
OK truncated
/ Frame 8FFB 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1be12ad7a6d1c15872d26e3bef2ead0d0cf9b575f8202c7d2b947576c350d6b5

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 11376464387264467595
tpc.googlesyndication.com/simgad/ Frame 8FFB 128 KB
128 KB 233ms
233ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11376464387264467595?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkXT_ADj-WntlEfxkF0eCBuH-FNtA

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94169203db4f2b9193d0b1d7bcc2ab4abbe12b846d6080cd00e4c6dbf986b322

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Sep 2020 07:23:23 GMT
server: sffe
age: 0
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131153
x-xss-protection: 0
expires: Tue, 22 Mar 2022 13:59:52 GMT

GET
H3-Q050 200 fr.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8FFB 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/fr.png

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb10b8a273579cd997035d04ad3d87002aefa416b6ebe91b6c25e4eb0aa6ffcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 03:57:17 GMT
x-content-type-options: nosniff
server: cafe
age: 36155
etag: 12021612326893382710
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2724
x-xss-protection: 0
expires: Tue, 23 Mar 2021 03:57:17 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8FFB 295 B
414 B 6ms
6ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: excel-malin.com
URL: https://excel-malin.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 52501
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 22 Mar 2021 23:24:51 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8FFB 0
0 59ms
59ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CQ5Gt2KJYYLIKirmVB_-QrugMrI-R9GHuxZW0tgz7i72RmA4QASD0-cYlYPWVzoHgBKAB-unumgPIAQKpAiKsWsuBCLI-4AIAqAMByAMIqgTvAU_Qe4ZtEOzuYKBxAmx_wlUBbtFHH_BxEzaip0HhnIqE2f11FFz1YUyw0_9uWW58S4AJxYhxbEGeaTZeqbSTid85Lct8ba_R3RIcMl9u09B5vmATdN3OpO_Q6e1HKWVAvqe5k3oyYZMQeJwY00PgPta7TUESq5smsaz35Rp7QCHt2jALcIeu6V9Tx71PeU8mMTFKeqxJtedGQ3cSqBw4_ZHylX8WdMop9XQqM2KXSvPpjrfYd4DS9iYTY1WAfhiRP8pIzaYaSAoTOS3GboSCTU12BTwRHtFO9te3lqOL-GB-qlFmqb7fmiWKk5kxV5GUwAT506D79wLgBAGSBQQIBBgBkgUECAUYBKAGAoAH7pWRZagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCnwALSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi04ODkwOTQ4NjY1MzM1MzIxgAoDyAsB2BMMshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=eWaUpSyCebs&tpd=AGWhJmuanwOfoxT-KdV92LU7gioycZl2z4dmuhhRp4OXbLOA_w
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 27ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg1MjY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTE0MywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjYifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4NTI2NiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExNDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4MywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjljM2U0ZWU4ZWFlN2YxNDMzY2IyZmU2OWIxMzI2NjA1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODUyNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTE0MywiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDMyLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg1MjY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTE0MywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ0ODMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4NTI2NiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1sYXJnZS1iaWxsYm9hcmQtMi0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExNDMsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4MywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:52 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 27ms
26ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/porpoiseant/banger.js?cb=194-2&bv=13&v=46&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Mar 2021 13:59:52 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg1MjY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTE0MywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wMy0yMiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjEifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:52 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg1MjY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhdWN0aW9uX2Vwb2NoIjoxNjE2NDIxNTkyLCJhZF9wb3NpdGlvbiI6MTE0MywiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImJpZF9mbG9vcl9pbml0aWFsIjoxMDAwLCJiaWRfZmxvb3JfcHJldiI6MzIsImJpZF9mbG9vcl9maWxsZWQiOjQsImF1Y3Rpb25fY291bnQiOjYsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjI1OCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:52 UTC

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8FFB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
14ms

Image
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Mon, 22 Mar 2021 13:59:52 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 24ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI1MTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:52 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 25ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIxMTE2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjg5OTMyNjM0LCJjcmVhdGl2ZV9pZCI6MTExMzU3NjkwOTE0LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMjk0LDYwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcyMTExNiIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo4OTkzMjYzNCwiY3JlYXRpdmVfaWQiOjExMTM1NzY5MDkxNCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:52 UTC

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
146 B 15ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 15ms
14ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 353 B
188 B 221ms
221ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=2718090076954972&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3D26dfa00588543c52511429ade391f561%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D550%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D750%26reqt%3D1616421592472&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421592&dt=1616421592481&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=5325&adks=2801874487&ucis=m&ifi=22&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=13

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

52697a2b1453e4d0fcd93928412311a07f0f680d11ea6f6b63e9655f33252a78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 25ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzI1MTY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils3MjgsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjUxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjUxNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:52 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:52 UTC

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame E2C9 37 KB
14 KB 129ms
33ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=DD5F50ED-6A4E-4089-860A-E1F8FB716145; chkChromeAb67Sec=1; DPSync3=1617580800%3A201_227_226_221; SyncRTB3=1617235200%3A63%7C1617580800%3A81_88_13_55_230_222_21_71_189_176_220_161_204_54_56_7_22_3_8_166_165_78_5%7C1616976000%3A15_67_2_223%7C1618963200%3A203%7C1617667200%3A35; SPugT=1616421591; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27232
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:52 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A501 1 KB
2 KB 1133ms
38ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=82049874&p=156983&s=723170&a=0&ptask=DSP&np=0&fp=1&mpc=20&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e84f403b47a6aa25724ae69a3e5783697b6e08826c624a11e614fd1fe328f5a8

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:53 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 1212
Content-Type: text/html; charset=UTF-8

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 353 B
214 B 205ms
204ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=607301766716527&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=7&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D8%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3D26dfa00588543c52511429ade391f561%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D550%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D550%26reqt%3D1616421592987&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421592&dt=1616421592992&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=5325&adks=2801874487&ucis=n&ifi=23&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=14

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

095cec422ed58b327bb224ccae87485c2e6b38e8e5c30f99aa10b26669500d02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 157
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 3DF3 37 KB
14 KB 1119ms
45ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=DD5F50ED-6A4E-4089-860A-E1F8FB716145; chkChromeAb67Sec=1; DPSync3=1617580800%3A201_227_226_221; SyncRTB3=1617235200%3A63%7C1617580800%3A81_88_13_55_230_222_21_71_189_176_220_161_204_54_56_7_22_3_8_166_165_78_5%7C1616976000%3A15_67_2_223%7C1618963200%3A203%7C1617667200%3A35; SPugT=1616421591; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27230
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:54 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3-Q050 200 integrator.js Show response
adservice.google.ch/adsid/ 107 B
146 B 15ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 15ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=excel-malin.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 13:59:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 214ms
214ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3742499458100066&correlator=353056239187449&output=ldjh&impl=fif&eid=31060469%2C31060367%2C44739387&vrg=2021031601&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210322&iu_parts=1254144%2Cexcel_malin_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=8&prev_scp=iid7%3D676715%26t%3D134%26d%3D173563%26t1%3D134%26pvc%3D2%26ap%3D1134%26sap%3D1134%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod10-c%26ic%3D9%26at%3Dbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dexcel_malin_com-medrectangle-1-676715%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%26asau%3D6979417379%26bv%3D32%26bvm%3D3%26bvr%3D7%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D0%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26lb%3D550%26reqt%3D1616421593506%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D1f7a1a573e762e4c%3AT%3D1616421589%3AS%3DALNI_MZsBmF0fSmDcL3UgtF6RttF88ejNw&bc=31&abxe=1&lmt=1616421593&dt=1616421593508&dlt=1616421585572&idt=898&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=5325&adks=2801874487&ucis=o&ifi=24&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fexcel-malin.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x264&msz=300x250&psts=AGkb-H9mwR-HG4eOIJXXsOAf1wWT5ac_u6SNNF6Q9WJspwAp1maQ1fWKX6yK_WjTZhm4HRHNF_8VJIiA2aM_iWFb5A&ga_vid=294583633.1616421586&ga_sid=1616421587&ga_hid=1531357187&ga_fc=false&fws=0&ohw=0&btvi=15

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

760f80ccf6637ebca79ed929a6f5c4fff11de957b45ffdd4c2f1e3a9a9435cd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10885
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://excel-malin.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
65 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg1MjY2IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLWxhcmdlLWJpbGxib2FyZC0yLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTE0MywiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDEwNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODUyNjYiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbGFyZ2UtYmlsbGJvYXJkLTItMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTQzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODMsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:53 UTC

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 694A 185 KB
53 KB 36ms
20ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2592
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 694A 12 KB
4 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2592
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 694A 87 KB
27 KB 43ms
28ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2592
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 694A 3 KB
1 KB 37ms
22ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2592
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 694A 40 KB
13 KB 36ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 2592
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Mon, 22 Mar 2021 13:16:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Mar 2022 13:16:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 694A 5 KB
774 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=fr

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cc09b0d82fa5d05aef18c5468f24d943431683c73266d6a46c8f16325b23620

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 13:59:53 GMT
server: ESF
date: Mon, 22 Mar 2021 13:59:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Mar 2021 13:59:53 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 694A 5 KB
797 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cc09b0d82fa5d05aef18c5468f24d943431683c73266d6a46c8f16325b23620

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 13:10:51 GMT
server: ESF
date: Mon, 22 Mar 2021 13:59:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Mar 2021 13:59:53 GMT

GET
H3-Q050 200 fr.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 694A 3 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/fr.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb10b8a273579cd997035d04ad3d87002aefa416b6ebe91b6c25e4eb0aa6ffcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Mar 2021 03:57:17 GMT
x-content-type-options: nosniff
server: cafe
age: 36156
etag: 12021612326893382710
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2724
x-xss-protection: 0
expires: Tue, 23 Mar 2021 03:57:17 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 694A 295 B
325 B 7ms
6ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021031601.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 21 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 52502
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 22 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame 694A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d18106dabdb47ba73b327b7c5d1268a15132441ba5d41927b2d445ef93f1f386

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 694A 0
0 65ms
65ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cs-B32aJYYNSNIoWU7_UPu46k0A7zg5P5X6rzquHnDNrZHhABIPT5xiVg9ZXOgeAEoAHXkpS_A8gBBqkCyBerlabUqj7gAgCoAwHIAwqqBOIBT9C-6BSfaS3dK31rA82LmhngnKYdmWdMpqNRhWtwlkzmHNunUr9d17yZSNvOZR9O5dofDSFEmt7_HU1zGznkyhejmzSbpKh277wrfgAscqZXSFNJJtVpXoTMl69HM1Q2OdfIIJEfaknnUnYZ6NA7gm8JVw2V9_VYjoyIN-y0mZMQAYubDDCSHxCP_CG7OswhV23g5h_IimgfuuZMTbW0cGnu0NqUGUHcEgw88hoj6kvRGMs-7SD6EzP-xUKULFb3b1AuY-p99W_ss4ZL09a52-hXAl-5ZMehk89WEpN79RQ_dMAE8MCDyrgD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB5Ht60CoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwMQ8C7SCAcIgGEQARgd8ggbYWR4LXN1YnN5bi04ODkwOTQ4NjY1MzM1MzIxgAoDyAsB2BMMiBQJshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=CyRpw7yGhdY&template_id=492&tpd=AGWhJmsR8iC-gTYMjD24LZEdzUgyGJ4LIhzy9icwOPt65oNLJQ
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 694A 0
0 15ms
15ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR1_MCodx2FYl2Eso_58RGDyi702nlG7Tw9y_Y0QPqc8rAc6d5qhvDXMp-9yKJfMjQLVKruSSO4rze5DZirweRAuFqKDg
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc2NzE1IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjkifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NjcxNSIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6Inplcm8ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NjcxNSIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAuMDAwMDAyLCJhZF9wb3NpdGlvbiI6MTEzNCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDU1LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc2NzE1IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM4MjAifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NjcxNSIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:53 UTC

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
40 B 42ms
41ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/porpoiseant/banger.js?cb=194-2&bv=13&v=46&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Mar 2021 13:59:53 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 26ms
25ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc2NzE1IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wMy0yMiJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjEifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:53 UTC

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
19 B 24ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjc2NzE1IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhdWN0aW9uX2Vwb2NoIjoxNjE2NDIxNTk0LCJhZF9wb3NpdGlvbiI6MTEzNCwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImJpZF9mbG9vcl9pbml0aWFsIjoxMzAwLCJiaWRfZmxvb3JfcHJldiI6NTUwLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJhdWN0aW9uX2NvdW50Ijo5LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyMzgsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6NzE2MTQzOTR9XQ==
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:53 UTC

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 694A 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=fr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://excel-malin.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 15 Mar 2021 18:51:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
server: sffe
age: 587286
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15736
x-xss-protection: 0
expires: Tue, 15 Mar 2022 18:51:47 GMT

GET
H3-Q050 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 694A 44 KB
44 KB 13ms
8ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=fr

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://excel-malin.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 18 Mar 2021 09:43:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
age: 361012
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
expires: Fri, 18 Mar 2022 09:43:01 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/620/s1.adform.net/ Frame 39C0 35 KB
16 KB 141ms
45ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=35230877;rtbwp=YFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ;rtbdata=213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ&num=1&sig=AOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ&client=ca-pub-6396844742497208&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 686df60545fbf0a0d59457fc410d3f997b5c904afdedb6d1b67a48984d6a2cda

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 15:51:47 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 23 Mar 2021 17:26:56 GMT

GET
H2 200 greenoaks.gif Show response
excel-malin.com/detroitchicago/ 0
19 B 25ms
24ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjE4NjA2MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIzIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjY5NzQ0MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiNSJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiOTMxMjAwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiI1ODIwIn1dfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:53 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:53 UTC

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 39C0 8 KB
4 KB 41ms
41ms Script
text/javascript 37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=35230877;rtbwp=YFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ;rtbdata=213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2;nofp=1;click=https://adclick.g.doubleclick.net/aclk?sa=L&ai=CRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ&num=1&sig=AOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ&client=ca-pub-6396844742497208&adurl=;js=1;adfxid=1x;7465;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fexcel-malin.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

cb5801e38fe4b467f5dacb5f367ed50467c88915f489159001a9de342e45ac46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:54 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3298
expires: -1

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 019D
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003&rndcb=2236108450
https://bidswitch-eu.splicky.com/cm?bidswitch_ssp_id=adconductor&bsw_custom_parameter=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
https://x.bidswitch.net/sync?dsp_id=311&user_id=&user_group=2&ssp=adconductor&expires=10&bsw_param=2e4bed9e-dc7e-4707-8c07-c96df592e9b3
https://sync.1rx.io/usersync/bidswitch/2e4bed9e-dc7e-4707-8c07-c96df592e9b3?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003

0
0

GET

Pug
simage2.pubmatic.com/AdServer/ Frame 3946
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F6A640CED6224A48A3040804E06DFA18

0
0

GET
H/1.1 200 usersync Show response
match.bnmla.com/ Frame 3DCC 0
112 B 1394ms
121ms Document
text/plain 38.27.122.101
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=82049874&p=156983&s=723170&a=0&ptask=DSP&np=0&fp=1&mpc=20&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.101 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: match.bnmla.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:55 GMT
Content-Length: 0
Connection: keep-alive

GET

Pug
simage2.pubmatic.com/AdServer/ Frame A501
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=e1a76f9b-8b16-11eb-a872-d360ab29aa19&gdpr=0&gdpr_consent=

0
0

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 39C0 66 KB
15 KB 15ms
15ms Script
application/javascript 2606:4700:3039::6815:c00b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31b1b67c191484190066785f309435ba62626a9a8610ca341622145f02ea1ee1

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=rXZqVA==, md5=FrZXw5nGazXqpqqENJYM1A==
date: Mon, 22 Mar 2021 13:59:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 19400
cf-polished: origSize=67981
x-guploader-uploadid: ABg5-UzdpunNSsmLRoNI9jGn6Z9yd8_icrbqDBb_HTskxD0X1TAC86-JgfoUr_aGsjicdi7dz-QAHigoGFT5U2McnPE0Vnbjiw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08fbd53bff00004e9eefaf9000000001
last-modified: Mon, 08 Feb 2021 16:48:30 GMT
server: cloudflare
etag: W/"16b657c399c66b35eaa6aa8434960cd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2wi5q0JXKnDmB%2BEVkCKynNrJHo3oU3jLTvWCZtAvzS4kzIfzXyDTx59E1PSLEG8NdMDSvPxK0s7PFPLf11FU2KemUK32yMPXKTfZdpygzMzY%2FlZf"}],"max_age":604800,"group":"cf-nel"}
x-goog-generation: 1612802910147617
content-type: application/javascript; charset=utf-8
expires: Mon, 22 Mar 2021 08:36:34 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 15609
cf-ray: 633ff17338594e9e-FRA
cf-bgj: minify

POST
H2 200 /
track.adform.net/csimpr/ Frame 39C0 35 B
503 B 39ms
39ms Other
image/gif 37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=35230877&csi=EdlAQ9rljsdOJWBHB-IS2rrSEhAlHIuou3mytxLcl1sJDwKV3Zer3MLxIqatFW8ZJQzcqje_XJJW2Zhw2fOFcCcs4ODdxxAu0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:54 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5464 1 KB
755 B 7ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Mar 2021 03:14:09 GMT
expires: Tue, 23 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 38745
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 39C0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f2ea58097e803aec71c85daf1443fb8e99afa42ee37bbdfd2a017ef31b4e910

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.200/e/igSBggDA/i/vCAv.IAAAAAoAA/r:types/ Frame 39C0 33 KB
14 KB 55ms
55ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/620/s1.adform.net/load/v/0.0.200/e/igSBggDA/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0b0f62719efee7a8a3548115ada8f568a54709e7843a6ead1e6032111ae07ea2

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
content-encoding: gzip
last-modified: Mon, 08 Mar 2021 15:51:47 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Tue, 23 Mar 2021 17:29:01 GMT

GET
H2 200 frame.html Show response
ad4m.at/ Frame 893B 2 KB
1 KB 13ms
13ms Document
text/html 2606:4700:3039::6815:c00b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
content-type: text/html
set-cookie: __cfduid=d85cbadbf69f75a5e1fd2e2070cc4cacc1616421594; expires=Wed, 21-Apr-21 13:59:54 GMT; path=/; domain=.ad4m.at; HttpOnly; SameSite=Lax; Secure
x-guploader-uploadid: ABg5-Uzi-1_7uN1L8Go-AcToEKZJyXjllwzgePCBHnWKzncHxGLbW1M4lc91qTv6-AdP5Mr6zohgm6Oj3Mxhx9DFytM
expires: Mon, 22 Mar 2021 14:59:54 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
cache-control: public, max-age=3600
age: 282325
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 08fbd53c3b00004e9ecf27b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pOmplSLRXgj8gragmRYtdYsxwUVXWZXtstmhbFsuIOXZiGYdaj6hAsEe9ukvJLbsewJIpeQs9B432HG1JxTXF8DscMPyc5L5mNH%2BUUyn%2Bbwu8Hux"}],"max_age":604800,"group":"cf-nel"}
nel: {"max_age":604800,"report_to":"cf-nel"}
vary: Accept-Encoding
server: cloudflare
cf-ray: 633ff17399114e9e-FRA
content-encoding: br

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5464
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP1fwNQ7AZgShujsIWm4ao4&google_cver=1&google_push=AQvitULbIdamJ_2kmZfuyb_SSlFbfUPZ82aI0h-jzW8371dta_8HlxqI1f...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULbIdamJ_2kmZfuyb_SSlFbfUPZ82aI0h-jzW8371dta_8HlxqI1fKBm60Ydo350U3qglXY2lhDMsBJUunaJ7FjBhbK5L0&google_hm=XuiWL0U...

170 B
190 B

33ms
32ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULbIdamJ_2kmZfuyb_SSlFbfUPZ82aI0h-jzW8371dta_8HlxqI1fKBm60Ydo350U3qglXY2lhDMsBJUunaJ7FjBhbK5L0&google_hm=XuiWL0UpFzJwNZzsrG2isw

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:54 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULbIdamJ_2kmZfuyb_SSlFbfUPZ82aI0h-jzW8371dta_8HlxqI1fKBm60Ydo350U3qglXY2lhDMsBJUunaJ7FjBhbK5L0&google_hm=XuiWL0UpFzJwNZzsrG2isw
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET cm
p.rfihub.com/ Frame 5464 0
0

GET rub
px.adhigh.net/p/gm/ Frame 5464 0
0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5464
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEEia2_209Z9ZRbpl9csJhVc&google_cver=1&google_push=AQvitULY7iyCGLJOcOacR0u0DbmlrEupphE_-o5MSscW8OAcpJqIdE6YbyGcxKAGNJCxnGC9GJQ2kPaFUG7E15ss15annq2...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULY7iyCGLJOcOacR0u0DbmlrEupphE_-o5MSscW8OAcpJqIdE6YbyGcxKAGNJCxnGC9GJQ2kPaFUG7E15ss15annq2PFbAY&google_hm=MzI3Mjg0MTg0MDkyNzQ2MT...

170 B
190 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULY7iyCGLJOcOacR0u0DbmlrEupphE_-o5MSscW8OAcpJqIdE6YbyGcxKAGNJCxnGC9GJQ2kPaFUG7E15ss15annq2PFbAY&google_hm=MzI3Mjg0MTg0MDkyNzQ2MTAyNQ%3D%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 22 Mar 2021 13:59:54 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitULY7iyCGLJOcOacR0u0DbmlrEupphE_-o5MSscW8OAcpJqIdE6YbyGcxKAGNJCxnGC9GJQ2kPaFUG7E15ss15annq2PFbAY&google_hm=MzI3Mjg0MTg0MDkyNzQ2MTAyNQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5464
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEOUoUgFcuzZM8-okXkqJkQE&google_cver=1&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcb...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEOUoUgFcuzZM8-okXkqJkQE&google_cver=1&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieE...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg&goo...

170 B
224 B

35ms
34ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg&google_tc=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AQvitUIkqIGK9DICw469J_1gVr7WWkdLP2mubZDCjEmdMQE4t4baCgZrJAsa1n--xuM0ww7mxvU5AwL1Oy16--0hDfieEcbMTFg&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 413
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 5464
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUIRkziAK8OhSE0WNMaD9ZBj6boTA2iXof5ne7lfDSQFgd_L2bUpxoHgrO85CF1fwdhVngls_mv6ET...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUIRkziAK8OhSE0WNMaD9ZBj6boTA2iXof5ne7lfDSQFgd_L2bUpxoHgrO85CF1fwdhVngls_mv6ET6hnOl2Tf-UxR1MPn6d&google_hm=b7afc7a4-6d85-4ccd-9f...

170 B
213 B

33ms
33ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUIRkziAK8OhSE0WNMaD9ZBj6boTA2iXof5ne7lfDSQFgd_L2bUpxoHgrO85CF1fwdhVngls_mv6ET6hnOl2Tf-UxR1MPn6d&google_hm=b7afc7a4-6d85-4ccd-9fa2-43ad7a071b56

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Mar 2021 13:59:55 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUIRkziAK8OhSE0WNMaD9ZBj6boTA2iXof5ne7lfDSQFgd_L2bUpxoHgrO85CF1fwdhVngls_mv6ET6hnOl2Tf-UxR1MPn6d&google_hm=b7afc7a4-6d85-4ccd-9fa2-43ad7a071b56
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET ggl
ads.avads.net/sync/ Frame 5464 0
0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 5464 0
39 B 39ms
30ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jq68Il1SVQLvi17npVMbC8tEUEu40S0YJQ2fd_0w_R06enxPek-GLLd0gTn05oVpq-DclDAg

Requested by

Host: cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
URL: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 frame.html Show response
ad4mat.net/ Frame 3629 1 KB
1 KB 67ms
52ms Document
text/html 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
content-type: text/html
set-cookie: __cfduid=d4890ee84361ca051f3fa833c3946fc681616421594; expires=Wed, 21-Apr-21 13:59:54 GMT; path=/; domain=.ad4mat.net; HttpOnly; SameSite=Lax; Secure
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
cf-cache-status: DYNAMIC
cf-request-id: 08fbd53c68000064a9463eb000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Yp3GmUehNfPMgsVkyllvKWBgyXd4kmJPy282WOX9Zb33cT762fxt9reuAapgECgxjab6dpX3Av%2F%2Fe8MoF6nkqM32RfzCuNc6pLij27sPckI48h0aqCnm"}],"max_age":604800,"group":"cf-nel"}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 633ff173d9af64a9-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 3DF3 654 B
1 KB 1914ms
37ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=60364767&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 1241037e91ebb44fd4a777d92d708d612d820fb65c47fe389e32f1557dd68598

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:55 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 654
Content-Type: text/html; charset=UTF-8

POST
H2 200 rs Show response
ad4m.at/ Frame 39C0 2 KB
2 KB 21ms
21ms XHR
text/plain 2606:4700:3039::6815:c00b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f5321988812d9ebc4563174ef97453885a4eca92f9db7c6f54dcbaf162ac29b

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-rvz5
cf-request-id: 08fbd53cdc0000062104a7b000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lVzMUtzUGcliAu7V8sURu1hpbJkzxMhwzTp2Lof7i0bq3t3K7U0UlDEZzFGXlvm58Ov0nbzCmqrC4ixRlWz2VuT4gOztFzVRNBpqFPMSYBCffHyX"}],"max_age":604800}
content-type: text/plain
access-control-allow-origin: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 633ff17499f40621-FRA

OPTIONS
H2 200 rs
ad4m.at/ Frame 0
0 37ms
24ms Preflight
text/plain 2606:4700:3039::6815:c00b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H2
Server: 2606:4700:3039::6815:c00b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: rs-rvz5
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 08fbd53cc400000621d5220000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ul1chpmp8mu%2Bn%2FX3TqozEU4CXzbv%2FtrCS96Vwa3UZrtX7JLeQN7UEhrhqcLRZHz9EImABn6%2Fvp0AhBqlA1yQPkrUfZJv2a4jbM0%2Bqv4UxRt2GW%2F0"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 633ff17469b70621-FRA

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 4B92 9 KB
4 KB 36ms
21ms Document
text/html 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

858da89af88fdab9f991d89027c10ea331439208b686a020cc3001c1d4f6e5f4

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d95d7816fa2515dc1aae2f279af7b9f7e1616421594; expires=Wed, 21-Apr-21 13:59:54 GMT; path=/; domain=.ad4m.at; HttpOnly; SameSite=Lax; Secure
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 08fbd53d02000053633b930000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 633ff174da485363-FRA
content-encoding: br

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.2/one-ad/ Frame 4B92 58 KB
7 KB 15ms
15ms Stylesheet
text/css 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.2/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea3d0687c8ec9ae8abfef997cfefcf86b646f753120de737c1914653b729ecc2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:54 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 340145
cf-polished: origSize=59219
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
cf-request-id: 08fbd53d1c0000536379040000000001
cf-ray: 633ff174fa835363-FRA
expires: Mon, 22 Mar 2021 14:59:54 GMT

GET
H2 200 6D9D6A90211153F3A9F80EDEE4C4BA19805E1FE2EC1A4345D627B65CD97C7B054B34EDF0474FC84C0E01C192CFD0B4688954A8955EED4FA146B1D9399C603A21
assets.ad4m.at/logo/ Frame 4B92 20 KB
21 KB 16ms
13ms Image
image/webp 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/6D9D6A90211153F3A9F80EDEE4C4BA19805E1FE2EC1A4345D627B65CD97C7B054B34EDF0474FC84C0E01C192CFD0B4688954A8955EED4FA146B1D9399C603A21
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f4e17252f0d204f0b0de3e096deea7c80b481ad2b706fffd71b1a42dc7d6ffd

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=H57tww==, md5=wOsttoKtrylWVpm0OXfcqw==
date: Mon, 22 Mar 2021 13:59:54 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 326918
cf-polished: origFmt=png, origSize=37229
x-guploader-uploadid: ABg5-Uz0SHiAwAvxverV6L7LOhbRGdEXvHUU3WHl78bDiJ1B_QDWXES__SBCHmSjZXFzDqAc3cfPYtC2tQYvpCaBipE
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20980
cf-request-id: 08fbd53d1e00005363a530a000000001
last-modified: Mon, 18 May 2020 09:41:28 GMT
server: cloudflare
etag: "c0eb2db682adaf29565699b43977dcab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mSRvH9K%2B4BUhTx%2F7TNpJ%2BdYpzkUp54UyNXrcwK0kfQXXjlWw7Y97dn91%2BHU5yRM6nj3gVHabIujTrbWX%2BjGSHOUEAyO27pKedAvPAkqY08AxQLY5sGHJS18rew%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589794888109934
content-type: image/webp
expires: Tue, 23 Mar 2021 13:59:54 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 37229
accept-ranges: bytes
cf-ray: 633ff174fa8b5363-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 2046BCCEC0EB4FB133C2AF22FBF8860CFBC13652DB51B29D82C7021599F24844D71EF567DC294A777A54FA1478770244E2AE7F2209415ECBC062610FBA28968C
assets.ad4m.at/product_image/ Frame 4B92 37 KB
37 KB 36ms
34ms Image
image/webp 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/2046BCCEC0EB4FB133C2AF22FBF8860CFBC13652DB51B29D82C7021599F24844D71EF567DC294A777A54FA1478770244E2AE7F2209415ECBC062610FBA28968C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8303de730719c8166fbd90b7364d6263d597e59f85e47c7b2446ef3096439ed5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=0vp2iw==, md5=Ny6EkBaq8Mr+92wsxVWxUw==
date: Mon, 22 Mar 2021 13:59:54 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 330861
cf-polished: qual=85, origFmt=jpeg, origSize=109681
x-guploader-uploadid: ABg5-UzcpVgGTJAgwHfP4WNLp6QbR3UU7Fh7rNCRbTK--YAAfj83DTh3ZSvVgDC-tyPIFvQ7-ibJw0KHKjO32QyzC7B-xhgywA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37520
cf-request-id: 08fbd53d1e0000536328396000000001
last-modified: Fri, 22 May 2020 12:35:58 GMT
server: cloudflare
etag: "372e849016aaf0cafef76c2cc555b153"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HqukD2KT7iIw4ucMLbRLBfQAGBnvs3ehJ8ufyTDJLvnyTuOQrXP5c3HyETnmvsMS2GqQC74T0ldnXPUDOQEcmoJQNRCZVTMLMQrWMWQQICPwSarl%2B684p7H5FA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1590150958623862
content-type: image/webp
expires: Tue, 23 Mar 2021 13:59:54 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 109681
accept-ranges: bytes
cf-ray: 633ff174fa8d5363-FRA
cf-bgj: imgq:85,h2pri

GET

pack_300x250.gif
www.convention.fr/media/effi/ Frame 4B92
Redirect Chain

https://track.effiliation.com/servlet/effi.show?id_compteur=22457432&effi_id=oneidPeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3oneid__adf_Awin_Reach01_fr&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.convention.fr/media/effi/pack_300x250.gif?gdpr_consent=&gdpr=0&gdpr_pd=0&

0
0

GET
H2 200 A35CF373C7C2D59E4F84044CE8000082F17DF4F4BB5FBCAB3132EEA630AAD66BF9E9A774C7608E36497AA67529424140843F917E416C3B58093236A7276F557D
assets.ad4m.at/logo/ Frame 4B92 15 KB
16 KB 21ms
20ms Image
image/webp 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A35CF373C7C2D59E4F84044CE8000082F17DF4F4BB5FBCAB3132EEA630AAD66BF9E9A774C7608E36497AA67529424140843F917E416C3B58093236A7276F557D
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed8af4314990196387b111a26b930416138593cfeb17a55520200833e0231ef9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=0eb35A==, md5=ddxiQ9LqGFhBfgqBGIprCw==
date: Mon, 22 Mar 2021 13:59:54 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 330375
cf-polished: origFmt=png, origSize=50046
x-guploader-uploadid: ABg5-UxFLRbUNeT_cebF5iLuQUsv6zoGa1kuzk0snnk8S-9X4iBEvqUIbBktnHpMXlt8in3d-Kzmx1ExA1dLqdllFDaS61wwLg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15650
cf-request-id: 08fbd53d1e0000536340a7f000000001
last-modified: Mon, 02 Mar 2020 13:00:40 GMT
server: cloudflare
etag: "75dc6243d2ea1858417e0a81188a6b0b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jdyGXdM5BKCBrYh5Gl%2FV1H0N7L9kp%2BZd9BbpHkyAJv5JdIqLDHG1bSe%2ByZNZD2ZV1CsBHnh2CLC2k69zqd3mJ7oVjzqrMSWUAxzyeZiD6RGIzIi%2BrQbbheiStw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1583154040910222
content-type: image/webp
expires: Tue, 23 Mar 2021 13:59:54 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 50046
accept-ranges: bytes
cf-ray: 633ff174fa8e5363-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 0D55DDEC59FD84ABAF53ADC0F9EF0E332CD7370D14892A4EBB0457A45AC6C9B27720D5884E271A8AC399A2EBF292CF7170F560032BBF3656544C5F6682491E8A
assets.ad4m.at/ Frame 4B92 68 KB
69 KB 14ms
13ms Image
image/webp 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/0D55DDEC59FD84ABAF53ADC0F9EF0E332CD7370D14892A4EBB0457A45AC6C9B27720D5884E271A8AC399A2EBF292CF7170F560032BBF3656544C5F6682491E8A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f01ea38e4aa5f749f88d1982a9677cfdae1c9ba1f564bab41930a08bc950045e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=tpzZGw==, md5=f2aWPfTL9XwrYbVnXKOoLQ==
date: Mon, 22 Mar 2021 13:59:54 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 925108
cf-polished: qual=85, origFmt=jpeg, origSize=141659
x-guploader-uploadid: ABg5-UzmeOYJJ1pdpOpzGsyo7Gv3h1cmaltV_lRMUz7NkC7s9EZfVwVfNez0ec1scf5JI4h6zwrhMPBio6lmKqLc_ko
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 69800
cf-request-id: 08fbd53d1e000053637d1d1000000001
last-modified: Mon, 02 Mar 2020 13:01:54 GMT
server: cloudflare
etag: "7f66963df4cbf57c2b61b5675ca3a82d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ULKYr5NpKbY%2FZAVy%2BTVDDlnnzV4UT%2BNIXftwXVSp0oxbk%2Bh26dZ1uRLAMlz8pjsycvuaAM02dFVNVtFcqvvZLTWBKYU00txgXQOFw35Gstt3%2Bh6mNsLEYmVIuw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1583154114162874
content-type: image/webp
expires: Tue, 23 Mar 2021 13:59:54 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 141659
accept-ranges: bytes
cf-ray: 633ff174fa8f5363-FRA
cf-bgj: imgq:85,h2pri

GET

servebanner.php
www.bdfugue.com/affili_bd/public/ Frame 4B92
Redirect Chain

https://track.effiliation.com/servlet/effi.show?id_compteur=22414148&effi_id=oneid7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPYoneid__adf_Awin_Reach01_fr&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.bdfugue.com/affili_bd/public/servebanner.php?name=btn-achat-bd-200x65px?gdpr_consent=&gdpr=0&gdpr_pd=0&

0
0

GET
H2 200 C1F461DAC8A2B69898B2E047D1957B171084F2BFA36EC27208E0208E8164ACD9D642C914D290739264379554B9A8251C2A2FFBBF7CBCA2314FEFF9214588DBDD
assets.ad4m.at/logo/ Frame 4B92 19 KB
20 KB 20ms
19ms Image
image/webp 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/C1F461DAC8A2B69898B2E047D1957B171084F2BFA36EC27208E0208E8164ACD9D642C914D290739264379554B9A8251C2A2FFBBF7CBCA2314FEFF9214588DBDD
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f50970c037807174f63feb5375c54a2e25fa9bbdc7e58c90c7eb6c03991bb7f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=7dlgSg==, md5=gEIPBPA4apSUtjxko+zr6Q==
date: Mon, 22 Mar 2021 13:59:54 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 440834
cf-polished: qual=85, origFmt=jpeg, origSize=65836
x-guploader-uploadid: ABg5-Uyl7fsZdud5RSI3x5p1gXTBPFquxK7NMChgbHoZS9-J99it4HOnwN2R8qxbCu-gvsvb47GOrvBcyPd8fVmAITY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19604
cf-request-id: 08fbd53d1f0000536388983000000001
last-modified: Thu, 18 Jun 2020 09:28:32 GMT
server: cloudflare
etag: "80420f04f0386a9494b63c64a3ecebe9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P4HT2iQZZt9%2ByVsjd64AHOettsN8AT4%2BGpjpTDuYY9CvpO5UVGd7zgvjEjHvOSwqOTzCIqfdX3vUtmqHR7FfIJNiPkpw6Cj5F%2FUiws2o2HoQXIsEjX5hue%2FeYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1592472512577032
content-type: image/webp
expires: Tue, 23 Mar 2021 13:59:54 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 65836
accept-ranges: bytes
cf-ray: 633ff174fa905363-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 29B16CE7C644E450CF1BBDBF0339E04AAE5EDFE2380D11BBEF58E983D97A8F53EFF8051DBBACB04EC3F473122F7D1F1BE6EF2011D984B93850B21B15ACAE1DA2
assets.ad4m.at/product_image/ Frame 4B92 96 KB
97 KB 21ms
20ms Image
image/webp 2606:4700:3039::6815:c00a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/29B16CE7C644E450CF1BBDBF0339E04AAE5EDFE2380D11BBEF58E983D97A8F53EFF8051DBBACB04EC3F473122F7D1F1BE6EF2011D984B93850B21B15ACAE1DA2
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=25105%2C20819%2C29950&b=PeACBfpYK3URpkT9HjHbtMtK3BCbt9Tp3%2C7ZmFqfJV4ZUYgbHrHXHgtAt4AAuzt1TPY%2CKeDCRfRebkCZVbT5HMHktPtYVAcKtATQz&f=b4eHQfbKgDTpkJcYHbHzt8C17zuetJTA1%2CEeKCDfx6RZCPXpTzHAHjt6C7ppS4tVTB8%2Ck6Vu5fQdxPcP7XS4HwHetmCkRMCPtjT3k&c=728&d=90&e=&g=dc4e7a54b167fe0fb989825447ff7535%2F3685429621692223465&i=27392%2C27045%2C27693&j=13%2C13%2C13&k=0&l=0&m=0&n=&p=&q=&o=adf_Awin_Reach01_fr&h=https%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DCRclt1qJYYMHqOtzL7_UPwaeRqATz2KuTXMm81LOiB8CNtwEQASAAYPWVzoHgBIIBF2NhLXB1Yi02Mzk2ODQ0NzQyNDk3MjA4yAEJqQLy1NLV1vezPuACAKgDAaoE8QFP0PTsfMuxnwfM3V5bJKKTomuY_tK5m6i3c7VJCPUPpg3LNfnFxlNCIrFkV4NG5rsDEQqagzuJ_V01MWbHpdxGKcl6MnvgOOVXwx3IzjZDSFkADKcpZzYWZizH_SRbc8tMCFOiwzqHkK4l01graEcjblnrOBul9IxDGSyXQbwgJZqICy99Og0PdsQyN5KaHuHWNHsC3L3wnmowqTIcD5ES_SnkAKNSHYE3f6rIzD-5enIzTkuAE7LVd9kRo5NiMZy6yTJM3hOKWEzSHM0ar98vQQpOK-UceKtf1YRdlr2DILPBbA5-vshF9Xi4SxsSVRgx4AQBgAajqLiqr5rSiwWgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgb2AcA0ggFCIBhEAHyCBthZHgtc3Vic3luLTg4OTA5NDg2NjUzMzUzMjH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_1KTIWpZsP9Ykg1XTVx8SDLGJmLhQ%26client%3Dca-pub-6396844742497208%26adurl%3Dhttps%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D35230877%3Bcrtbwp%3DYFii1gAOtUEIu-XcAARTwUbRKDoODeQb5xKiJQ%3Bcrtbdata%3D213YhU2VLU0D8YGD1Al6jpL1VYoOLXW3H3BTSI6e2-1iTNuzjW_RBw6lzVbaIVSCgJrMQ2uvcN7Wd3PV_kDUSH3rNSXLDMS0LX-FR0mBnPBvp2jiWQ7uECBeYwPadyIZC9OfJVfTXsIoCd9EmhdayXiwy5Xg-aff6HUoj_FSwxS_X-MPY2AlIaGloshJgAGNhdGRWS824WIGP12Pw95Qog2%3Badfibeg%3D0%3Bcdata%3DR34W0g1D7fHAfFJN5_MlAPTkcQIceqf7ZdkIz0crHGpECArNaqgkM5QA_VkrNF97tvSr1DFS6FzJM82wqRMST08XAqjB5WhVC95tQX4SjUULtvLrUCKXQWoHneLR_AG2wam4j8aztFYR33YgIBaWqcTj-xBkZCCo0%3B%3BCREFURL%3Dhttps%253a%252f%252fexcel-malin.com%3BC%3D1%3Bcpdir%3D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c00a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0402efa70fda493c45111c44e9af94fcf6cf9727b99a094018673fae4a6ab672

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GhcAcw==, md5=6Q4OQS5h1gceqVdAYqOW8Q==
date: Mon, 22 Mar 2021 13:59:54 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 331434
cf-polished: qual=85, origFmt=jpeg, origSize=177885
x-guploader-uploadid: ABg5-Ux-DYpWshwIMuqvm9gpUTTMcvfW_J3srVwa0Lmxv3C6RlASf6vlwJHu8G8sv7CxHMV-xJYcIk_AuQYfJD3_mMU
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 98644
cf-request-id: 08fbd53d20000053639020c000000001
last-modified: Thu, 18 Jun 2020 10:25:53 GMT
server: cloudflare
etag: "e90e0e412e61d6071ea9574062a396f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PdK81%2BqONoXY03ALlxWui0qrYz6Hs5RNQqWSKhue9ZfcU20U47YyJhBvcf0AjywcH1Cwko2pkxAydZDWY%2FcBR2QsiZdf9VDZS3vu9tGnkAT1rxJX588WMaG%2BqA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1592475953759700
content-type: image/webp
expires: Tue, 23 Mar 2021 13:59:54 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 177885
accept-ranges: bytes
cf-ray: 633ff174fa935363-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

120x600%20NOUVELLE%20CO%20hiver%2020.jpg
cdn.hopps-group.com/effiliation/1/ Frame 4B92
Redirect Chain

https://track.effiliation.com/servlet/effi.show?id_compteur=22468912&effi_id=oneidKeDCRfRebkCZVbT5HMHktPtYVAcKtATQzoneid__adf_Awin_Reach01_fr&gdpr_consent=&gdpr=0&gdpr_pd=0
https://cdn.hopps-group.com/effiliation/1/120x600%20NOUVELLE%20CO%20hiver%2020.jpg?gdpr_consent=&gdpr=0&gdpr_pd=0&

65 KB
66 KB

394ms
59ms

Image
image/jpeg

91.208.224.199
HOPPS-GROUP

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.hopps-group.com/effiliation/1/120x600%20NOUVELLE%20CO%20hiver%2020.jpg?gdpr_consent=&gdpr=0&gdpr_pd=0&

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.208.224.199 , France, ASN47980 (HOPPS-GROUP, FR),

Reverse DNS

Software

nginx /

Resource Hash

a62696358e28eb29b16e2396b9734bb49a34f842266a11a604b5a60279ed0974

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:54 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 30 Jul 2020 09:11:10 GMT
Server: nginx
ETag: "5f228eae-10578"
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 66936
X-CDN: CDN-1
Expires: Mon, 29 Mar 2021 13:59:54 GMT

Redirect headers

pragma: no-store
date: Mon, 22 Mar 2021 13:59:54 GMT
via: 1.1 google
server: nginx
p3p: CP='ALL DSP COR IND PHY ONL UNI PUR COM NAV INT CNT PRE CUR ADM TAI PSA PSD IVAo IVDo CONo TELo OUR SAMo'
content-type: image/gif
location: https://cdn.hopps-group.com/effiliation/1/120x600%20NOUVELLE%20CO%20hiver%2020.jpg?gdpr_consent=&gdpr=0&gdpr_pd=0&
cache-control: no-store
expire: Wed, 31 Dec 1969 23:59:59 GMT
alt-svc: clear
content-length: 0

GET
H2 200 army.gif Show response
excel-malin.com/porpoiseant/ 0
166 B 1336ms
26ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://excel-malin.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjc2NzE1IiwiZG9tYWluX2lkIjoiMTczNTYzIiwidW5pdCI6ImRpdi1ncHQtYWQtZXhjZWxfbWFsaW5fY29tLW1lZHJlY3RhbmdsZS0xLTAiLCJ0X2Vwb2NoIjoxNjE2NDIxNTg1LCJhZF9wb3NpdGlvbiI6MTEzNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNIIiwicGFnZXZpZXdfaWQiOiIzODgxZWJmZi0zOTg0LTRkNTktNmI5Ny02ZGZjMTg2MjdkMDIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzODIwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY3NjcxNSIsImRvbWFpbl9pZCI6IjE3MzU2MyIsInVuaXQiOiJkaXYtZ3B0LWFkLWV4Y2VsX21hbGluX2NvbS1tZWRyZWN0YW5nbGUtMS0wIiwidF9lcG9jaCI6MTYxNjQyMTU4NSwiYWRfcG9zaXRpb24iOjExMzQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDSCIsInBhZ2V2aWV3X2lkIjoiMzg4MWViZmYtMzk4NC00ZDU5LTZiOTctNmRmYzE4NjI3ZDAyIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzgyMCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2NzY3MTUiLCJkb21haW5faWQiOiIxNzM1NjMiLCJ1bml0IjoiZGl2LWdwdC1hZC1leGNlbF9tYWxpbl9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTY0MjE1ODUsImFkX3Bvc2l0aW9uIjoxMTM0LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ0giLCJwYWdldmlld19pZCI6IjM4ODFlYmZmLTM5ODQtNGQ1OS02Yjk3LTZkZmMxODYyN2QwMiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM4MjAsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: excel-malin.com
URL: https://excel-malin.com/detroitchicago/memphis.js?gcb=194-2&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://excel-malin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:56 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Sun, 21 Mar 2021 13:59:56 UTC

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 39C0 42 B
89 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuOnfIYNVjZNkjwpcEttr553wVWfzLxcnD5JsQ551Hc7unSu7oq82BA-wNiLyamOeb63bP41XfZdNEnZn-TAY4BxBx3MvtEuw&sig=Cg0ArKJSzLwyPlXFLr1CEAE&cid=CAASFeRoT176p2XNHqLocsbvKIoIwhGDTQ&id=lidar2&mcvt=1000&p=1098,436,1188,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210317&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1944177510&rs=4&met=ce&la=0&cr=0&osd=1&vs=4&rst=1616421591130&dlt=35&rpt=2&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 39C0 35 B
504 B 1143ms
41ms Other
image/gif 37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=2498908320531930185@@35230877,3046964069037587706,100|1203|0|0|0|0|0|0|0||41|1|1|6058a2d70000162207fd8911730be1ea_1|||1|0|0|xZi58mI8DnHxBx_RTJEBJy_RgEWQCnVp11Y4c0_KPlK_JVM2rD3IBsyz8d6D7jvo0|||11|

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/620/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:56 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame E2C9 37 KB
14 KB 36ms
35ms Document
text/html 184.30.20.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-198.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=DD5F50ED-6A4E-4089-860A-E1F8FB716145; DPSync3=1617580800%3A201_227_226_221; SPugT=1616421591; chkChromeAb67Sec=2; SyncRTB3=1616976000%3A2_223_67_15%7C1617235200%3A63%7C1618963200%3A203%7C1617580800%3A5_81_57_54_78_99_204_230_189_176_161_56_165_104_13_220_166_88_71_7_22_3_8_55_21_222%7C1617667200%3A35%7C1621555200%3A69; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=27229
Expires: Mon, 22 Mar 2021 21:33:44 GMT
Date: Mon, 22 Mar 2021 13:59:55 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E2C9 654 B
1 KB 152ms
38ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=83225414&p=137711&s=137812&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 1241037e91ebb44fd4a777d92d708d612d820fb65c47fe389e32f1557dd68598

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:56 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 654
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK SPug Show response
simage4.pubmatic.com/AdServer/ Frame A501 0
418 B 123ms
30ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156983&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:54 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 1885 35 B
468 B 145ms
49ms Document
image/gif 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=DD5F50ED-6A4E-4089-860A-E1F8FB716145

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=60364767&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?party=14&cid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1; uid=2498908320531930185; TPC=1616421594073
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 22 Mar 2021 13:59:56 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=2498908320531930185; expires=Fri, 21 May 2021 13:59:56 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 usersync Show response
rtb.gumgum.com/ Frame 1602 35 B
237 B 48ms
47ms Document
image/gif 52.30.76.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=pbm&i=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.76.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=pbm&i=DD5F50ED-6A4E-4089-860A-E1F8FB716145
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 22 Mar 2021 13:59:56 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

GET
H/1.1

200
OK

/
pixel.onaudience.com/ Frame 3DF3
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=DD5F50ED-6A4E-4089-860A-E1F8FB716145
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=b71ca6c6-056d-4610-acee-48bc5971a7d3&icm

35 B
248 B

33ms
33ms

Image
image/gif

51.210.112.63
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.onaudience.com/?partner=147&mapped=b71ca6c6-056d-4610-acee-48bc5971a7d3&icm
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.210.112.63 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3174889.ip-51-210-112.eu
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:56 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.onaudience.com/?partner=147&mapped=b71ca6c6-056d-4610-acee-48bc5971a7d3&icm
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 209

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame 3DF3
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130

0
418 B

89ms
30ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:55 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 22 Mar 2021 13:59:54 GMT
Server: MT3 3611 f10363c master zrh-pixel-x2
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 22 Mar 2021 13:59:53 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E2C9
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=DD5F50ED-6A4E-4089-860A-E1F8FB716145
https://spl.zeotap.com/?zdid=1332&zcluid=614fee6a060ea9e4
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da3dd470-3d4d-405f-7c3d-342e66acfd60&reqId=7d2217c5-2c32-41ac-447f-69fa608deae7&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESEPhXD7ogFb4hz1fYWaHfyJw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da3dd470-3d4d-405f-7c3d-342e66acfd60&reqId=7d2217c5-2c32-41ac-447f-69f...

95 B
190 B

37ms
35ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEPhXD7ogFb4hz1fYWaHfyJw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da3dd470-3d4d-405f-7c3d-342e66acfd60&reqId=7d2217c5-2c32-41ac-447f-69fa608deae7&zcluid=614fee6a060ea9e4&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 22 Mar 2021 13:59:56 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 633ff1811f0f4dfa-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 08fbd544b200004dfa762ca000000001

Redirect headers

pragma: no-cache
date: Mon, 22 Mar 2021 13:59:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEPhXD7ogFb4hz1fYWaHfyJw&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da3dd470-3d4d-405f-7c3d-342e66acfd60&reqId=7d2217c5-2c32-41ac-447f-69fa608deae7&zcluid=614fee6a060ea9e4&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 50D7 35 B
469 B 93ms
48ms Document
image/gif 37.157.4.29
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=DD5F50ED-6A4E-4089-860A-E1F8FB716145

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=83225414&p=137711&s=137812&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?party=14&cid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1; uid=2498908320531930185; TPC=1616421594073
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 22 Mar 2021 13:59:56 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=2498908320531930185; expires=Fri, 21 May 2021 13:59:56 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame E2C9
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130

0
418 B

81ms
30ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 22 Mar 2021 13:59:55 GMT
Cache-Control: no-store, no-cache, private
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 22 Mar 2021 13:59:54 GMT
Server: MT3 3611 f10363c master zrh-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=81e26058-a2d5-4900-9437-5d8ef3ac3130
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 22 Mar 2021 13:59:53 GMT

GET
H/1.1 200
OK Cookie set merge Show response
ce.lijit.com/ Frame 52D8 43 B
4 KB 39ms
38ms Document
image/gif 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=58&3pid=DD5F50ED-6A4E-4089-860A-E1F8FB716145
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ce.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: _ljtrtb_1=7049653180921765701; ljtrtbexp=eJxlkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLszBBqL8imWIvu3eJ0cHE7Z1ceSjRnKfGPEZJ2YPNmJQGECxxtIErrf4cPuzo9SUynIZChZ0LIM2IHBL%2BiHRvLMh4Xl5pw7KeQZ5FnD1WDeC284G%2F0vu%2F1WHQ%3D%3D; ljt_reader=dd217c0945da0e59fb89a2ac; _ljtrtb_2=50165B84EC384071BD49338A6E72D25D; _ljtrtb_87=44072faf-417f-4f38-8eeb-a24ad10edff3; _ljtrtb_76=6636b465-ec0c-01ed-3e99-60558f168bd2; _ljtrtb_10=1875819618363947518; _ljtrtb_5001=8129521f8a3f2d18ced56a743080b243; _ljtrtb_49=q8c5TvaauFje; _ljtrtb_43=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E; _ljtrtb_3=22636058-a2d5-4200-8031-f794f5c55550; _ljtrtb_12=8302895149037461874; _ljtrtb_36=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3; _ljtrtb_71=DD5F50ED-6A4E-4089-860A-E1F8FB716145; _ljtrtb_80=KMKNOHC6-1-JYL7; _ljtrtb_86=8fSsnqf3f9NDC8WJLEVi; _ljtrtb_83=KMKNOIAW-1B-5I55; _ljtrtb_16=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348; ljtrtb=eJw1UUFuGzEM%2FMueQ4AUSYnqzfauUydOWiBFU%2FcSaFdS6gBp7QbtpejfKxmoDjqQw%2BHM8M9Abng3GKOzqCQROYgnCzJcDexbqzz5LFQXCbCUiCCtDVbmAsElq8WCyws3tCJSpyIX1VG1xNVlsqVk9SkIo%2BHspCOp83riHNJMMM%2BJQEoNYI4SLH5hjiUJOwWPasllD8JibVJimzzbop9%2Bp%2FRr%2B1I6WysFlOiVyTA6Cl5Dk3I1dGeK5HVtMm3YBAOtR4nMtvJTcKPTsdtsMOc892XQtimIQwRDJqghStVF28MGNWzY27vb%2Bw%2FvNx4Ibg770MqhaxhH3SpOI%2FiVTCBoEczjCiba2nYdyJNop%2BD%2FFLvVI9AadKeXeg%2FF6sPb93PlGu%2FHjT3e7KfPx26xr21HUaPYjsOeowSlSyKdbvlxejseH3cfD%2FnEL%2BfrfP8Nn7883B3y19Pz6%2FVml59ef%2B5p6lIv2Tezs3iFsuACSCUDlxh73GqVvM3ZdUmhYaWl5mqqIBTaV9na9cvcgpKUCUuulYe%2F%2FwAm74xy; _ljtrtb_84=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Mon, 22 Mar 2021 13:59:56 GMT
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: _ljtrtb_80=KMKNOHC6-1-JYL7;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_5001=8129521f8a3f2d18ced56a743080b243;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_36=e_6d41fc47-ce90-4461-8ebe-72a8fe872dc3;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_49=q8c5TvaauFje;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_16=613d7ab1-bba1-4ef7-821a-c6c339ea4325-6058a2d6-4348;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_71=DD5F50ED-6A4E-4089-860A-E1F8FB716145;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_83=KMKNOIAW-1B-5I55;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_3=22636058-a2d5-4200-8031-f794f5c55550;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_84=c:d5ac9bc0c9bcc03f34ac847e4ba7f3ed;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_2=50165B84EC384071BD49338A6E72D25D;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_1=7049653180921765701;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_86=8fSsnqf3f9NDC8WJLEVi;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_87=44072faf-417f-4f38-8eeb-a24ad10edff3;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_76=6636b465-ec0c-01ed-3e99-60558f168bd2;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_10=1875819618363947518;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_43=copsiiWIPYdp3jqGdNh0gXSMYdZpgmGCId_mrL1E;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None _ljtrtb_12=8302895149037461874;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0;Secure;SameSite=None ljtrtb=eJw1UstuVDEM%2FZe7riU7thOnu5m5d8r0BVIrhrKpcvMorVRoqWCD%2BHeSSmThhX18fHycPxO56XQyRmdRSSJyEE8WZDqZ2PdSvfdFqGUJkGtEkF4Gq2uF4JK1asGVzB2tiDSoyEV11Cxxc4Us16I%2BBWE0XJ0MJA1eT1xCWgnWNRFIbQHMUYLsM3OsSdgpeFRLrngQFuudEnvnq2W9%2FZ3Sr%2F1THWw9FVCiVybD6Ch4DV3KyTQ2UySvW5NlxyYYaDtLZLaNX4Kbnc5jzQ5zzvMYBn2agjhEMGSCFqI0zdofdqhhx15cXVx%2F%2FLDzQHB%2Bdxl6OgwN86x7xWUGv5EFBC2CedzAQnvbbwN5Eh0U%2FJ%2FisDkCbUEP%2Bp6Xns%2BnRVOOa8YRMnJjSdkkVFlTaFzLQA77rN28fX9t3OL1vLPj%2BeXy%2BXGYMQT286lR7Gdkz1GC0rt3Y3D%2B8fL2%2BHg8fLorL%2Fz0elauv%2BHDl5uru%2FL15eH5bHco988%2FL2kZS71fqduyileoXRIg1QJcYxyHUWvkbS1uSAodK91f11IDodBDY%2Bv%2FpK7dUkmFsJbWePr7D6aFmEQ%3D;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:56 GMT;Max-Age=31536000;Secure;SameSite=None _ljtrtb_58=DD5F50ED-6A4E-4089-860A-E1F8FB716145;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:56 GMT;Max-Age=31536000;Secure;SameSite=None ljtrtbexp=eJxlkDkShTAMQ%2B%2BSmsL7wtX%2B%2FLszBBqL8imWIvu3eJ0cHE7Z1ceSjRnKfGPEZJ2YPNmJQGECxxtIErrf4cPuzo9SUynIZChZ0LIM2IHBL%2BiHRvLMh4Xl5pw7KeQZ5FnD1WDeC284G%2F0vu%2F1WHQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Tue, 22-Mar-2022 13:59:56 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=dd217c0945da0e59fb89a2ac;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap5ams1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ums.acuityplatform.com
URL: https://ums.acuityplatform.com/tum?umid=27&uid=dd217c0945da0e59fb89a2ac&gdpr=0&gdpr_consent=

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=fmx

Domain: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/x/ae12848777b41970a5f2?gdpr=0&gdpr_consent=

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=

Domain: sync.technoratimedia.com
URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865619880087

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID}

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7DERisSy1Lol605&gdpr=0&gdpr_consent=

Domain: uipglob.semasio.net
URL: https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=7933ED39-7AE6-4593-94DD-814B27A42915&sInitiator=external&gdpr=0&gdpr_consent=

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b71ca6c6-056d-4610-acee-48bc5971a7d3

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7236353981170428696

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:81e26058-a2d5-4900-9437-5d8ef3ac3130&gdpr=0&gdpr_consent=

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=50&gdpr=0&gdpr_consent=&gdpr_pd=&ssp=pubmatic

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YFii3QAAAHBcPyrK&gdpr=0&gdpr_consent=&_test=YFii3QAAAHBcPyrK

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=8248286069948666349&gdpr=0&gdpr_consent=&us_privacy=

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:71e3b31c-2cb3-4139-bf81-c488ce138ff1&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=7885162345081131483

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_2e235821-b706-402b-b0b2-6aeaba7f2b6d

Domain: nep.advangelists.com
URL: https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A

Domain: rudy.adsnative.com
URL: https://rudy.adsnative.com/cm.gif?dspid=159402804&buid=CTXX7rlJzs2z

Domain: dsum.casalemedia.com
URL: https://dsum.casalemedia.com/rum?cm_dsp_id=189&external_user_id=CTXX7rlJzs2z&expiration=[EXPIRATION]

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2e4bed9e-dc7e-4707-8c07-c96df592e9b3&gdpr=&gdpr_consent=&gdpr_pd=

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=b71ca6c6-056d-4610-acee-48bc5971a7d3

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=2498908320531930185

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:81e26058-a2d5-4900-9437-5d8ef3ac3130&gdpr=0&gdpr_consent=

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2e4bed9e-dc7e-4707-8c07-c96df592e9b3&gdpr=&gdpr_consent=&gdpr_pd=

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2819760768618582509&gdpr=0&gdpr_consent=&us_privacy=

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6942477865620600983

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:57e27f52-318c-467a-867e-9beebfec02ac&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8302895149037461874

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_2e235821-b706-402b-b0b2-6aeaba7f2b6d

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=CTXX7rlJzs2z&pid=557219

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID}

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:60aCtMlp1Lol605&gdpr=0&gdpr_consent=

Domain: uipglob.semasio.net
URL: https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=DD5F50ED-6A4E-4089-860A-E1F8FB716145&sInitiator=external&gdpr=0&gdpr_consent=

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-b70b2318-75b1-4ed3-87ec-bcd1f575522c-003

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F6A640CED6224A48A3040804E06DFA18

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=e1a76f9b-8b16-11eb-a872-d360ab29aa19&gdpr=0&gdpr_consent=

Domain: p.rfihub.com
URL: https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEBnOj0zxtVaQDpC6wbQ8dh4&google_cver=1&google_push=AQvitUI9xByIH01Hvqh-YezlzRBaZo209uUzu5-vu3xGevNl-0gDzQfYaIeimn3N7m1ne2FZZeccjIAHs2wLteOWRgR_vxNllGo

Domain: px.adhigh.net
URL: https://px.adhigh.net/p/gm/rub?google_gid=CAESEBEBxQieTnfTJ8L0NJAkupI&google_cver=1&google_push=AQvitUJOliZ8oV2n3KEuozfWZyFCUv5bE6EQn6uxHXC0WIgVBgROvF6b5nmSG5CE5JGDRNmwjGFcbILDKmcO8HerpH3RJaT-2cQ

Domain: ads.avads.net
URL: https://ads.avads.net/sync/ggl?google_gid=CAESEGPr8a7QuJlnMohn2tOGFJ8&google_cver=1&google_push=AQvitUKMGbNxqYjDnV6_OjYDIm9kGtC4Gx8Nh8drLXbCxN-Ml_vrqfzf0K2aoziLFZNByHe6mZcZXAhMffXCM3n4aYheAbIUSD4P7A

Domain: www.convention.fr
URL: https://www.convention.fr/media/effi/pack_300x250.gif?gdpr_consent=&gdpr=0&gdpr_pd=0&

Domain: www.bdfugue.com
URL: https://www.bdfugue.com/affili_bd/public/servebanner.php?name=btn-achat-bd-200x65px?gdpr_consent=&gdpr=0&gdpr_pd=0&

Verdicts & Comments Add Verdict or Comment

300 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			excel-malin.com/	1970-01-20 01:45:57	Name: ezux_lpl_173563 Value: 1616421586911\|3881ebff-3984-4d59-6b97-6dfc18627d02\|false

128 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/js/head-b8a1ae72cf96842d974ef548cd86b85d15108480.js(Line 49) Message: JQMIGRATE: Migrate is installed with logging active, version 1.4.1
console-api	warning	URL: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/js/head-b8a1ae72cf96842d974ef548cd86b85d15108480.js(Line 51) Message: JQMIGRATE: jQuery.browser is deprecated
console-api	log	URL: https://cdn-0.excel-malin.com/wp-content/cache/asset-cleanup/js/head-b8a1ae72cf96842d974ef548cd86b85d15108480.js(Line 51) Message: console.trace
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2(Line 256) Message: Profile ID: 10599246
console-api	log	URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61708599/20210213033253901/index.html?e=69&leftOffset=0&topOffset=0&c=fKW5QqBicx&t=1&renderingType=2(Line 257) Message: Profile String: MyCSS_dynamic_Campaing_2021_FR
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://excel-malin.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://excel-malin.com/
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com
console-api	warning	URL: https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js(Line 10) Message: GSAP target .counter-divider-2 not found. https://greensock.com

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.sportradarserving.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ad4mat.net
ads.avads.net
ads.creative-serving.com
ads.pubmatic.com
ads.yieldmo.com
adservice.google.ch
adservice.google.com
aktrack.pubmatic.com
ams.creativecdn.com
aorta.clickagy.com
ap.lijit.com
as.ad4m.at
assets.ad4m.at
aud.pubmatic.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beap-bc.yahoo.com
bh.contextweb.com
bid.contextweb.com
bidder.criteo.com
c1.adform.net
cc.adingo.jp
cdab19c38c5d70b5feabcdc9b0883d26.safeframe.googlesyndication.com
cdn-0.excel-malin.com
cdn.ampproject.org
cdn.hopps-group.com
cdnjs.cloudflare.com
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
contextual.media.net
creativecdn.com
cs.emxdgt.com
d.turn.com
d5p.de17a.com
data.adsrvr.org
dclk-match.dotomi.com
demand.trafficroots.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
eu-u.openx.net
excel-malin.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
g2.gumgum.com
gcm.ctnsnet.com
go.ezodn.com
go.ezoic.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
loadm.exelator.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
match.sync.ad.cpe.dotomi.com
match.taboola.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
nep.advangelists.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partners.tremorhub.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.advertising.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
polyfill.io
pr-bh.ybp.yahoo.com
pr.ybp.yahoo.com
prebid.a-mo.net
public-prod-dspcookiematching.dmxleo.com
pubmatic-match.dotomi.com
pulsepoint-match.dotomi.com
px.adhigh.net
px.ads.linkedin.com
px.owneriq.net
red.erne.co
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.mfadsrvr.com
rudy.adsnative.com
rules.quantcount.com
s.amazon-adsystem.com
s.tribalfusion.com
s.yimg.com
s0.2mdn.net
s1.adform.net
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssum-sec.casalemedia.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.colossusssp.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.teads.tv
sync.technoratimedia.com
tg.socdm.com
tpc.googlesyndication.com
track.adform.net
track.effiliation.com
trc.taboola.com
uipglob.semasio.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
visitor.fiftyt.com
www.bdfugue.com
www.convention.fr
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.paypalobjects.com
x.bidswitch.net
aax-eu.amazon-adsystem.com
ads.avads.net
dsum.casalemedia.com
nep.advangelists.com
p.rfihub.com
px.adhigh.net
rudy.adsnative.com
simage2.pubmatic.com
sync.srv.stackadapt.com
sync.technoratimedia.com
uipglob.semasio.net
ums.acuityplatform.com
www.bdfugue.com
www.convention.fr
104.108.64.37
104.76.200.23
136.144.59.88
142.250.185.66
142.250.185.98
142.250.186.98
149.56.26.32
151.101.113.108
151.101.13.44
151.101.14.49
159.253.128.188
169.197.150.7
178.162.133.149
178.250.0.157
178.250.0.163
178.250.2.131
18.156.95.187
18.158.174.89
18.159.17.140
18.185.0.221
18.185.82.201
18.195.155.181
18.197.99.6
18.198.69.109
18.237.96.144
184.30.20.198
184.30.20.241
185.184.8.30
185.29.133.52
185.33.221.15
185.33.223.178
185.64.189.110
185.64.189.112
185.64.189.114
185.64.189.249
185.64.190.78
185.86.137.131
185.94.180.126
193.0.160.129
198.148.27.134
198.148.27.140
2001:678:cb4:bbbb::11
202.241.208.100
213.155.156.166
213.19.147.151
216.52.2.30
216.52.2.48
23.210.248.12
23.37.38.181
2600:1f18:444a:4602:a911:dd8a:407b:f40
2600:1f18:612b:4264:9a95:fbee:2d35:58d
2600:9000:206f:d200:2:cb38:840:93a1
2600:9000:2182:6a00:6:44e3:f8c0:93a1
2606:4700:10::6816:1857
2606:4700:10::ac43:db6
2606:4700:3032::6815:57ae
2606:4700:3033::ac43:cd64
2606:4700:3039::6815:c00a
2606:4700:3039::6815:c00b
2606:4700::6810:125e
2606:4700::6812:bcf
2606:4700::6812:d05
2606:4700:e0::ac40:6e26
2620:116:800d:21:f916:5049:f87f:108e
2620:119:50e1:101::6cae:b25
2a00:1288:110:c305::8000
2a00:1288:80:800::7001
2a00:1450:4001:801::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::2001
2a00:1450:4001:808::2002
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:810::2001
2a00:1450:4001:811::2002
2a00:1450:4001:812::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::2003
2a00:1450:4001:828::2006
2a00:1450:4001:828::2008
2a00:1450:4001:829::2001
2a00:1450:4001:82b::2002
2a00:1450:400c:c0b::9b
2a02:2638::1c
2a02:2638::3
2a02:fa8:8806:12::1460
2a02:fa8:8806:16::1400
2a04:4e42::621
3.126.158.103
3.126.56.137
3.127.129.22
3.127.76.126
34.102.211.201
34.120.25.144
34.98.64.218
35.172.126.30
35.186.193.173
35.201.96.126
35.227.248.159
37.157.4.29
37.157.5.73
37.157.6.245
38.27.122.101
46.228.164.13
51.210.112.63
51.38.120.206
52.21.211.170
52.30.76.93
52.46.130.13
52.48.137.92
52.50.156.162
54.163.239.172
54.194.129.87
54.250.196.226
54.36.109.155
54.76.222.161
63.33.123.138
64.202.112.127
66.155.71.150
69.173.144.138
72.251.241.206
8.43.72.97
85.114.159.118
88.214.193.99
88.221.62.154
91.208.224.199
94.23.73.243
0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78
00b45e73e4860bd9481c7bd7df4a17bccacaf1c0547542ad30eccbba44e6a6d3
01def1f3b8031c25e3899b6fbfcd6ef4cd2aa264ae1e3f5c7f0f81d514e1b375
0402efa70fda493c45111c44e9af94fcf6cf9727b99a094018673fae4a6ab672
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f
08375cebca0d36f2fa3ec9e027a974146af7161553e4319a418d4cee6b38bed7
089630244600f33230010f5e04c67419ec642c5228540adb42e3fe92c631e6bf
08f85566eb2b6044c17b4e6f2dcabb5bd33fa385e80b6de8accd6bbd9739aee7
095cec422ed58b327bb224ccae87485c2e6b38e8e5c30f99aa10b26669500d02
0b0f62719efee7a8a3548115ada8f568a54709e7843a6ead1e6032111ae07ea2
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7
0cce5fdb60546fe634b9f1d7866552b61c67e6fd6440cd435ebef99ba8d2fa66
0d7cd639c89358f19d898c0f407c362e22f9f3efb8f419bb35ede15d184daa71
0e32512897217d08356116d383a123e13b301c823d33c6f44e40c9f5939f9410
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
0f4e17252f0d204f0b0de3e096deea7c80b481ad2b706fffd71b1a42dc7d6ffd
1089c2f68420aef2895f37f7d95c326ae96842bd1878a26f9da778f9fec10e3c
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
1241037e91ebb44fd4a777d92d708d612d820fb65c47fe389e32f1557dd68598
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457
16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c
1a53ffbc133e6bea67b8da922559a7865ea2e52aa251c2ad351c9810f6551380
1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1be12ad7a6d1c15872d26e3bef2ead0d0cf9b575f8202c7d2b947576c350d6b5
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f2ea58097e803aec71c85daf1443fb8e99afa42ee37bbdfd2a017ef31b4e910
1f4a6c5c98372f5313630f477ddad6b68a0f39f895ccd4afbf606c83663ae584
1f50970c037807174f63feb5375c54a2e25fa9bbdc7e58c90c7eb6c03991bb7f
1fa16c1f74876eaeaf66d6f29d57c641c619fcf69ac55187039f4f82ff9a701f
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
2704a01f20ed6fe631b5aa4baaa5300823bcddbe7d8f35c43edad1f86aff05db
28d349faf9db6a6d67ecad9bef969b751cbb2ca0a741f20e6156bbb28f457a0a
28e4dd02f1e0bd534327060b428ac81be0fc8b4736a8abce7a13fb5a436499c4
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c
2c61b588e93535e01578deb67b69452d3e40d7c9fd713a01654411013d445589
2c665b7528228b2f3709351d2cf93ebf8670ae51508347170642a576010623ba
2cc09b0d82fa5d05aef18c5468f24d943431683c73266d6a46c8f16325b23620
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e1f5f9a4faaa2d437190dcff6923805e99491ad1ee3bb809b8b550d948282e9
304d4e2ee3ab55281bb6b29f3ae0b3c402f335f5925c9ed795ea631e75788fce
310ec9a0dde43f69803a63d55db44db440d737a0a12caeb043957e66fc4b3826
31b1b67c191484190066785f309435ba62626a9a8610ca341622145f02ea1ee1
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
34a19a738783f86d5ca6900221c3b34eddd1da37da53b6cea49f6a758833abce
35eeb78bb6ce7a8a764cf9535eb83cff528683c5ca158bcab7d9959fdb26a22f
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3c5c21129792f39bae5ab83c9022e6be9d2ca05f95fec7ff715a877371228327
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3ddf39fe42cf5e347723957fc6eec62761711be001c25457f909ee2384513d59
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f5321988812d9ebc4563174ef97453885a4eca92f9db7c6f54dcbaf162ac29b
3fd7f0b687efb0f9dceb10559569e219ea7bd3ec4900a5668902155c41ce455b
4056e5ed710eb7c015cd5b8b3b3a0b54c5f29d578eab2f034ee75bb94aebc46f
406c30eee508c1dd7a84f47d6ca9e37b62a6ca936bf00a653c1123e4c7a04dce
41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
48c978eaee9473c367fd30eea148b6cd5233e58a317a36157c24e5dd2af62a97
493cc3a1405ee478331433b65e47222faee874aef6d82558d71c14f5babfb78e
497f104098486aa40cbe596c6b853e9ae856c477375780fc0db5d54d30828274
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4d6f63573f232a1d4afe849ad6ef2d278dc1404e51bd6675579b4b6f0a2975c0
4dbb6c1052bc2e3f2cdb1c7fffd7c2ef37d8b19fa3977bda85f5b72f4f8132eb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ed9e68daec65b2fde80938f332c6813249b5261d1b158b5703574e2c34a14c3
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4f6a815ee3aaa7e858456f2b460131d0a63d1f97a15782f1663100d612ad299b
4ff246efb996207e120dae73eca5ad57e780fa76c3a49a8d7cffdcd451662e48
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52697a2b1453e4d0fcd93928412311a07f0f680d11ea6f6b63e9655f33252a78
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c9560cb0117d8d1f955aefe0f88b843517964e118512d8f1a224a8a9b662f4
5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a
5598c70d71a8481db535a878e52d9ba74b892939154ac24d1da493d843ce3810
56a68598a57a3ac0db59a0f8e8eda2b9d1cb7f88f0d29dbcd63d70ff719e0f3c
570c04b30a5c8fa6ceaff96ea6d3a0dfabd85dee3edae40e38b0344a7278f254
587214628a2363d47444a2ddc59023128dd1cb83aed813a2bfd721b3a8634e6c
58a9747af0a9fbaa03e40bbb3fa35a8d68fccd1a4783a0077df720d1b4f48cb3
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5adcaeab7eb8cad07c7dc37d21a84aa09dc3b4d24ee14d9c80d8550b45b96450
5e76055b1b5382b0ae0a912f19ed489d9c61b1581a3c4832f2e35b89f1f93a7d
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
608bfbeb794a96d4fa1734659f8e7412d2ad49c1962daf1fbc917a04ab912e7c
6094c4966b779bf91e2461773e30cb0dc965642321826ba0a54c6ae8dbdf0d89
611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964
619ba34c3476b5f27ffc81faf8a8449709d683519a142405ec50c42e40519587
633411252cd3723532e0cb3c8c4214863de95cb26997c7ff3273aaf8f55d0d2a
64be3875a16cd57d662be94d9401706fe6425b88d9eb158a4d095167d0f2547c
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6813557063fbc6bcc884cdaa719c37ebe38e56bc8038c863c016a070aad138f2
682ac4e14b7a7ed29a1d9b305a04b9b6d137ecbf2315bc72964e9252356dacc3
686df60545fbf0a0d59457fc410d3f997b5c904afdedb6d1b67a48984d6a2cda
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f78e05f2ec076a0bceffb6c1f779eb9b85e9da4b124c96276eb297157f26fc8
701d5bff766ede4a292d9410b06f1dd649039b3bd7b30a5df793d97aa06552a7
70b2efddfdc17c18b9e246d323323552ec4b7474d7cf393bebc621ff8ee8b2c4
70d82c6075989e0082b4917c6685f5f6bec1e673d0a80160eac61b3f1cdcb1a1
71410de1f37e7f42ef4bc1e8d86672888211c1efb6b97ae0c52eb4e4d05dfd94
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7497cafbecbeff290be8bb47c4d1f3f81649de14af16e681f80b736909daaf51
760f80ccf6637ebca79ed929a6f5c4fff11de957b45ffdd4c2f1e3a9a9435cd1
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8303de730719c8166fbd90b7364d6263d597e59f85e47c7b2446ef3096439ed5
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
848625b8b958c19741dac848a6de9123ace358e5c36a8231eb9d43c88eaacb6a
84c29bf6544bcd798cd5206a7febb2b935a174480d8094f4abc48d34916c8526
858da89af88fdab9f991d89027c10ea331439208b686a020cc3001c1d4f6e5f4
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b67d60359df409e06ffc171f149e7355ed64922d845862f0dfe43c3ae11e36f
8bfd448cdfd4d63a2df6c5a1f8be353bb5bfa4ab185fb3001419098dadb01d57
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
940345062aebbc7e948f704d1bcf67ff0a17123e873b6302926801783c40a6d2
94169203db4f2b9193d0b1d7bcc2ab4abbe12b846d6080cd00e4c6dbf986b322
941c260356b6aa75782a27384179a63581c9e41b42155774982f36b0d84cde9c
9483b5c007aadd1c45d5a391c9c905e30de674c7dd17cd36108077e878a56c78
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3
997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e
9a5d04f74cf2a5ac395114c141150def9ea2ec79fa5b06febc02cb396d2c88f7
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b8c008dfbfa4016ee8fdb2e952accba56cc6016d9cba40b57d885364787560d
9c2464add3c699d2be6d7ec889eed8d56ff71327ce4fc9e43955cea79b117fce
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9e70f6024b548bd737be725ac2e20b3ff7b060cbd16a72f606c125296364510a
a0581f9c5f34fa09c169e3309ab93b6427808ee581bee7b0d5fa92bbc366fcc2
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a24769ce0c44e74c397a4f6a709638d5e25728e1dcbea999168c8288fad600c6
a3a66e5c52016b74e629e487b10918cf680db5fed1f3617f964dbcad05c4ad0d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a62696358e28eb29b16e2396b9734bb49a34f842266a11a604b5a60279ed0974
a768f6d90b2d960b06730c524d45ef934afde321bb8d3480453066e7ebd62275
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
acc25eac3c903d09b945dfc213fe0c10931fbde7e4e56c77c8677bf93237f2c4
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f
b3f416370ba010162cd52dd0f5b86f5becbdf218d75b4ff2ee95576de32d129b
b508890fa78d2f2402373b726addab91325eedb62ca66573da0e7d3f71730ddd
b5675b0d1ee88db374b1e60e301fda9f0c1d3585f47173468827115fc4e529c2
b605039e0347485d32a6309e030417ee7c506858fa123751bbe8d7fc0e2132cd
b6fcdd11c229160158b2399cfc0524bd1712b0b24e86e9d3432e5eec78d9e518
b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd
b980f62a2d545d64f24e6f96902c8fbf5da0018569c369bc18f9e5b5fcf099ed
b9c7c7ff0c50a82dd60b4a0ce7f3741dd4ab6f1abb24ef320316a5ae4994bac6
bb10b8a273579cd997035d04ad3d87002aefa416b6ebe91b6c25e4eb0aa6ffcf
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2e8b4fba49f90cfca5a43371c09879aed7447e0ba2ed4abd75b81448776c4f7
c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb
c5ea8d4b345807e4893864109a1ad0680883684607a24297dc4cea398b5bb6d1
c79559d2226972ac27413ed946bedcd1766457c378f0c43a36c2ea9a4d868c94
c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5
c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca625f204331905abf3b4d86a89dfb9799c63771723b9b15c5b54c1f9fb2b83c
ca74e28e92ecead8f6f67e3d66adff96bcbcd5f837bd66c95852059fc20c00c1
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb5801e38fe4b467f5dacb5f367ed50467c88915f489159001a9de342e45ac46
cc32433c2b6596cd473a96cb0696d4c1fea096cd8b6ab98fe76ca543e43cf79e
cdf358c3a68450a8a7283e91fe4aeeac26d1d578e8771ad058762e5c00a8038b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d16e7188d633449ef3846627c426f15de98e0b2f241bdc8358da715062d416ec
d18106dabdb47ba73b327b7c5d1268a15132441ba5d41927b2d445ef93f1f386
d8b19fb12b0ecac91095a1f6eb4dbc7d53d0d700f2d94244a6443a3080826f18
d8b5d59d6004bd8a9c1c6000a0421b32cd360819b7192918d00cef4516f66a2d
d91c08859a904dd7dc44bfdac195e7c8a620b74be69d3b2a483c7e2737b16d9e
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd9e15d07a2bc5e2fd643859757f70fe2f1d3f159abc7499923fa8b392ce9599
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e2f126a8957c32db99e94d1bf7c9ed09fcd38ba99bd632ebd048f01f9c5f9c9b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e
e84f403b47a6aa25724ae69a3e5783697b6e08826c624a11e614fd1fe328f5a8
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee
e965b21d6a23293b47f5deb510a49b0675f74ee2eeb6dc86c101c33ff921461c
e9e3564d6b477b6c313841b22f61bb5ea1ab7f1bfba1a52b4cbd2987a953328d
ea3d0687c8ec9ae8abfef997cfefcf86b646f753120de737c1914653b729ecc2
ec8604d4eade6552031ca2e8d3af9b3a1393bdc11b39dcb8176c41f4e5fb678c
ed8af4314990196387b111a26b930416138593cfeb17a55520200833e0231ef9
edb29173908b3066bc5870b8858e3e5ac4d243b07e496da506de2d424885d61a
eea4a3705b3e19174b9f0f127702bfc02cda65dff1f5b25e65f48a9c65ce9a7e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01ea38e4aa5f749f88d1982a9677cfdae1c9ba1f564bab41930a08bc950045e
f02c0f14ee5c8b096d499d906aa4675a6c5e2230e437b393237a56bdac34301c
f05c2d2e10234a842da3ffd8e9309fc6ce05056e3e9ea85f7607791b858d407f
f24bd9007a64984a1fac394d0ed07ecdf282d143fb22cc331bb2fa8b0a12fd91
f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae
f8c286b8bacd19d185bae050c2e9b350b19bddd12d990ca882fd4c991c4d01c7
fa5c7486a8995f8a95ae4c8774b629f892362b19b116d253644ed1cc19e54299
fba520a3fb705157417bb5574a3c8d57a33b7d907892b0d397374fd546fa65c1
fd78f51affedcaa173cd1f15fca8f1fbecdbaafa7020cec2ae0fe3befbed5ea1
fe1890672c80b7f1fd15562733afb7c6f7f81d457f94008bf79985c2dcffd926

excel-malin.com Open in urlscan Pro 3.127.76.126 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

499 Requests

91 %HTTPS

33 %IPv6

106 Domains

160 Subdomains

99 IPs

12 Countries

3558 kBTransfer

7818 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

499 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

excel-malin.com Open in urlscan Pro
3.127.76.126 Public Scan

Screenshot
Live screenshot

Full Image

499
Requests

91 %
HTTPS

33 %
IPv6

106
Domains

160
Subdomains

99
IPs

12
Countries

3558 kB
Transfer

7818 kB
Size

1
Cookies

499 HTTP transactions
14 data transactions