urlscan.io logo urlscan.io
SecurityTrails logo

heroinvesting.com Open in urlscan Pro
2600:9000:2251:e800:6:1c12:bd80:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://heroinvesting.com/
Effective URL: https://heroinvesting.com/
Submission: On November 22 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 93 IPs in 13 countries across 77 domains to perform 349 HTTP transactions. The main IP is 2600:9000:2251:e800:6:1c12:bd80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is heroinvesting.com. The Cisco Umbrella rank of the primary domain is 216060.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 15th 2023. Valid for: a year.
This is the only time heroinvesting.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:225... 16509 (AMAZON-02)
25 2600:9000:225... 16509 (AMAZON-02)
1 2600:9000:239... 16509 (AMAZON-02)
1 2a03:2880:f17... 32934 (FACEBOOK)
8 2606:4700:e2:... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
11 2606:4700:10:... 13335 (CLOUDFLAR...)
50 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 108.138.37.209 16509 (AMAZON-02)
9 2a03:2880:f08... 32934 (FACEBOOK)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638:3::c 44788 (ASN-CRITE...)
1 108.138.36.122 16509 (AMAZON-02)
1 35.244.193.51 396982 (GOOGLE-CL...)
2 54.247.19.59 16509 (AMAZON-02)
3 162.19.138.117 16276 (OVH)
1 52.215.24.0 16509 (AMAZON-02)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 18.173.191.32 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 65.21.238.88 24940 (HETZNER-AS)
1 162.19.138.116 16276 (OVH)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 34.95.69.49 396982 (GOOGLE-CL...)
1 18.159.189.64 16509 (AMAZON-02)
5 7 208.93.169.131 46244 (WEBMD-IDC...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 69.166.1.9 27630 (AS-XFERNET)
1 34.120.63.153 396982 (GOOGLE-CL...)
1 178.128.135.204 14061 (DIGITALOC...)
1 34.249.240.92 16509 (AMAZON-02)
1 2602:803:c004... 26667 (RUBICONPR...)
1 64.227.4.68 14061 (DIGITALOC...)
2 46.228.174.115 56396 (AMOBEE)
1 23.35.229.56 16625 (AKAMAI-AS)
1 34.149.20.76 15169 (GOOGLE)
1 209.192.253.44 7979 (SERVERS-COM)
1 34.149.50.64 396982 (GOOGLE-CL...)
1 77.245.57.72 36057 (WEBAIR-IN...)
1 185.86.139.116 201081 (SMARTADSE...)
1 18.202.39.252 16509 (AMAZON-02)
1 140.82.40.19 20473 (AS-CHOOPA)
5 51.89.9.253 16276 (OVH)
3 6 104.18.36.155 13335 (CLOUDFLAR...)
4 44.194.142.98 14618 (AMAZON-AES)
1 199.212.255.178 25948 (FHMNET)
1 18.185.207.108 16509 (AMAZON-02)
7 18.200.168.98 16509 (AMAZON-02)
4 216.52.2.6 30282 (AS-INAPCD...)
3 5 145.40.97.67 54825 (PACKET)
1 3.126.176.240 16509 (AMAZON-02)
2 54.84.92.154 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 23.35.228.23 16625 (AKAMAI-AS)
3 4 76.223.111.18 16509 (AMAZON-02)
2 143.244.158.175 14061 (DIGITALOC...)
3 5 34.234.39.43 14618 (AMAZON-AES)
1 104.18.38.76 13335 (CLOUDFLAR...)
5 67.202.105.23 32748 (STEADFAST)
22 2606:4700:e2:... 13335 (CLOUDFLAR...)
10 23.35.229.251 16625 (AKAMAI-AS)
1 172.240.155.76 7979 (SERVERS-COM)
1 67.220.228.203 16509 (AMAZON-02)
4 7 54.93.103.174 16509 (AMAZON-02)
8 11 185.89.210.153 29990 (ASN-APPNEX)
4 35.227.252.103 15169 (GOOGLE)
4 4 23.56.202.187 16625 (AKAMAI-AS)
4 198.47.127.18 62713 (AS-PUBMATIC)
1 1 35.214.167.69 15169 (GOOGLE)
5 8 172.217.16.194 15169 (GOOGLE)
1 4 172.64.151.101 13335 (CLOUDFLAR...)
2 2 3.89.216.2 14618 (AMAZON-AES)
2 2 99.84.88.8 16509 (AMAZON-02)
1 1 193.0.160.130 54312 (ROCKETFUEL)
1 35.244.174.68 396982 (GOOGLE-CL...)
7 52.223.40.198 16509 (AMAZON-02)
3 4 185.86.138.150 201081 (SMARTADSE...)
5 5 185.184.8.90 204995 (RTB-HOUSE...)
1 4 2a02:fa8:8806... 41041 (VCLK-EU-SE)
4 2a05:d018:d29... 16509 (AMAZON-02)
3 69.173.144.137 26667 (RUBICONPR...)
4 2606:4700:10:... 13335 (CLOUDFLAR...)
3 69.166.1.67 27630 (AS-XFERNET)
8 8 46.228.174.117 56396 (AMOBEE)
2 2 46.228.164.11 56396 (AMOBEE)
3 3.75.62.37 16509 (AMAZON-02)
3 63.32.251.103 16509 (AMAZON-02)
3 18.195.212.171 16509 (AMAZON-02)
2 2 185.86.139.94 201081 (SMARTADSE...)
2 2 185.29.132.245 30419 (MEDIAMATH...)
2 2 2.18.160.23 16625 (AKAMAI-AS)
28 34.247.233.198 16509 (AMAZON-02)
4 4 35.244.159.8 396982 (GOOGLE-CL...)
3 3 52.87.28.41 14618 (AMAZON-AES)
3 3 52.3.113.141 14618 (AMAZON-AES)
3 8.18.47.7 398989 (DEEPINTENT)
3 3 50.31.142.31 23352 (SERVERCEN...)
4 4 37.157.5.132 198622 (ADFORM)
3 23.213.164.238 16625 (AKAMAI-AS)
3 3 211.120.53.200 4694 (IDCF IDC ...)
5 69.173.144.138 26667 (RUBICONPR...)
2 2 35.210.239.72 19527 (GOOGLE-2)
1 198.47.127.19 3257 (GTT-BACKB...)
3 2606:4700:e2:... ()
349 93
1    2600:9000:2251:ee00:6:1c12:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
heroinvesting.com
25    2600:9000:2251:e800:6:1c12:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
heroinvesting.com
1    2600:9000:2394:7c00:3:6d3c:dac0:93a1 (United States)

ASN16509 (AMAZON-02, US)
adgarden.market
1    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
8    2606:4700:e2::ac40:8a0c (United States)

ASN13335 (CLOUDFLARENET, US)
vrl9rgsahh7mx6ndn.ay.delivery
3    2606:4700::6812:651 (United States)

ASN13335 (CLOUDFLARENET, US)
static.vidazoo.com
11    2606:4700:10::ac43:15e8 (United States)

ASN13335 (CLOUDFLARENET, US)
static.kueezrtb.com
u.kueezrtb.com
track.kueezrtb.com
gtrack.kueezrtb.com
50    2606:4700:3036::ac43:9447 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.heroinvesting.com
2    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
3    108.138.37.209 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-37-209.muc50.r.cloudfront.net
c.amazon-adsystem.com
9    2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
static.xx.fbcdn.net
scontent.xx.fbcdn.net
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    108.138.36.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-122.muc50.r.cloudfront.net
config.aps.amazon-adsystem.com
1    35.244.193.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.193.244.35.bc.googleusercontent.com
lexicon.33across.com
2    54.247.19.59 (Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
d9.flashtalking.com
3    162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu
id5-sync.com
1    52.215.24.0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-24-0.eu-west-1.compute.amazonaws.com
id.crwdcntrl.net
2    2606:4700:4400::ac40:90a6 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.confiant-integrations.net
2    2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
1    18.173.191.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-191-32.muc50.r.cloudfront.net
aax.amazon-adsystem.com
1    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
3    65.21.238.88 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.88.238.21.65.clients.your-server.de
api.assertcom.de
1    162.19.138.116 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu
lb.eu-1-id5-sync.com
1    2606:4700::6812:1691 (United States)

ASN13335 (CLOUDFLARENET, US)
cadmus.script.ac
2    34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com
i.clean.gg
1    18.159.189.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-189-64.eu-central-1.compute.amazonaws.com
grid.bidswitch.net
7    208.93.169.131 (United States)

ASN46244 (WEBMD-IDC1-AS, US)
bid.contextweb.com
bh.contextweb.com
1    2606:4700:4400::ac40:994e (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
1    69.166.1.9 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
1    34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com
prebid.media.net
1    178.128.135.204 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
brightcombid.marphezis.com
1    34.249.240.92 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
hb.minutemedia-prebid.com
1    2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    64.227.4.68 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
exchange.kueezrtb.com
2    46.228.174.115 (United Kingdom)

ASN56396 (AMOBEE, GB)
targeting.unrulymedia.com
1    23.35.229.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-56.deploy.static.akamaitechnologies.com
a.teads.tv
1    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
1    209.192.253.44 (United States)

ASN7979 (SERVERS-COM, US)
colossusssp.com
1    34.149.50.64 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.50.149.34.bc.googleusercontent.com
s.seedtag.com
1    77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)
cpm.qortex.ai
1    185.86.139.116 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
1    18.202.39.252 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
hb.yellowblue.io
1    140.82.40.19 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 140.82.40.19.vultrusercontent.com
prebid.cootlogix.com
5    51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu
onetag-sys.com
6    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
ssum.casalemedia.com
4    44.194.142.98 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-142-98.compute-1.amazonaws.com
pbs.nextmillmedia.com
1    199.212.255.178 (Canada)

ASN25948 (FHMNET, CA)
prebid.dblks.net
1    18.185.207.108 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-207-108.eu-central-1.compute.amazonaws.com
tlx.3lift.com
7    18.200.168.98 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
g2.gumgum.com
rtb.gumgum.com
4    216.52.2.6 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
5    145.40.97.67 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
1    3.126.176.240 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-176-240.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
2    54.84.92.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-92-154.compute-1.amazonaws.com
report2.hb.brainlyads.com
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com
contextual.media.net
4    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    143.244.158.175 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.cootlogix.com
sync.kueezrtb.com
5    34.234.39.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-39-43.compute-1.amazonaws.com
cookies.nextmillmedia.com
1    104.18.38.76 (None, )

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
5    67.202.105.23 (United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
22    2606:4700:e2::ac40:8f15 (United States)

ASN13335 (CLOUDFLARENET, US)
s.0cf.io
10    23.35.229.251 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-251.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    172.240.155.76 (United States)

ASN7979 (SERVERS-COM, US)
sync.colossusssp.com
1    67.220.228.203 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
7    54.93.103.174 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-103-174.eu-central-1.compute.amazonaws.com
x.bidswitch.net
11    185.89.210.153 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
secure.adnxs.com
4    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
4    23.56.202.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-202-187.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    198.47.127.18 (United States)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
1    35.214.167.69 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 69.167.214.35.bc.googleusercontent.com
csync.loopme.me
8    172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net
cm.g.doubleclick.net
4    172.64.151.101 (United States)

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
ssum.casalemedia.com
2    3.89.216.2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-89-216-2.compute-1.amazonaws.com
i.liadm.com
2    99.84.88.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-8.muc50.r.cloudfront.net
live.rezync.com
1    193.0.160.130 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
7    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
4    185.86.138.150 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync.smartadserver.com
5    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
4    2a02:fa8:8806:20::2040 (Singapore)

ASN41041 (VCLK-EU-SE, US)
casale-match.dotomi.com
prebid-match.dotomi.com
4    2a05:d018:d29:3602:b34:3da1:cf11:a756 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
3    69.173.144.137 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
prebid-server.rubiconproject.com
4    2606:4700:10::ac43:8ae (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.connectad.io
sync-eu.connectad.io
3    69.166.1.67 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
8    46.228.174.117 (United Kingdom)

ASN56396 (AMOBEE, GB)
sync.1rx.io
sync.targeting.unrulymedia.com
2    46.228.164.11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
3    3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    63.32.251.103 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
ads.servenobid.com
3    18.195.212.171 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-212-171.eu-central-1.compute.amazonaws.com
match.sharethrough.com
2    185.86.139.94 (France)

ASN201081 (SMARTADSERVER, FR)
ssbsync-global.smartadserver.com
2    185.29.132.245 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    2.18.160.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-160-23.deploy.static.akamaitechnologies.com
hbx.media.net
28    34.247.233.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
usersync.gumgum.com
4    35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
3    52.87.28.41 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-28-41.compute-1.amazonaws.com
sync.srv.stackadapt.com
3    52.3.113.141 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-113-141.compute-1.amazonaws.com
sync.ipredictive.com
3    8.18.47.7 (Miami, United States)

ASN398989 (DEEPINTENT, US)
match.deepintent.com
3    50.31.142.31 (Hickory Hills, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
4    37.157.5.132 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
3    23.213.164.238 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-164-238.deploy.static.akamaitechnologies.com
ads.pubmatic.com
3    211.120.53.200 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
tg.socdm.com
5    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
2    35.210.239.72 (Brussels, Belgium)

ASN19527 (GOOGLE-2, US)
PTR: 72.239.210.35.bc.googleusercontent.com
u.ipw.metadsp.co.uk
1    198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image6.pubmatic.com
3    2606:4700:e2::ac40:861f (None, )

ASN- ()
dblksync.dblks.net
Apex Domain
Subdomains		 Transfer
76 heroinvesting.com
heroinvesting.com — Cisco Umbrella Rank: 216060
cdn.heroinvesting.com — Cisco Umbrella Rank: 406919
7 MB
35 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1591
rtb.gumgum.com — Cisco Umbrella Rank: 1589
usersync.gumgum.com — Cisco Umbrella Rank: 2098
12 KB
23 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 513
eus.rubiconproject.com — Cisco Umbrella Rank: 602
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 969
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 776
token.rubiconproject.com — Cisco Umbrella Rank: 458
74 KB
22 0cf.io
s.0cf.io — Cisco Umbrella Rank: 11896
268 KB
13 kueezrtb.com
static.kueezrtb.com — Cisco Umbrella Rank: 12118
u.kueezrtb.com — Cisco Umbrella Rank: 13062
track.kueezrtb.com — Cisco Umbrella Rank: 10213
gtrack.kueezrtb.com — Cisco Umbrella Rank: 10209
exchange.kueezrtb.com — Cisco Umbrella Rank: 7864
sync.kueezrtb.com — Cisco Umbrella Rank: 7350
89 KB
11 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 246
secure.adnxs.com — Cisco Umbrella Rank: 495
8 KB
11 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 245
169 KB
10 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 511
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
dsum.casalemedia.com — Cisco Umbrella Rank: 1396
ssum.casalemedia.com — Cisco Umbrella Rank: 1451
6 KB
9 nextmillmedia.com
pbs.nextmillmedia.com — Cisco Umbrella Rank: 3246
cookies.nextmillmedia.com — Cisco Umbrella Rank: 2836
4 KB
9 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 933
scontent.xx.fbcdn.net — Cisco Umbrella Rank: 449
166 KB
8 pubmatic.com
image8.pubmatic.com — Cisco Umbrella Rank: 662
ads.pubmatic.com — Cisco Umbrella Rank: 534
image6.pubmatic.com — Cisco Umbrella Rank: 823
18 KB
8 openx.net
rtb.openx.net — Cisco Umbrella Rank: 695
us-u.openx.net — Cisco Umbrella Rank: 522
1 KB
8 bidswitch.net
grid.bidswitch.net — Cisco Umbrella Rank: 1165
x.bidswitch.net — Cisco Umbrella Rank: 351
2 KB
8 ay.delivery
vrl9rgsahh7mx6ndn.ay.delivery — Cisco Umbrella Rank: 189402
313 KB
7 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492
ups.analytics.yahoo.com — Cisco Umbrella Rank: 327
2 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 353
2 KB
7 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1611
ssbsync.smartadserver.com — Cisco Umbrella Rank: 774
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1511
9 KB
7 contextweb.com
bid.contextweb.com — Cisco Umbrella Rank: 3177
bh.contextweb.com — Cisco Umbrella Rank: 547
4 KB
7 33across.com
lexicon.33across.com — Cisco Umbrella Rank: 1497
ssc.33across.com — Cisco Umbrella Rank: 3592
ssc-cms.33across.com — Cisco Umbrella Rank: 923
573 B
6 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 567
4 KB
6 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 306
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 598
aax.amazon-adsystem.com — Cisco Umbrella Rank: 394
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 890
70 KB
5 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 592
2 KB
5 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 751
870 B
5 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 572
eb2.3lift.com — Cisco Umbrella Rank: 417
2 KB
5 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 746
696 B
4 adform.net
c1.adform.net — Cisco Umbrella Rank: 599
2 KB
4 connectad.io
cdn.connectad.io — Cisco Umbrella Rank: 5186
sync-eu.connectad.io — Cisco Umbrella Rank: 4363
2 KB
4 dotomi.com
casale-match.dotomi.com — Cisco Umbrella Rank: 3027
prebid-match.dotomi.com — Cisco Umbrella Rank: 2253
181 B
4 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 984
match.sharethrough.com — Cisco Umbrella Rank: 559
159 B
4 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 683
404 B
4 dblks.net
prebid.dblks.net — Cisco Umbrella Rank: 81590
dblksync.dblks.net
23 KB
4 unrulymedia.com
targeting.unrulymedia.com — Cisco Umbrella Rank: 792
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1268
1 KB
4 media.net
prebid.media.net — Cisco Umbrella Rank: 1335
contextual.media.net — Cisco Umbrella Rank: 691
hbx.media.net — Cisco Umbrella Rank: 1337
11 KB
4 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1987
sync.go.sonobi.com — Cisco Umbrella Rank: 931
3 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1359
112 KB
3 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1208
2 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 580
927 B
3 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 1055
99 B
3 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 909
1 KB
3 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 689
3 KB
3 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 2437
871 B
3 assertcom.de
api.assertcom.de — Cisco Umbrella Rank: 10702
929 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1523
mp.4dex.io — Cisco Umbrella Rank: 2070
27 KB
3 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 440
2 KB
3 vidazoo.com
static.vidazoo.com — Cisco Umbrella Rank: 3115
63 KB
2 metadsp.co.uk
u.ipw.metadsp.co.uk — Cisco Umbrella Rank: 5190
281 B
2 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 1372
1 KB
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 851
868 B
2 rezync.com
live.rezync.com — Cisco Umbrella Rank: 1922
1 KB
2 liadm.com
i.liadm.com — Cisco Umbrella Rank: 539
1 KB
2 gstatic.com
fonts.gstatic.com
173 KB
2 brainlyads.com
report2.hb.brainlyads.com — Cisco Umbrella Rank: 4730
1 KB
2 cootlogix.com
prebid.cootlogix.com — Cisco Umbrella Rank: 4723
sync.cootlogix.com — Cisco Umbrella Rank: 2264
711 B
2 colossusssp.com
colossusssp.com — Cisco Umbrella Rank: 1290
sync.colossusssp.com — Cisco Umbrella Rank: 1426
139 B
2 clean.gg
i.clean.gg — Cisco Umbrella Rank: 894
104 B
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1481
104 KB
2 flashtalking.com
d9.flashtalking.com — Cisco Umbrella Rank: 1807
12 KB
2 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 454
376 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
158 KB
1 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 415
98 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 868
1 KB
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 940
285 B
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 674
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
4 KB
1 yellowblue.io
hb.yellowblue.io — Cisco Umbrella Rank: 2448
427 B
1 qortex.ai
cpm.qortex.ai — Cisco Umbrella Rank: 22266
264 B
1 seedtag.com
s.seedtag.com — Cisco Umbrella Rank: 1735
380 B
1 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1462
382 B
1 minutemedia-prebid.com
hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3706
427 B
1 marphezis.com
brightcombid.marphezis.com — Cisco Umbrella Rank: 19722
229 B
1 script.ac
cadmus.script.ac — Cisco Umbrella Rank: 1421
45 KB
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 928
277 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6862
455 B
1 crwdcntrl.net
id.crwdcntrl.net — Cisco Umbrella Rank: 2498
318 B
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2462
255 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 110
14 KB
1 adgarden.market
adgarden.market — Cisco Umbrella Rank: 69361
8 KB
349 77
Domain Requested by
50 cdn.heroinvesting.com heroinvesting.com
28 usersync.gumgum.com rtb.gumgum.com
26 heroinvesting.com 1 redirects heroinvesting.com
22 s.0cf.io vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
rtb.gumgum.com
10 eus.rubiconproject.com vrl9rgsahh7mx6ndn.ay.delivery
eus.rubiconproject.com
cookies.nextmillmedia.com
rtb.gumgum.com
8 cm.g.doubleclick.net 5 redirects rtb.gumgum.com
8 ib.adnxs.com 5 redirects
8 vrl9rgsahh7mx6ndn.ay.delivery heroinvesting.com
vrl9rgsahh7mx6ndn.ay.delivery
7 match.adsrvr.org ssum-sec.casalemedia.com
s.0cf.io
rtb.gumgum.com
7 x.bidswitch.net 4 redirects rtb.gumgum.com
7 static.xx.fbcdn.net www.facebook.com
static.xx.fbcdn.net
6 sync.1rx.io 6 redirects
6 rtb.gumgum.com s.0cf.io
rtb.gumgum.com
6 bh.contextweb.com 5 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
5 token.rubiconproject.com eus.rubiconproject.com
5 creativecdn.com 5 redirects
5 ssc-cms.33across.com vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
s.0cf.io
5 cookies.nextmillmedia.com 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
5 prebid.a-mo.net 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
5 onetag-sys.com vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
4 c1.adform.net 4 redirects
4 us-u.openx.net 4 redirects
4 pr-bh.ybp.yahoo.com ssum-sec.casalemedia.com
rtb.gumgum.com
4 ssbsync.smartadserver.com 3 redirects ssum-sec.casalemedia.com
4 image8.pubmatic.com cookies.nextmillmedia.com
s.0cf.io
4 secure-assets.rubiconproject.com 4 redirects
4 rtb.openx.net cookies.nextmillmedia.com
s.0cf.io
4 eb2.3lift.com 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
4 ap.lijit.com vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
4 pbs.nextmillmedia.com vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
ssum-sec.casalemedia.com
4 gtrack.kueezrtb.com heroinvesting.com
4 track.kueezrtb.com heroinvesting.com
3 dblksync.dblks.net s.0cf.io
3 tg.socdm.com 3 redirects
3 ads.pubmatic.com rtb.gumgum.com
3 b1sync.zemanta.com 3 redirects
3 match.deepintent.com rtb.gumgum.com
3 sync.ipredictive.com 3 redirects
3 sync.srv.stackadapt.com 3 redirects
3 secure.adnxs.com 3 redirects
3 match.sharethrough.com s.0cf.io
3 ads.servenobid.com s.0cf.io
3 ups.analytics.yahoo.com s.0cf.io
3 sync.go.sonobi.com s.0cf.io
3 prebid-match.dotomi.com s.0cf.io
3 cdn.connectad.io s.0cf.io
3 prebid-server.rubiconproject.com s.0cf.io
3 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
3 ssum-sec.casalemedia.com 1 redirects cookies.nextmillmedia.com
ssum-sec.casalemedia.com
3 api.assertcom.de vrl9rgsahh7mx6ndn.ay.delivery
3 fundingchoicesmessages.google.com vrl9rgsahh7mx6ndn.ay.delivery
3 id5-sync.com vrl9rgsahh7mx6ndn.ay.delivery
3 c.amazon-adsystem.com heroinvesting.com
c.amazon-adsystem.com
3 static.vidazoo.com heroinvesting.com
static.vidazoo.com
2 u.ipw.metadsp.co.uk 2 redirects
2 hbx.media.net 2 redirects s.0cf.io
2 sync.mathtag.com 2 redirects s.0cf.io
2 ssbsync-global.smartadserver.com 2 redirects s.0cf.io
2 sync.targeting.unrulymedia.com 2 redirects s.0cf.io
2 ad.turn.com 2 redirects
2 ssum.casalemedia.com 2 redirects s.0cf.io
2 live.rezync.com 2 redirects
2 i.liadm.com 2 redirects
2 fonts.gstatic.com heroinvesting.com
fonts.googleapis.com
2 report2.hb.brainlyads.com heroinvesting.com
2 targeting.unrulymedia.com vrl9rgsahh7mx6ndn.ay.delivery
2 i.clean.gg cadmus.script.ac
2 script.4dex.io vrl9rgsahh7mx6ndn.ay.delivery
script.4dex.io
2 cdn.confiant-integrations.net vrl9rgsahh7mx6ndn.ay.delivery
cdn.confiant-integrations.net
2 d9.flashtalking.com vrl9rgsahh7mx6ndn.ay.delivery
d9.flashtalking.com
2 gum.criteo.com vrl9rgsahh7mx6ndn.ay.delivery
2 scontent.xx.fbcdn.net www.facebook.com
2 securepubads.g.doubleclick.net heroinvesting.com
securepubads.g.doubleclick.net
2 www.googletagmanager.com heroinvesting.com
www.googletagmanager.com
2 static.kueezrtb.com heroinvesting.com
static.kueezrtb.com
1 image6.pubmatic.com ads.pubmatic.com
1 sync-eu.connectad.io cdn.connectad.io
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 casale-match.dotomi.com 1 redirects
1 idsync.rlcdn.com ssum-sec.casalemedia.com
1 p.rfihub.com 1 redirects
1 csync.loopme.me 1 redirects
1 aax-eu.amazon-adsystem.com
1 sync.colossusssp.com vrl9rgsahh7mx6ndn.ay.delivery
1 js-sec.indexww.com vrl9rgsahh7mx6ndn.ay.delivery
1 sync.kueezrtb.com vrl9rgsahh7mx6ndn.ay.delivery
1 sync.cootlogix.com vrl9rgsahh7mx6ndn.ay.delivery
1 contextual.media.net vrl9rgsahh7mx6ndn.ay.delivery
1 fonts.googleapis.com
1 btlr.sharethrough.com vrl9rgsahh7mx6ndn.ay.delivery
1 g2.gumgum.com vrl9rgsahh7mx6ndn.ay.delivery
1 tlx.3lift.com vrl9rgsahh7mx6ndn.ay.delivery
1 prebid.dblks.net vrl9rgsahh7mx6ndn.ay.delivery
1 htlb.casalemedia.com vrl9rgsahh7mx6ndn.ay.delivery
1 prebid.cootlogix.com vrl9rgsahh7mx6ndn.ay.delivery
1 hb.yellowblue.io vrl9rgsahh7mx6ndn.ay.delivery
1 prg.smartadserver.com vrl9rgsahh7mx6ndn.ay.delivery
1 cpm.qortex.ai vrl9rgsahh7mx6ndn.ay.delivery
1 s.seedtag.com vrl9rgsahh7mx6ndn.ay.delivery
1 colossusssp.com vrl9rgsahh7mx6ndn.ay.delivery
1 ssc.33across.com vrl9rgsahh7mx6ndn.ay.delivery
1 a.teads.tv vrl9rgsahh7mx6ndn.ay.delivery
1 exchange.kueezrtb.com vrl9rgsahh7mx6ndn.ay.delivery
1 fastlane.rubiconproject.com vrl9rgsahh7mx6ndn.ay.delivery
1 hb.minutemedia-prebid.com vrl9rgsahh7mx6ndn.ay.delivery
1 brightcombid.marphezis.com vrl9rgsahh7mx6ndn.ay.delivery
1 prebid.media.net vrl9rgsahh7mx6ndn.ay.delivery
1 apex.go.sonobi.com vrl9rgsahh7mx6ndn.ay.delivery
1 mp.4dex.io vrl9rgsahh7mx6ndn.ay.delivery
1 bid.contextweb.com vrl9rgsahh7mx6ndn.ay.delivery
1 grid.bidswitch.net vrl9rgsahh7mx6ndn.ay.delivery
1 cadmus.script.ac vrl9rgsahh7mx6ndn.ay.delivery
1 lb.eu-1-id5-sync.com vrl9rgsahh7mx6ndn.ay.delivery
1 www.google.de heroinvesting.com
1 www.google.com heroinvesting.com
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 id.crwdcntrl.net vrl9rgsahh7mx6ndn.ay.delivery
1 lexicon.33across.com vrl9rgsahh7mx6ndn.ay.delivery
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 u.kueezrtb.com static.kueezrtb.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.facebook.com heroinvesting.com
1 adgarden.market heroinvesting.com
349 124

This site contains no links.

Subject Issuer Validity Valid
*.heroinvesting.com
Amazon RSA 2048 M02		 2023-02-15 -
2024-03-16		 a year crt.sh
*.adgarden.market
Amazon RSA 2048 M01		 2023-02-08 -
2024-03-08		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-08-31 -
2023-11-29		 3 months crt.sh
ay.delivery
GTS CA 1P5		 2023-10-28 -
2024-01-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
kueezrtb.com
GTS CA 1P5		 2023-10-18 -
2024-01-16		 3 months crt.sh
heroinvesting.com
E1		 2023-10-27 -
2024-01-25		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2023-12-23		 3 months crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02		 2023-02-20 -
2024-03-20		 a year crt.sh
lexicon.33across.com
GTS CA 1D4		 2023-10-01 -
2023-12-30		 3 months crt.sh
tag.device9.com
Go Daddy Secure Certificate Authority - G2		 2023-07-19 -
2024-08-19		 a year crt.sh
*.id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M02		 2023-10-08 -
2024-11-06		 a year crt.sh
confiant-integrations.net
GTS CA 1P5		 2023-11-19 -
2024-02-17		 3 months crt.sh
script.4dex.io
Cloudflare Inc ECC CA-3		 2023-10-23 -
2024-10-22		 a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-16 -
2024-03-08		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
api.assertcom.de
R3		 2023-10-15 -
2024-01-13		 3 months crt.sh
*.eu-1-id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
script.ac
E1		 2023-10-31 -
2024-01-29		 3 months crt.sh
i.clean.gg
GTS CA 1D4		 2023-11-14 -
2024-02-12		 3 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
*.contextweb.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-10 -
2024-05-09		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2022-12-06 -
2024-01-07		 a year crt.sh
prebid.media.net
GTS CA 1D4		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.marphezis.com
Sectigo RSA Domain Validation Secure Server CA		 2023-01-03 -
2024-01-03		 a year crt.sh
*.minutemedia-prebid.com
Amazon ECDSA 256 M01		 2023-04-18 -
2024-05-16		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
*.kueezrtb.com
Sectigo RSA Domain Validation Secure Server CA		 2023-08-17 -
2024-09-14		 a year crt.sh
*.targeting.unrulymedia.com
Sectigo RSA Domain Validation Secure Server CA		 2023-05-10 -
2024-05-10		 a year crt.sh
teads.tv
R3		 2023-11-03 -
2024-02-01		 3 months crt.sh
ssc.33across.com
GTS CA 1D4		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.colossusssp.com
Go Daddy Secure Certificate Authority - G2		 2023-09-08 -
2024-10-09		 a year crt.sh
*.seedtag.com
Sectigo RSA Domain Validation Secure Server CA		 2023-03-29 -
2024-04-15		 a year crt.sh
qortex.ai
R3		 2023-11-14 -
2024-02-12		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
*.yellowblue.io
Amazon ECDSA 256 M02		 2023-04-19 -
2024-05-17		 a year crt.sh
*.cootlogix.com
Sectigo RSA Domain Validation Secure Server CA		 2023-10-19 -
2024-11-17		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
pbs.nextmillmedia.com
Amazon RSA 2048 M01		 2023-06-13 -
2024-07-12		 a year crt.sh
*.dblks.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-15 -
2024-08-14		 a year crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com
Amazon RSA 2048 M01		 2023-07-17 -
2024-08-14		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2023-05-06 -
2024-05-04		 a year crt.sh
*.a-mo.net
R3		 2023-11-07 -
2024-02-05		 3 months crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-06-14 -
2024-07-12		 a year crt.sh
report2.hb.brainlyads.com
R3		 2023-10-22 -
2024-01-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-10 -
2024-02-18		 a year crt.sh
cookies.nextmillmedia.com
Amazon RSA 2048 M02		 2023-06-13 -
2024-07-11		 a year crt.sh
indexww.com
Cloudflare Inc ECC CA-3		 2023-09-05 -
2024-09-03		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-06 -
2024-09-30		 a year crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-06-21 -
2024-03-02		 8 months crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2023-08-18 -
2024-08-18		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2023-04-20 -
2024-05-20		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-29 -
2024-02-21		 6 months crt.sh
connectad.io
Cloudflare Inc ECC CA-3		 2023-03-16 -
2024-03-15		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2023-08-15 -
2024-09-15		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-03 -
2024-01-24		 6 months crt.sh
ads.servenobid.com
Amazon RSA 2048 M01		 2023-04-29 -
2024-05-27		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-11-30 -
2024-01-01		 a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon RSA 2048 M02		 2023-02-08 -
2024-02-15		 a year crt.sh
dblks.net
GTS CA 1P5		 2023-10-21 -
2024-01-19		 3 months crt.sh

This page contains 110 frames:

Primary Page: https://heroinvesting.com/
Frame ID: A21E1A9AD29296434E80BE089DE90E8F
Requests: 166 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Frame ID: EB29B993B79919819E689C44CB9AC2F1
Requests: 10 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9%2C508&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: D42D6DABAC84E96A79208EE9BB63C9EB
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: CCD4AC40BAC1F409781EDD203F57E011
Requests: 1 HTTP requests in this frame

Frame: https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: C34AF2A5E943F447707216F3A3724046
Requests: 1 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/sync?type=iframe
Frame ID: 620154376E5F8CFA20906DDC77FEDDFA
Requests: 1 HTTP requests in this frame

Frame: https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 3E1374FD8436965B127543ACE60AD462
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: E220018090B0A579F89E070B853847B9
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1700662299413
Frame ID: C0BAB07F1811ABAACDB94108F35D8ECC
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined&gpp=&gpp_sid=
Frame ID: D9EA03D62036620F7C208BDE2FB635CD
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Frame ID: 6492358742AFD69883C2D99E1C23D555
Requests: 5 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: BC0C00CAD1A29213FE390708038AA431
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 688B6C66AF4E517E03BEEDC021C838CA
Requests: 3 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: 729D3041DCC244C281F55ECA197E05AB
Requests: 1 HTTP requests in this frame

Frame: https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Frame ID: ACCAA2B0B0C2C1C4AE26620FC4C65EA7
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1192107794460162654
Frame ID: 285449F1137D9073AB5E3EF450623CA0
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Frame ID: 6B428CD536A2B5FD95A9F0D59A8D0B3B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Frame ID: 663C83C852B95D50F4F2F001AEB4792F
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Frame ID: B0998BC787FB15E76B049E1C546FFB38
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Frame ID: A09AC49BA2908F20D736009D6B3DCFD9
Requests: 3 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Frame ID: 0C68C70DBB014BC4C50B917C07FFBA8C
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID
Frame ID: 4111147ED14DD5B1F0CCCC0AE1A8F6E2
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=9027f31f-3654-4177-9b18-c0e55f187585
Frame ID: 2460231D2A05FF54BFA21B7E7D0E6748
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 56D0C688D67E7C96BE856BD64AE13247
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: FFF455F7A85941EE8E05D52E6E1402E9
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D10%26uid%3D
Frame ID: 868242C48E965863DA64BD56FD62B7CF
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Frame ID: A09E8EB419536E03B62513CE673BC57B
Requests: 11 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 88D535319352D74F54B6CAE665238502
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: 2C18CF23305F28CDFC22CA090C0E09DB
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D25%26uid%3D%24UID
Frame ID: ECC555D0D28981919FF0DACD29D8CC21
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D26%26uid%3D%5BUID%5D
Frame ID: 95798C8996D30455C13FF6D60214F8FA
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 70EC6D072B95BDE9853A8BF5F6E1CAB0
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=43a87d7e3603b5177%26uid%3D
Frame ID: 9E12497A8FB4F21A705990D55612AC76
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: FAC07885B69327747AFF05F620991D59
Requests: 5 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: 671DFA966CE336E527142350A7706C4C
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D1%26uid%3D33XUSERID33X
Frame ID: 3148A6DB2D39F17B25E2D1CE60A3D7EB
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: 807E1844CE106D56DD171A247886180C
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 3C81F191E0FCC250753C0681B435F966
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: 7D984EE67DDAB15FBFA5B6455371BD60
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 0D49ABBE6D99890E211A8A383B4377F4
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Frame ID: 92CE1240C4E2E2863631836FD467C8DA
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: F6C419CCB5F9718D0EBC290E9770B0E5
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 9754D1409590AD04B16C0EF369FADDB1
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Frame ID: 48B030C6141B1DB04199F7F513582DD9
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84OTRhY2M5NC0xZmE3LTQzNWUtOTY5YS0zMGVkZTliMGQ5YmQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: DCD324911BB1D2882205307CC807893A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: 0536B192A210F3035E10615FA1B95745
Requests: 2 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: 20E90EC640797890DAE54268FBCC9942
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5ucAAKQA06YAAAAA
Frame ID: E989CA7A025EE04520DE8538784CD27A
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Frame ID: CCC8EE1F8F9405305B63C2AB036D1AB5
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 998A67D550732BCB38FA45A824E1CCAB
Requests: 3 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 4FC3D880647C13F690DC6C9C00597C3C
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: B22EBA8453175C9410679741F83DF07B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 19BE0D40000399DEECCBE562FBB84739
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D10%26uid%3D
Frame ID: E870F56808130B0F5AA7D5A167D99F35
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Frame ID: 929DA66FA1421A0AAACEF943C78BB82E
Requests: 11 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 4EEF349DC82CAD483267814DF2694492
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: E3950DEE1F71AF3384660A003C515CEC
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D25%26uid%3D%24UID
Frame ID: D8D717FD494D61641560EFAAC05430D2
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D26%26uid%3D%5BUID%5D
Frame ID: BB3C35EB9A5C73FD9C4CC342FD0FAB33
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 26613BF6E78B3C93D50DEE748AD49512
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=43a87d7e3603b5177%26uid%3D
Frame ID: 33AE60F799993983BD564B98202A1865
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: C15ED30E000A71A0B2E418EB704B9EA7
Requests: 5 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: 5BDFC4334A2D8E2950AB5F81EF6B969E
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D1%26uid%3D33XUSERID33X
Frame ID: B1238DFE4D32CAAC6F3890F3155CE9F2
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: 57EE49DCEB335A3F4F7F09EF3721DC90
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: BE5ABD01EE641F4E8D9464F7831437C2
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: EA4F594B90A3B1127D9F19556517BC38
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 54CB9C86340F69EB2D23C16BAA2B7481
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Frame ID: 191CB462FA146D7F477C6A8EF5C25BDE
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 9F2EBF422963EFBC263701EC054341F2
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: A4372E5151DE1405DF09C67CADB797B9
Requests: 1 HTTP requests in this frame

Frame: https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 05AB1330FEE2203F83DE1967367FB776
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Frame ID: A91866EAD76C3FEC511B22CED5740590
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84OTRhY2M5NC0xZmE3LTQzNWUtOTY5YS0zMGVkZTliMGQ5YmQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: EF10C20BA267167F63279B6B4B560B74
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: 20B24BC843060D3B613E956666F4DA89
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: 75DD72116E9DB51F68A11F17D66132D1
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAivJAMAAAAA
Frame ID: 73F42384850B6F06329A20F947D155A9
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Frame ID: A54C1F704F556BA6CD1519AF213D641A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: C9C564C63423B2C034E9A7227DE111F5
Requests: 3 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 2A4E99A9CE6917359BA36CF8F8C4A531
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID
Frame ID: F02F61647C70F37A4BEC6F629F71A73B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 725C5E7DC568DACF74028FEBDB8E27BC
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D10%26uid%3D
Frame ID: 5CF8954C7BDA4C6A081BF8F7C1F362E7
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Frame ID: DC6F6B1A980BF5CC0DE2A0CC4462D9BD
Requests: 11 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D74%26uid%3D
Frame ID: 14885D725FD8AEEB88D67ED3F556ADE7
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: CCD59C834CC135A2D853745008D78235
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D25%26uid%3D%24UID
Frame ID: 4A0CDB46F08A6B2D288CDF40394B0A16
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D26%26uid%3D%5BUID%5D
Frame ID: 95D97486818AA05202B5E2D99C122C10
Requests: 1 HTTP requests in this frame

Frame: https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c-9f16-21217695c603-003
Frame ID: 3B45E6029D423D2FF00A7E651F15F105
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=43a87d7e3603b5177%26uid%3D
Frame ID: 176B5CC25A4C1EC70B8C8C6492C42158
Requests: 1 HTTP requests in this frame

Frame: https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D81%26uid%3D
Frame ID: 32CB899FA0D6674F2CED7CF63D4E748F
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: B607C5EC348B9BB6BB1707D5A581B88F
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D1%26uid%3D33XUSERID33X
Frame ID: 69AEBB6CCA271CB6883A10262845842D
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: F7B90D8CAE7BBF4A2ACDCAEA47AE0392
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D21%26uid%3D%25%25VGUID%25%25
Frame ID: 117105FFC228889087CFF984B290AA24
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: F5C9892B4E822013D2C0F5A0B11A29DD
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D82%26uid%3D%5Bssb_sync_pid%5D
Frame ID: 96B8B44554AEDCAB391CC0E40308CE6D
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Frame ID: 718CAB91C16FF1392A718179417E5168
Requests: 1 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D61%26uid%3D%5BMM_UUID%5D
Frame ID: 974453BAD5AE97573A69B8C0E8B96136
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D88%26uid%3D%3Cvsid%3E
Frame ID: FD7C806ED080126DEC93A89E61528D6B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Frame ID: 23F6A6B6D1F1ED6C11FC1099A825E44A
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84OTRhY2M5NC0xZmE3LTQzNWUtOTY5YS0zMGVkZTliMGQ5YmQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 0B7065B3124638F0D57089005A2FE4DF
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: C7CC97A2A4BA68E2857A9BA5154F7FE2
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: C2FA0DD583CC3C5AB7ABB675F59FEC21
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAiqA9UAAAAA
Frame ID: 0AFA9DAB390A17308DAABA480A88124B
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Frame ID: 8233159B0F5ECEED5640D422FC0767AD
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 87D29FAC9F974E12C9865BF52B5CF0F1
Requests: 3 HTTP requests in this frame

Frame: https://dblksync.dblks.net/dblksync/
Frame ID: 7D803F7E82E41257D4E8E2F53AEFD73C
Requests: 1 HTTP requests in this frame

Frame: https://dblksync.dblks.net/dblksync/
Frame ID: 00B5F0260313244B9FAA6D4ED8482CDF
Requests: 1 HTTP requests in this frame

Frame: https://dblksync.dblks.net/dblksync/
Frame ID: 6175B5FEBD7C997A398FEB72D8AB4BE2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HeroInvesting

Page URL History Show full URLs

  1. http://heroinvesting.com/ HTTP 301
    https://heroinvesting.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

349
Requests

88 %
HTTPS

26 %
IPv6

77
Domains

124
Subdomains

93
IPs

13
Countries

9397 kB
Transfer

14696 kB
Size

70
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://heroinvesting.com/ HTTP 301
    https://heroinvesting.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 192
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dappnexus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcookies.nextmillmedia.com%252Fsetuid%253Fbidder%253Dappnexus%2526nmuid%253D%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526uid%253D%2524UID HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=appnexus&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=1192107794460162654 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1192107794460162654
Request Chain 195
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Request Chain 196
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid= HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Request Chain 197
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Request Chain 199
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%7Bviewer_token%7D HTTP 307
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=9027f31f-3654-4177-9b18-c0e55f187585&gdpr_consent=null&gdpr=null HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=9027f31f-3654-4177-9b18-c0e55f187585
Request Chain 201
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZV4MHSm9YlAbp0b96qvcwQAAFD0AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEWcbghJJ1d3qKFQ5PbIF68&google_cver=1
Request Chain 202
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZV4MHSm9YlAbp0b96qvcwQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKTbCY6jK6CFcG-9llMswYI&google_cver=1
Request Chain 203
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZV4MHSm9YlAbp0b96qvcwQAA%265181&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZV4MHSm9YlAbp0b96qvcwQAA%265181&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=d443929f8241426595b731615e223b6f HTTP 303
  • https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=d443929f-8241-4265-95b7-31615e223b6f HTTP 302
  • https://p.rfihub.com/cm?pub=39342&in=1&userid=72cdd2bb-a4a1-4098-a5d7-084943d6464c%3A1700662301.9603922&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D72cdd2bb-a4a1-4098-a5d7-084943d6464c%253A1700662301.9603922%26_%3D1700662301.977418&cb=1700662301.9774563 HTTP 302
  • https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5134455422342951920&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D72cdd2bb-a4a1-4098-a5d7-084943d6464c%253A1700662301.9603922%26_%3D1700662301.977418 HTTP 302
  • https://idsync.rlcdn.com/501709.gif?partner_uid=72cdd2bb-a4a1-4098-a5d7-084943d6464c%3A1700662301.9603922&_=1700662301.977418
Request Chain 206
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181 HTTP 302
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181&tc=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181&tc=1
Request Chain 207
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700748701
Request Chain 209
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZV4MHSm9YlAbp0b96qvcwQAA%265181 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4MHSm9YlAbp0b96qvcwQAA&5181
Request Chain 210
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 211
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID HTTP 302
  • https://s.0cf.io/
Request Chain 217
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D74%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 221
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700662301479 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=6643566881 HTTP 302
  • https://sync.1rx.io/usersync/turn/4168599253139101563?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c-9f16-21217695c603-003 HTTP 302
  • https://s.0cf.io/
Request Chain 223
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D81%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 228
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D21%26uid%3D%25%25VGUID%25%25 HTTP 302
  • https://s.0cf.io/
Request Chain 230
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D82%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://s.0cf.io/
Request Chain 231
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=43a87d7e3603b51&dbid=43a87d7e3603b51 HTTP 302
  • https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Request Chain 232
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D61%26uid%3D%5BMM_UUID%5D HTTP 302
  • https://s.0cf.io/
Request Chain 233
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D88%26uid%3D%3Cvsid%3E HTTP 302
  • https://s.0cf.io/
Request Chain 234
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
Request Chain 235
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://usersync.gumgum.com/usersync?b=bsw&i=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&us_privacy=
Request Chain 236
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
Request Chain 237
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Request Chain 239
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=7347db8f-0964-409e-a781-87e077117861
Request Chain 241
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 242
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=wQSD8DEYqcMs&ev=1&pid=558355
Request Chain 243
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=3414619779619386313
Request Chain 244
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Request Chain 248
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5ucAAKQA06YAAAAA
Request Chain 249
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Request Chain 250
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 253
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 254
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID HTTP 302
  • https://s.0cf.io/
Request Chain 260
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D74%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 264
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700662301478 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=8695355592 HTTP 302
  • https://sync.1rx.io/usersync/turn/4240656847177029499?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c-9f16-21217695c603-003 HTTP 302
  • https://s.0cf.io/
Request Chain 266
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D81%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 271
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D21%26uid%3D%25%25VGUID%25%25 HTTP 302
  • https://s.0cf.io/
Request Chain 273
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D82%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://s.0cf.io/
Request Chain 274
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=43a87d7e3603b51&dbid=43a87d7e3603b51 HTTP 302
  • https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Request Chain 275
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D61%26uid%3D%5BMM_UUID%5D HTTP 302
  • https://s.0cf.io/
Request Chain 276
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D88%26uid%3D%3Cvsid%3E HTTP 302
  • https://s.0cf.io/
Request Chain 278
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
Request Chain 279
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_user_id=${BSW_USER_UD}&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&gdpr_pd=&us_privacy= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
Request Chain 280
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
Request Chain 281
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Request Chain 283
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=b5716afa-1eff-4e2c-bc22-cee9d7c7cd3b
Request Chain 285
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 286
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=aZOyjDpvZSoz&ev=1&pid=558355
Request Chain 287
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
Request Chain 289
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Request Chain 293
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAivJAMAAAAA
Request Chain 294
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Request Chain 295
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 300
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 311
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=5091847746 HTTP 302
  • https://sync.1rx.io/usersync/turn/4096541659101173627?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c-9f16-21217695c603-003
Request Chain 321
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=43a87d7e3603b51&dbid=43a87d7e3603b51 HTTP 302
  • https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Request Chain 324
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
Request Chain 325
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_user_id=${BSW_USER_UD}&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&gdpr_pd=&us_privacy= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
Request Chain 326
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
Request Chain 327
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Request Chain 329
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=7442f637-0040-45b5-aac8-5b980006dd58
Request Chain 331
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 332
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=y4VsBVR2D7EY&ev=1&pid=558355
Request Chain 333
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
Request Chain 334
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Request Chain 338
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAiqA9UAAAAA
Request Chain 339
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Request Chain 340
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum

349 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
heroinvesting.com/
Redirect Chain
  • http://heroinvesting.com/
  • https://heroinvesting.com/
227 KB
36 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
c6d76b45f080a8303a400ddf62d30f582a7da2cd485aa471bf733d414ee0a7e8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
none
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 22 Nov 2023 14:11:37 GMT
etag
"38c27-yAOVKjN8fNsICqD8dEbAlADBXGk"
server
nginx/1.20.2
server-timing
total;dur=123;desc="Nuxt Server Time"
vary
Accept-Encoding
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
x-amz-cf-id
cbQSgTCVMugbKn0-kJo9lWMcBFbuY6p16zsiShUMhfOnNBBk5nZ4HA==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Wed, 22 Nov 2023 14:11:37 GMT
Location
https://heroinvesting.com/
Server
CloudFront
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Id
8yqYO-meOecDEH8DqeloDw1VOQGQGpqTXu5YKtZbLVX4v3o3h0ve5w==
X-Amz-Cf-Pop
FRA60-P3
X-Cache
Redirect from cloudfront
adgarden.js
adgarden.market/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adgarden.market/js/adgarden.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2394:7c00:3:6d3c:dac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
56939e06ab2cb38895d26a98e53f13e4fa8507be612ac0d2537b7f1c68988087
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
strict-transport-security
max-age=15768000
via
1.1 96e04892ec84a7161914f66c3ba3b5f0.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 17:18:47 GMT
server
nginx/1.20.2
x-amz-cf-pop
AMS1-P2
etag
W/"1dc4-65394df7.36bb41c2"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
7620
x-amz-cf-id
pnsrNx3fNXs7W7N5xF_0ITvaUN-mAbefffn9OtgSUWJZXAiM-uyCfQ==
fe5ac4e.js
heroinvesting.com/_nuxt/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/fe5ac4e.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
12c2c5879869f4df381804a5ce8d962523039494efae426ee339bb18d136d331

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 05:05:48 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
464749
etag
W/"1019-18bda302e33"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
k3tdbz__DDpA_aG1eeAB9YkWYvKirREjenzO3w0D4Ba8TviVjKGSQQ==
18f6c11.js
heroinvesting.com/_nuxt/ 		191 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/18f6c11.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a8f81ae29f4f064b09f32197200198492754cd553979c148f3955b9cb31f819f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
583898
etag
W/"2fa61-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
mDY-pKuMkkWbLy4qEIg9OcTaAdy2uynXtzBVWdH6ZjyrGJNgWllN8g==
8484dd0.js
heroinvesting.com/_nuxt/ 		401 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/8484dd0.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
5a99612d9b5cb97ad873c0c0ad6bb9a28cdb71e035d4c817e974714e734c585d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
583898
etag
W/"6439c-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
OZVULfNKiFVpy8GxboGQqYbTK8CfAAXPoZ6K9WXdfiVnG2jhCWNCHw==
f132adf.js
heroinvesting.com/_nuxt/ 		123 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f132adf.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0ffcdfacfa747ec1af447e1e5602e8be7d8d168c1b065845e77a67ffba77b594

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
583898
etag
W/"1eaf0-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
gGAMICI_sJlr2Dg0KMzuyCpyo7e5rAU-Pqug92t79wNE1yA4h6s7fA==
3647704.js
heroinvesting.com/_nuxt/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/3647704.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
8e9dd810101bd0ac738ac53d917763531db10ea62eafdf8973bfcdbe27bf200e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 09:33:49 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
16668
etag
W/"1a86-18bda302e33"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
WZd9mTmCjVy6BGHyHTkkFHUZEbKFmDa3XMF2SOB9jHkbXCTU-tuWlg==
f6a658f.js
heroinvesting.com/_nuxt/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f6a658f.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
f54aed9527ac229c6a5b15e49f73aa17cdf8224171095ef9c65ccd10ecd5af49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
583898
etag
W/"445e-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
lhWqncGxySYy6M5fm54iCKHdLTSY9GIjLV0dgU4B2nGPONovFCNdGA==
2957b7a.js
heroinvesting.com/_nuxt/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/2957b7a.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
8a57de42d0833a00a1e8dd86578bc5aa67cb08b7d713e91194fa24ff73dfc67e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 09:33:49 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
16668
etag
W/"57c-18bda302e3b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
WOQWiT9xWdH2hDUS64M9rREdbE8eMjz9QPYUr6YgxAhX6jfMTU4UjQ==
7309e50.js
heroinvesting.com/_nuxt/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/7309e50.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
14d5ec601cfe44e33426c1f24a19839982de53ee168574d62102d77d77302765

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 05:05:48 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
464749
etag
W/"4b20-18bda302e37"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
ar0b-nm-qjDpSWV9jACyl8lIi-OFuheVHKKe3pMuSwB5y7DGaZp_QA==
189cd08.js
heroinvesting.com/_nuxt/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/189cd08.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
857ebc48c65e73a90ed84bccb7caffdc85eafc7bb752e1fe8bec6336dc5855e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 20 Nov 2023 09:22:05 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
190172
etag
W/"4af1-18bda302e37"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
hK8czAJnbSzDNfR9jOPgRAdQ2aBoSCDFxZDkeBNV_YEoBoeFxb6-EA==
9e83ed3.js
heroinvesting.com/_nuxt/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/9e83ed3.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
cda916e31b503b3bd54dc7efc94c844cd3f272847ffdb0bc75d9bc41c7f76ee2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 09:33:49 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
16668
etag
W/"1697-18bda302e33"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
rfvOfOkF1U6cyYAv_6JcOq_WQgBhi0AIJdE-LJpiuXDw8wAlY867oQ==
a829f70.js
heroinvesting.com/_nuxt/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/a829f70.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0f2018d5aa4e1627840981bb00f1b1a9bf6c409479fa3fa3899b7fa50b8a23fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 09:33:49 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
16668
etag
W/"4bf2-18bda302e37"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
3fg8qCsY5ieCM4Ppd2P1hKwVE_59_mfislfPki6r07WY6Kv7g0wXag==
38ce929.js
heroinvesting.com/_nuxt/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/38ce929.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
fd203fa26128d610033dd12862e969808c72ed396eeb2f769322c5aa3ab2f0ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 09:33:49 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
16668
etag
W/"1b62-18bda302e37"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
vLq2x9YEjBlwTvG6HH8YLH6WsYC8o8yETsiotseRJOTHpUp8BXzPQg==
2c54a23.js
heroinvesting.com/_nuxt/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/2c54a23.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
b74c57956156cfdb6ea1f2b5442d62bfd3d771a122de72133859f318f4b2d6c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
583898
etag
W/"1397-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
-_XX3xEg_94rPvCzPKzLaYW8_XdF5U6doHU8dcCqya6mDfn6NHoZ2w==
ef5d8ca.js
heroinvesting.com/_nuxt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/ef5d8ca.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
02b6a4cea9e3cb9cae8bc6e8823137f630bc4bba3034e991aad496a143f9607e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:58 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
583898
etag
W/"97a-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
QH1faXl-RZDDCPmFJssMxLgzoDOpYz3JBvmfjCwb5riKLXdmBBd9NA==
eeb9f02.js
heroinvesting.com/_nuxt/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/eeb9f02.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
4e5f1b14f824baaaad1b124e0612095b690172c222fdc6ded6426f0dc8aac91a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 06:09:20 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
547337
etag
W/"1af8-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
uR4Cb5jyQ2V91MxZD7L3NVbQkEpcQHGg98_zHS_22pzfwOXuva1GFA==
heroinvesting.61dbeee.png
heroinvesting.com/_nuxt/img/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heroinvesting.com/_nuxt/img/heroinvesting.61dbeee.png
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 04:54:14 GMT
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
551843
etag
W/"5b89-18bd47e18a9"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
23433
x-amz-cf-id
Znlby1KjT7UbbRPQt5tv28drj4aoQVAudmW5lIa1KTWA1LCTbWofXw==
herosubscribe.962871f.png
heroinvesting.com/_nuxt/img/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heroinvesting.com/_nuxt/img/herosubscribe.962871f.png
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
f97b357206c08f2a73432addcaf75b90afb626778d60519bc830d33ca28b626c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 09:33:49 GMT
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
16668
etag
W/"1de6-18bda302e2f"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
7654
x-amz-cf-id
DpzQGMnA5jGTlJrUzMKFbbsVs7ok4IZ7XLkfNBHPGmZ_EuowwCrrzA==
f9718382f4ac8b8ecab5d3b19d3da446.svg
heroinvesting.com/_nuxt/ 		13 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f9718382f4ac8b8ecab5d3b19d3da446.svg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:04:54 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 18:50:11 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
587204
etag
W/"355c-18bd451c7a1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
hdbZ0ed8GLKbZmrrNbYV88vFgq0Adcci5gP58IpRthViTEdsKquzrg==
page.php
www.facebook.com/plugins/ Frame EB29 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3cafa852eb00b7e80728a28bf10fdedb6d01ae654fb04d7e983e3462b8b0edfb
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 14:11:38 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
nel
{"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
origin-agent-cluster
?0
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=()
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
reporting-endpoints
default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
M2xeBSe0Y0YE0RzkoNsJH2VHRKzBt0BDBn0jeXD9dug09adUg1JqD7lD9Iaq0vphB/7Lr620tY222J0ATun6pg==
x-xss-protection
0
vRL9rGsaHH7Mx6NDN
vrl9rgsahh7mx6ndn.ay.delivery/manager/ 		744 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager/vRL9rGsaHH7Mx6NDN
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c06cb54fd77979d1bfcde9cc23f061ea3e9a379ce3d5f6f6b69f18d1918e9a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"618080fa3647e52d79c7df21"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmsZfM923fyXJ7mGSBZ86oiFdwjN27eGzPqdb6WejPoS4UrJJVgv9B9Jf3pzTzMe%2FxreWmT1UvAUuhy00B%2BzqzPKyXPP8bSed4I8mX9Vp9WQT5X9svUUc%2BL%2BG8zVs1Q%2F9DmBFOJ1q0E7vNlNT1hTkcTK0P9rCA377XYcmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
cf-ray
82a1c343280f39c2-FRA
link
<https://securepubads.g.doubleclick.net/tag/js/gpt.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod>; rel=preload; as=script, <https://c.amazon-adsystem.com/aax2/apstag.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD>; rel=preload; as=script
alt-svc
h3=":443"; ma=86400
vwpt.js
static.vidazoo.com/basev/ 		229 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/vwpt.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:651 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e605414c5d690913c053ec344fd3fd58b19ecd5f111fb05e4e912bc52a77fa66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
EB02XRDB0TC79R9Y
age
25769
x-amz-server-side-encryption
AES256
content-length
56429
x-amz-id-2
Gjj2gR7fkNOHvMNgNKhEEGKw19EV5dAa7tPVMEoe8ruEuGaz8wl5/6rjuVpxozOHec8sw72VWbA=
last-modified
Tue, 07 Nov 2023 11:26:12 GMT
server
cloudflare
etag
"576a1e0bb56226dbd3a2a239a03e01ae"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a1c3432fd79125-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 14:11:38 GMT
latest.js
static.kueezrtb.com/ 		439 B
761 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.kueezrtb.com/latest.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fbee40d848d6df79b375ca87bdb53f4e97bfb3c6dc2a1d03cb8fd74a395eca4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
K1CFSKYZS2YQF8TS
age
265388
x-amz-id-2
oNByvnXIGEEAONv707Yk/ESoCokP6JVCVCc4u+pmk3qiDpVdIfSbztlQjnpHYdYQOXihzkhC9Do=
last-modified
Sun, 08 Oct 2023 15:41:30 GMT
server
cloudflare
etag
W/"f89c5fc5dc377ecc028df3e7a69bce1d"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-access-control-allow-origin, x-amz-meta-access-control-allow-methods
cache-control
max-age=31536000
cf-ray
82a1c34319408fc8-FRA
Top-6-Best-Places-To-Retire-In-Panama.jpg
cdn.heroinvesting.com/content/images/2023/11/ 		137 KB
138 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/11/Top-6-Best-Places-To-Retire-In-Panama.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d5915b502e41b30c5615303301c70515cc3a303e7fbc62dbcc1ca078935491d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
140273
last-modified
Tue, 07 Nov 2023 00:17:18 GMT
server
cloudflare
etag
W/"223f1-18ba72409e4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fm%2B0ZhG3L6KMeON5gjaNobc2t71AjGzj7QClNB%2F7djK3TweMQCceT3ameqLqKwWAcQAWMiKtsMPizytRfrwY%2Bf11xeRI1naGd5VH4r4OKGS%2BjUM8Zriih9fIcK2oV451jegomiKtKlVt0%2FeTFyVjoNxnCb4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3433f5965a6-FRA
x-proxy-cache
MISS
4-Best-Places-To-Retire-In-Washington-State-On-A-Budget-1.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		135 KB
135 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/4-Best-Places-To-Retire-In-Washington-State-On-A-Budget-1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
009a6be7dbc551e6f53c525875fed89d7da48c41e5f1a123c38d91e4e4a9b846

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
137820
last-modified
Tue, 31 Oct 2023 17:47:20 GMT
server
cloudflare
etag
W/"21a5c-18b86d8da8e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOFvVLNkU64ewDye0ShJeyWIXVIoN4gieGsDjkbyErYMh6sg1qahU1%2B6rP7ge08uB8X3i4Tx4axHkBz3OAPKBs8ccPoqBV82GyvC7WOV0d2Pc8oiX12D%2BW6xcdpdqLUeI05FTpUnD7t9iwtPPqHsxPcQqUI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3433f5565a6-FRA
x-proxy-cache
MISS
Hard-Money-Vs-Soft-Money.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/Hard-Money-Vs-Soft-Money.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0de5d56039ab501a4791d2db4f049e3ff363f97b64e9f4d7e5d4eb92ec058588

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
55610
last-modified
Mon, 23 Oct 2023 19:19:07 GMT
server
cloudflare
etag
W/"d93a-18b5dfa0011"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tJucAxQr3b5mLXVw1L2HQSjY6DWB9ULx5HcKcQ42SqNdUi8ROy9TCpvqgpy5bPlFn2LIa3DzXDtORqg8%2BJ%2Bby3JkFn1Dx2P6ZI%2FdfvZ1Wh82hlBFUKmJ1hAUJXoNrkvj7dXJE3DDPeVaSpJUY%2Bcg9YpwkPc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3433f5a65a6-FRA
x-proxy-cache
MISS
Old-Money-Vs-New-Money-1.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		94 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/Old-Money-Vs-New-Money-1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b5e700284424ca0cbe29494aeba247313172c1aea0ebbdf5c2790851ec89010b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
96336
last-modified
Mon, 16 Oct 2023 18:37:29 GMT
server
cloudflare
etag
W/"17850-18b39c761d6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pLFl4gwpGk%2Fpp3KT2o5R%2FvscGybqCzxU0%2Bf3MLoYx05J%2FDFF3luHqHoBxvmIzCIvxGGnfDnF5i%2B%2BkiFtB7nKAeklhZG2XqSy2v2P0gE%2BdyCEGBcGvlRuijjmqDbXHkx6wDcneN%2BjO7hat3wlQfunxyGZkYk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3433f5b65a6-FRA
x-proxy-cache
MISS
op-12-Best-Places-To-Retire-In-Texas.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		191 KB
191 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/op-12-Best-Places-To-Retire-In-Texas.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0a8962b0bb1b97d791d1c4f031adbda78917d572becb7e382ee73841adae192f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
195273
last-modified
Tue, 10 Oct 2023 18:08:50 GMT
server
cloudflare
etag
W/"2fac9-18b1ac6fd0f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SN78tjjz5xsf4bosl1YbyxSNOP9YO1GbrT2jlvIYEybXKnNk9ycleY4lCQGLllsrnkNJ98%2BG4xWDpI%2BoEeO%2F2yQLn2N%2BpDVqSgq%2BKLEQQJ5ockBDUAwJsqhO5Grk2f0IbeelOPdEZFOYpJ0os%2B6%2FFRD7Ba0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3433f5765a6-FRA
x-proxy-cache
MISS
6-Best-Places-To-Retire-In-South-Carolina.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		159 KB
159 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/6-Best-Places-To-Retire-In-South-Carolina.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2e487fb39e7490a9f4a64909ff2874fe4bcea0a157f9b3746b3fe896c67069fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
162645
last-modified
Tue, 03 Oct 2023 17:18:28 GMT
server
cloudflare
etag
W/"27b55-18af68c5dbb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwh7yFmClW%2Fvr5%2FVQiocXZi5ttGU37eaRgN7pSZsHnZvcgbBW2bHbEElPW1LydvAxF6Ij%2FAxEnMAWa9nl5WfWc%2B8QugTxtGVkvMztNHJapWVUxMsD8X3irmDh7fPC6%2FMvxL18gTunV6gXyLI6BJvPDjUck0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3433f5865a6-FRA
x-proxy-cache
EXPIRED
How-To-Sell-Your-House-Without-A-Realtor.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		69 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/How-To-Sell-Your-House-Without-A-Realtor.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
25581311dd8d50e3059dab384f4c34c4ab6c3cf50ad6f56af4a85e07321c169c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
70871
last-modified
Wed, 27 Sep 2023 17:20:25 GMT
server
cloudflare
etag
W/"114d7-18ad7a7fd20"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BIWObxwnT1Petu8H3%2BLuQSRumVdb8W4EL8IC1eGWYFO7VsNSquw5LlBLZmF%2FDqWHzmHcutt3cs1PfB8CaBharJp1VG%2Bq80Zf2uyvoM1BIVKoVB8Os1gjyuzTmNAMDwYVOZvIVySGU8SSFl8lCcXqcPrVNuY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3435f7965a6-FRA
x-proxy-cache
MISS
The-Girlfriends--Wives--And-Ex-Wives--of-Billionaires.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		127 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/The-Girlfriends--Wives--And-Ex-Wives--of-Billionaires.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4a123bff683144a7ecc232725e55af4c182a03dfa634d5d39f0da05c09d8f633

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
129735
last-modified
Mon, 18 Sep 2023 21:14:30 GMT
server
cloudflare
etag
W/"1fac7-18aaa25100d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G20tEpBVpsN1XdNz0Hh7JUIF5KL0xugrm%2Bdr7U2llaMU%2FRepCNUqtWKo8OH6x%2F83hDNOnwyS5FUf7o6Gyh2eKeytkzsKzvveakNxPaRqms1xjHlu35tmDg04FXwyQ0iTAhBIyywOT8SvY4J%2F%2BA0h20NHRWs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3435f7a65a6-FRA
x-proxy-cache
EXPIRED
how-long-does-it-take-to-sell-a-house.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		176 KB
176 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/how-long-does-it-take-to-sell-a-house.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c59c29f4f48ecb4bb4bb5ac8544ac47ab9fb06c3ae03f0a5af4b94e50886e4b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
180090
last-modified
Mon, 18 Sep 2023 20:04:43 GMT
server
cloudflare
etag
W/"2bf7a-18aa9e52d70"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zgwPK31lPvn%2FpYUuLTp60P5qGPYP2I4F9ayotdXot%2Fqv5TRLW9%2Bl7tz%2FbTtRKE0%2BXEOJT%2FfMcbInuZXsiTCwJJnDqAjGGaEJUrIpHekLp69ptw6uxmG49pfAdmJe9e5MGiprZJPMwHdCGK%2BpENlw53htvio%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c3435f7c65a6-FRA
x-proxy-cache
MISS
roboto-v29-latin-700.woff2
heroinvesting.com/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-700.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Request headers

Referer
https://heroinvesting.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 03:07:01 GMT
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
39877
etag
W/"3dd4-17f95303b8f"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15828
x-amz-cf-id
Rfm0QWQ7jGmZ-gxG7AKY6uMO_mJ2lPn_OmmtTmtCPyXSQXUn0DpgDw==
roboto-v29-latin-500.woff2
heroinvesting.com/fonts/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-500.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Request headers

Referer
https://heroinvesting.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 07:47:32 GMT
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
23045
etag
W/"3e30-17f95303b8f"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15920
x-amz-cf-id
O7gWi1xg6GjndBloLT6HCkkiyxVLBFvzepk7oekz6YabkKNsvjkn9Q==
roboto-v29-latin-regular.woff2
heroinvesting.com/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-regular.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Request headers

Referer
https://heroinvesting.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 03:07:01 GMT
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
39877
etag
W/"3d48-17f95303b93"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15688
x-amz-cf-id
vctru61cfWdO0nhYZEDoiFY_04dSlbUoz7zrMgcmHEtuDoExvyEtCg==
roboto-v29-latin-900.woff2
heroinvesting.com/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-900.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f

Request headers

Referer
https://heroinvesting.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 07:47:32 GMT
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
23046
etag
W/"3d6c-17f95303b8f"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15724
x-amz-cf-id
L9elHYfTI7EVY5bYdDdMk5PrvSpW4M4XMgbh4mOc0WGizhFo62o1Ew==
js
www.googletagmanager.com/gtag/ 		243 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/8484dd0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
37cdd0aeba2e57ddfb0770a5c5614e9eab2ed688f716bcdcdd73f1baaf7b4b25
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85939
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 14:11:38 GMT
9bd917d.js
heroinvesting.com/_nuxt/ 		49 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/9bd917d.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
27458a828150a9e0983b25da625f80c2bfae4ac9e27ecdf11a571e8b662d0832

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:01:40 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
536998
etag
W/"c390-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
vZpJfmNyByyqh69zT3t26hxpkSlcT1WVRteJKpcS26qjqi0kLd3Nyg==
Wait-Until-You-See-The-Most-Beautiful-Twins-In-The-World-Now-v2.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		139 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Wait-Until-You-See-The-Most-Beautiful-Twins-In-The-World-Now-v2.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
bd65e821bb0e54acae7f6e413c39450c87ac0f27fc1e9d8c866e20bcb7722bb0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
142783
last-modified
Mon, 18 Sep 2023 19:29:30 GMT
server
cloudflare
etag
W/"22dbf-18aa9c4eed4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=87WetmuAz5pYfJPFfp4BpaH4Lu372RLh%2Bw7o4N1nl0t7MhWXkKydWbgisMMxGpVHBhpKWGZld1LB9vkFhSSi%2Fxh%2B2zq7TlPwrhfVHn%2BxOs0mrrQLQ4d5xEV9ajj%2F0Nk7RMyJz77Qiv9z1pfTmgWCHa0XkBI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344187d65a6-FRA
x-proxy-cache
MISS
op-8-Cheapest-States-To-Buy-A-House.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		136 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/op-8-Cheapest-States-To-Buy-A-House.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ddc3c129677114da7c0f261ded73146caef312f0c819bc69d7336c9ab24edc66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
139620
last-modified
Mon, 11 Sep 2023 17:34:33 GMT
server
cloudflare
etag
W/"22164-18a854f2ef7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJ%2B28SbQ1%2BjoWO%2F5v7mCsxl%2FjW%2FEjcVD3u02%2F86CEIYfL6hFjhJILKRJP09s6kMgYSKrU9d3EufUtF3WVKVzQ1dr55bsai4%2FuVtKGaWtMm%2FUY4FC03O9neWXjHWEiziRMf4SQ0aOL2aHd%2FjALOSshOO0rmQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344187e65a6-FRA
x-proxy-cache
MISS
How-to-Make-Money-in-Real-Estate.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		117 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/How-to-Make-Money-in-Real-Estate.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f2136cad836f6718b547510ddc64eb39360e8ab7ba83b09aace7444b4be3820a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
119915
last-modified
Tue, 05 Sep 2023 19:46:35 GMT
server
cloudflare
etag
W/"1d46b-18a66e1e73c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i886E5OMTpDlprvk9doxhC96LagyKfk9yx5mG1YIfxl5IWtTHM29YbAseApyqXnt8nsXKGRTb63ENCarvDSADzB%2BQbjA4TvZwQyjPNyj7%2BakQgm1BkO0XoxTFa1jdXtvyuCy2I%2FmeaRW7UwZ4EJSKCzWU04%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188065a6-FRA
x-proxy-cache
MISS
Assisted-Living-Vs-Nursing-Home.jpg
cdn.heroinvesting.com/content/images/2023/08/ 		117 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/08/Assisted-Living-Vs-Nursing-Home.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a1082fad1c573f075461d23efa791f3f1a0f52d4e8d21c4fa9f99527660052a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
120175
last-modified
Mon, 28 Aug 2023 18:42:51 GMT
server
cloudflare
etag
W/"1d56f-18a3d74ae8d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i6gQyFj%2FGI9nxTdsH2xVt2cXymjHguesyjsqVQjLIsOk9sb%2FexrYO9OSd9xvdGawuWET0GaH6DRRpGP%2FUMZwq4p9D%2FNE5wx29knawlPvxg%2BxgBFHIlJJ11l3z9ap8y1iRvFblV1hNDbFukXpUu%2Bnb17ieo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188265a6-FRA
x-proxy-cache
MISS
How-To-Retire-At-50.jpg
cdn.heroinvesting.com/content/images/2023/08/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/08/How-To-Retire-At-50.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a0046a671aa51cf5e7e32ff8472fb5cedb4ca0b30e1fd5cbbead849cfa241db2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
58228
last-modified
Mon, 21 Aug 2023 19:05:03 GMT
server
cloudflare
etag
W/"e374-18a197c7c15"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCrMZUSABJJJN9fvW7%2FhewlKBR3EC%2F7RobfpoO0SnDwGUXs6Mp4UT2E1xys6RfT5Lu9BOaghYKZGfsMyyMnKlX1Usv431UQZ%2FuWO3HS%2FSzyHk5x%2BtrZpEpSc%2FRUxAPNMYlX4NcKtT8lilk5b6txhjQTKY%2Fs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188565a6-FRA
x-proxy-cache
MISS
8-Best-Places-To-Retire-In-Spain.jpg
cdn.heroinvesting.com/content/images/2023/08/ 		214 KB
214 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/08/8-Best-Places-To-Retire-In-Spain.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f9b01a3da483e7102d50a7a205a0f52f0966cdbbf098aa9d997d2a549fe3fdf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
218865
last-modified
Tue, 15 Aug 2023 17:19:41 GMT
server
cloudflare
etag
W/"356f1-189fa35dd34"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TIAOXp%2BwhlfqfdQPTrriHyHwES7fB7FWqbfwFpKF6zyzOxP0z%2FrHq9%2BswDk7TCCsNLbDuO1eHrCQFptEXJ8CvpGQux9R0QIuYDLH6fCJBrg7iTd%2BCT80xTELhHQPIYdRQNfFO5TzL1UqaJzB3KIHTXk7L3c%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188665a6-FRA
x-proxy-cache
MISS
70s-Stars-_-Then-And-Now-v1.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		140 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/70s-Stars-_-Then-And-Now-v1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
47e0c902d11889abf7a636c8e981d7653995c8b30c22f7d01233275e199c3c81

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
143730
last-modified
Mon, 18 Sep 2023 18:39:53 GMT
server
cloudflare
etag
W/"23172-18aa9978356"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IxWyzvlBXGQ5JUyi%2FaqQa66suGw0D3vl5dJsvvZ92iX%2FbFQcfLMBGoJAgnzA5ZL4vp7FqeluEakl8uSNWCZq3ocA7B1tGlT2TJoPVVwxitlmMXpvFIOdf7DWYb2qskVR%2FKjVgolnr6iJbHM7RZKSLtE0BE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188765a6-FRA
x-proxy-cache
MISS
11-Signs-It-Might-Be-Time-For-Assisted-Living.jpg
cdn.heroinvesting.com/content/images/2023/08/ 		80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/08/11-Signs-It-Might-Be-Time-For-Assisted-Living.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
10e85cad8aa79f58268db0ff78f64523fd0bdf5a4e2d8286a49f115f8a86a4cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
81513
last-modified
Tue, 08 Aug 2023 17:59:11 GMT
server
cloudflare
etag
W/"13e69-189d64d8454"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ISr6ZqRqHruEsNAV8lkzNb3LWKFNhmociroVPejF95n%2BoI3NDBNE1jgJMPeNPNp1TkBLebaY5PP4ZFvTSlSEE9GH%2F%2F%2BZye7LWvzQFtXaAWe17em0f%2Fen%2FsxskPdT1l4C1xi9Tfi5D7L9Z0T%2BDXZxXorYWo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188865a6-FRA
x-proxy-cache
MISS
Celebrities-Who-Now-Work-Normal-Jobs-v2.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		166 KB
166 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Celebrities-Who-Now-Work-Normal-Jobs-v2.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9ddf06ff4aef8ed10ffc56e31c2e1bdd78a28481a39971a8e11d25cc64cb2b84

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
169711
last-modified
Thu, 14 Sep 2023 21:08:30 GMT
server
cloudflare
etag
W/"296ef-18a958620c1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPuhviYhwSOUIMB6x1%2Fjdy52QOQOnkh2l%2BYo40FJxx%2FR1%2F4BU3BD0nWATJ%2BqnC6IUBLXBLpuY%2BLFSXzcr9glQJ2c1Qdf%2B1cBjS%2FR2smNQYMRwtohNEwf2VSxSBB62Gcbw9DG9bUP6MQO%2FMHWSf57zyYzVlo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188a65a6-FRA
x-proxy-cache
MISS
Child-Stars-All-Grown-Up.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		150 KB
151 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Child-Stars-All-Grown-Up.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2ee5b4a88b61a823f3d2a8d95f77460081b9c656e513c346e163f721d936cc5f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
153669
last-modified
Wed, 13 Sep 2023 21:11:31 GMT
server
cloudflare
etag
W/"25845-18a906289fd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H5YF%2BGx5oAD%2FRM7V3cZfJ4dDRLTDUhCZTHD6snXR05Bj6YYhKd8Z5SlwplnDXxe1EcUFbeJCuuDL6JGd22PgDjCFTrx1Ft6%2FdGR3tmGimciG6gv%2B8gP2JU5st3BOWnytg5X4H4zcEE9unbgJ2Y7HN6m%2FlHs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188b65a6-FRA
x-proxy-cache
MISS
Richest-Celebrities-Net-Worth-Revealed.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		166 KB
166 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Richest-Celebrities-Net-Worth-Revealed.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b183decea5d7862cd0a2249dd1cfbfff7b9361506d61c12100b527260508bd3b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
169506
last-modified
Wed, 06 Sep 2023 17:04:26 GMT
server
cloudflare
etag
W/"29622-18a6b73cecf"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNNluQut7O%2F528Qsb1FYzDrmlgnANY07gip3hMDMxNos5s7kKN3zoNG%2B4X76f5RD%2BWHeipr7ttfM5lWyZLykkLqIQN2P5owy4QSYSia8s%2FClFjmi%2F1kMmUWqZQi%2F98loeXST6w%2FL01bwNQLq2kpezPVfbiw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188c65a6-FRA
x-proxy-cache
MISS
Mansions-No-One-Wants-to-Buy-for-Any-Price.jpg
cdn.heroinvesting.com/content/images/2023/07/ 		202 KB
202 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/07/Mansions-No-One-Wants-to-Buy-for-Any-Price.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2b809092933155217e4c079a6ee4f9f222dc7bda019697017a481d825e5c93fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
206498
last-modified
Mon, 31 Jul 2023 21:37:41 GMT
server
cloudflare
etag
W/"326a2-189ade2adf7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FvYIWipbWH1aeuwHBZqFoOS4d8RFqluyyfJPbevkt%2Bs5fYNQADo1uMFQolZEEpuhmjsyPJSmWNxTn2lY11jDCAMeDbYGUMusj4i78crQlCHWczN4DCJsbSv%2BKeCJ%2BNv5W0WbOm4avBCwJ%2BYPrcCl4EVerLc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188d65a6-FRA
x-proxy-cache
MISS
Abandoned-Celebrity-Mansions-That-Can-t-Sell-For-Any-Price-v1.jpg
cdn.heroinvesting.com/content/images/2023/07/ 		189 KB
190 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/07/Abandoned-Celebrity-Mansions-That-Can-t-Sell-For-Any-Price-v1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
cd132dc9cbf1505dc2496fc0a6401fe0b71731536bce145f02911957c1a82747

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
193936
last-modified
Mon, 31 Jul 2023 19:15:46 GMT
server
cloudflare
etag
W/"2f590-189ad60bf59"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Ll71uUNctNNYCIJYULys%2BLdrYQKUMleyWkgzFPBoNagJwr9%2FJa9Xng6ftH85I5mZ1earOgkSM3NX2GNXYX3DBi5ibAzdXJD2FZX7Qh5m6QkJS1cT1yEvYuXKMXilYciIi344MWPOb%2B%2BFbrzNUqWDpL06ko%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344188f65a6-FRA
x-proxy-cache
MISS
Legends-of-the-Land--A-Look-at-the-World-s-Most-Famous-Real-Estate-Investors-1.jpg
cdn.heroinvesting.com/content/images/2023/07/ 		154 KB
155 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/07/Legends-of-the-Land--A-Look-at-the-World-s-Most-Famous-Real-Estate-Investors-1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
af377810107047cffd1cbb097f000d85002b82817de4f80fcfe5189de0311809

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
158050
last-modified
Mon, 31 Jul 2023 18:58:50 GMT
server
cloudflare
etag
W/"26962-189ad513ed6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bq%2Fpdk7YpqITPvh%2BwWA7UIBk5z7jAScb3I9z3K3C3nD0yonH0jnpTjnnTWrA%2BAb3Qw74P7HNuNMx2PlQo7LNRJXliNkeE%2BoWBAwCFz7j5yhBUstN22kY3rL5mTaAMMhC95ks8WVx%2BkLvdcMixyhq3PBtxXg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189165a6-FRA
x-proxy-cache
MISS
Hilarious-Boat-Life-Is-The-Only-Life-v2.jpg
cdn.heroinvesting.com/content/images/2023/08/ 		143 KB
144 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/08/Hilarious-Boat-Life-Is-The-Only-Life-v2.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
30bbd756bf57f0ab238ae540e25864babf2bc5cae06da6d297ef07e769468c35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
146820
last-modified
Mon, 14 Aug 2023 16:04:48 GMT
server
cloudflare
etag
W/"23d84-189f4caf453"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGC0DJbu90i3HXLI9GobdTCBMeUxAIHCu3R9yKht3eS61YhUEkzkWi91iIGhwh9uH51Cdb51f4SEyUF4rx%2BkUMY18ta3YZKWqwFdx3pZJOAcj0C8F0qImGCnbraGbWiGM4i591nUYy1xCS7dYoQAs%2FgbfX8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189265a6-FRA
x-proxy-cache
MISS
Are-Texas-Municipal-Bonds-A-Good-Investment.jpg
cdn.heroinvesting.com/content/images/2023/07/ 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/07/Are-Texas-Municipal-Bonds-A-Good-Investment.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5bda6629647f72090e2e060d37a82b896e5db4c4f292a27c711713bb4af566ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
98149
last-modified
Mon, 24 Jul 2023 18:28:39 GMT
server
cloudflare
etag
W/"17f65-18989291995"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tpPsjKuz18DIYZC7cJFwTY38Y%2BU02xJSLvQQ6D1qwT%2BzVHG18%2FvY5DooaxVy9EFMU80GBYU67iSKeBUSAQ%2BHn4WHvqfRsOPcsV6hWChtahRmDc24H92P3ZC2l2JI4cxSNzXsSAokmwTPcg%2BsRGOdagn5GMY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189365a6-FRA
x-proxy-cache
MISS
Beautiful-Actresses-Of-The-1980s-Then---Now-v3.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		139 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Beautiful-Actresses-Of-The-1980s-Then---Now-v3.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5d90313e752d9a70502b59e6a405b2dd9bfe407becd61f1cc44e2a4c988478aa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
142535
last-modified
Thu, 14 Sep 2023 22:43:31 GMT
server
cloudflare
etag
W/"22cc7-18a95dd1ff7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JCvEP3SRZ5z74mLQzXBWsZqJ5NP6JnPYG26q%2FtQ0BRUpjV%2Bei7HKJB0%2BZv%2B8veQc0lgDCfTicmiTzUNBJ9BtFcN0Fz7SVy6xWZ9DUMCf4C66SpcwY3GK499oHfwwClL3Py26t1eV8oy7xdhI0G7IB0wnlw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189565a6-FRA
x-proxy-cache
MISS
Most-Unusual-Shoppers.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		167 KB
168 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/Most-Unusual-Shoppers.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
dc3b896b624e3166ce5175285bfa09e99afc2888caabb96b5f0473f0ca3bb036

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
30755
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
171161
last-modified
Tue, 10 Oct 2023 23:48:43 GMT
server
cloudflare
etag
W/"29c99-18b1bfe29d5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8D0Iqx%2BEM6%2BuNmy8Se9Z3rjhM2wIZRvIQtmmMkbDAVxefujAqW3SbLYCLDSjqS%2F8cj6DlJhCAr90C9YfXHCM5pWetGiFu6tJuTHvXjRTcHD4xL%2FbxLwqhASVb9aUCilYSDSHo4GWa1U5dYh2kaf5MHb5sWI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189665a6-FRA
x-proxy-cache
EXPIRED
Unlock-Hidden-Wealth--Exploring-the-Most-Valuable-Collectible-Investments.jpg
cdn.heroinvesting.com/content/images/2023/07/ 		162 KB
163 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/07/Unlock-Hidden-Wealth--Exploring-the-Most-Valuable-Collectible-Investments.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8712124400acb4adbdf68dfe256b6c07b1f0a20c43a28d58783001891e9be999

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
166219
last-modified
Tue, 18 Jul 2023 16:56:24 GMT
server
cloudflare
etag
W/"2894b-18969ee7df6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zLFiz1PUMZ0Xf0B0zQuS0Kj74NYQNnQECw6Trsbj0pvEXYbmvpyKKJCj2aBHmJ5LOCutm7Sgi5Ok3jsA7dmyj6XnJe7QKFYqm%2BgFR1eaMlhkPMc2WfoYMzCrqs8JTXcr1w8HTRYfU85JxPJbeCwFC2UdAM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189865a6-FRA
x-proxy-cache
MISS
Christmas-In-A-Nutshell-v3.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		180 KB
180 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/Christmas-In-A-Nutshell-v3.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
38169a43d6649aab2275328838c895f03265a4ce17c1ba6e8857baf4da449d84

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
184173
last-modified
Wed, 25 Oct 2023 18:53:01 GMT
server
cloudflare
etag
W/"2cf6d-18b682ed3a4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XRa7%2Fho8of5SO2u53ibyfkF9DHYvPPKNYzLW2MdsrAlthHC0sCbXEmj9guMOpNlHBfCwHW5vY2%2B3tS0JHml4%2BLx%2F43FXzLAwDay7WyOAI0EcjpxcprByWFdOm5%2F4zTsF8SpnTUozr%2BXv9y74TApckxK%2B9L4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189965a6-FRA
x-proxy-cache
MISS
Profitable-Paradises--Top-Mexican-Cities-for-Real-Estate-Investments.jpg
cdn.heroinvesting.com/content/images/2023/07/ 		203 KB
203 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/07/Profitable-Paradises--Top-Mexican-Cities-for-Real-Estate-Investments.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0c0dbe11130009b028ada6960f7e69e3d1c24cdd4a4294af0a9778339f1be6ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
207598
last-modified
Tue, 11 Jul 2023 22:08:42 GMT
server
cloudflare
etag
W/"32aee-18946ffe3e2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SrCB8xS%2FafZKhyFBumyAWm%2Bl%2B2XXIXxPim3liLYN%2BH4lpFjOBHDL%2FUwSlljsZ%2BSJaYjeORoGYfRAOMTBrICRGgE3ndk0ST88XQY1o5TF%2BH9PBU69hMUKJBNS%2BVBr4HPlDVlRM4Fpnz8K%2BMF7jgXn1X2JF10%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189b65a6-FRA
x-proxy-cache
MISS
Rarely-Seen-Pics-Of-Hollywood-s-Classic-Screen-Beauties-Colorized-v1.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		158 KB
158 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Rarely-Seen-Pics-Of-Hollywood-s-Classic-Screen-Beauties-Colorized-v1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b00e095c26a1cf90a20a5f74241458ed7f467d10fe92713efaac6b9e558f5d56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
161439
last-modified
Mon, 18 Sep 2023 20:13:22 GMT
server
cloudflare
etag
W/"2769f-18aa9ed17b6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5qUqyBYspHe0Sr0KOdTEZlDvOwrwsGQVe0H7YzEb4QLGmpo%2F93VcLhoKigvS6YF%2FYAMPxSH6McqJ4tBkWZ5umpFzGU3TuxoFZBIMQ6XkPXYaT1wfwlEH88nUQJVM8KiLdpTVQYdFbHbaV6MmUAPTTldwIA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c344189c65a6-FRA
x-proxy-cache
MISS
Diversifying-Your-Portfolio--How-to-Get-Into-Commercial-Real-Estate.jpg
cdn.heroinvesting.com/content/images/2023/07/ 		116 KB
116 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/07/Diversifying-Your-Portfolio--How-to-Get-Into-Commercial-Real-Estate.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
69c45b9cb0396b768d7bf68dbe59a89f7d5905bd6bf47656d7c7ce590707c2e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
118664
last-modified
Tue, 04 Jul 2023 19:50:55 GMT
server
cloudflare
etag
W/"1cf88-18922753b1a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5C8yWLGKoCkcZUKMhhi4FHckMkPSJpFXmm1a8juAoU7S%2F5v11Jcf%2FlZ4y5nfaZdx01kBuYrgiW3HV6%2BFIOucpRwxzuwVKF0ToLFPVG2lBqCcL1bM4SoIRiBn42%2F4VHXAIlztgS%2FBSCb%2BH3KxhYmtCG0YEnM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428a665a6-FRA
x-proxy-cache
MISS
These-Work-Mistakes-Are-Too-Funny-To-Ignore.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		162 KB
163 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/These-Work-Mistakes-Are-Too-Funny-To-Ignore.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fcf2d590317ceca4857d61b3de3861dc72cd6b3632daa57ad50fe047bec60614

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
166111
last-modified
Wed, 06 Sep 2023 17:44:09 GMT
server
cloudflare
etag
W/"288df-18a6b982a6f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T86Dt8BfCzXY7Is6mxMC6nLo6C7IAQzN2lAp4XHF82dFoBiEhuunZcyrYZrLTnIR6jkknSXMiQXORb4NuH1H2CQu1Cog1KtsDTVaEkd%2FXmhOBqrA1rWMm47jFDp8t25B6qIfBHst%2Fh1p3mF9AEuTYSElVIs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428a765a6-FRA
x-proxy-cache
MISS
Hilarious-Weddings-That-Didn-t-Go-As-Planned.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		160 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Hilarious-Weddings-That-Didn-t-Go-As-Planned.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0adf3c9350c649d2b7218be2bf95e0d362cfd57f73ddf4373f252fcebe4cb0a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
296678
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
164073
last-modified
Thu, 14 Sep 2023 21:53:58 GMT
server
cloudflare
etag
W/"280e9-18a95afc104"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SyoAdBXqMoji%2BcfUlYKjr%2BO7vY5zXIcOhhWKP2KKBYN14jVh3RhLWiWVckxO6ih5zuF4XpUexvC6JjV0yQtH9JwzEOQQu81Ru46KQGXHE5tsSqZWccgZAgwOX5CknJPDwVQhyXtWAViQnWPSM66BJD2i6yE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428a865a6-FRA
x-proxy-cache
MISS
Inside-The-Most-Extravagant-Celebrity-Mansions.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		210 KB
210 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Inside-The-Most-Extravagant-Celebrity-Mansions.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f4e357ce8bcfae0dfa36a5705311291180ea2bc11f8e5b182685383e088b16d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
214806
last-modified
Tue, 19 Sep 2023 19:32:57 GMT
server
cloudflare
etag
W/"34716-18aaeee7510"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kNHiAU5JCIvqTln%2Bk43J4wai25OYGdy6dcKEW0kR0Bg3iUCt4idd5DzvstceUcRG8Eu0hAPwXZ65OtwHcy1iCmybIhOm7PM4b4W3Fa%2BMsETPwp4LS0Mpsefre0oRlMznCWCrStQ%2FXwp8FqxFDEEORWccQvI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428aa65a6-FRA
x-proxy-cache
MISS
8-Best-Places-To-Retire-In-Tennessee-1.jpg
cdn.heroinvesting.com/content/images/2023/06/ 		155 KB
156 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/06/8-Best-Places-To-Retire-In-Tennessee-1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2f81a0db72dd60cad903ccf6f4cb0eb23de179c450040731b5a5e90fca85840a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
158723
last-modified
Mon, 26 Jun 2023 21:05:02 GMT
server
cloudflare
etag
W/"26c03-188f98637aa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9vnc0S2h%2Ff0jihWif%2BffeP%2FBaByqin2r3I1j%2BdAd%2FEEnCsSzgF1%2FbbNSZ2eZXCnpNDh%2FuG5b%2FvPG7yOIsNlfomi7LcoYrrBKsdFM2eefFCHHSniCTG89flFrmPqAxpUM0bUrz7jQ6GEughSZBVUyDqMVLgo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428ab65a6-FRA
x-proxy-cache
MISS
How-To-Negotiate-Credit-Card-Debt.jpg
cdn.heroinvesting.com/content/images/2023/06/ 		117 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/06/How-To-Negotiate-Credit-Card-Debt.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
21ab500bcb9567d957868c369e32d24e3de5c9d0077037a528b0e43ade895d59

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
120078
last-modified
Wed, 21 Jun 2023 17:47:36 GMT
server
cloudflare
etag
W/"1d50e-188df11aaa1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zw0iGIcoM7wuiv7f5I2DHXWZZmcVhX5KoMNkxwzVY4pl%2B6FLdz6qLeO%2F954kgkQwHgSDElM92gKjSP1unxly2FGusBEijXnMv%2F%2F7hjk0GF7OsO1q6w2YdV06iJM6DhpBXedCU0VWI%2BWZC%2Bf67lYhaZAZoJk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428ac65a6-FRA
x-proxy-cache
MISS
Header-TemplateDiversifying-Your-Portfolio--How-to-Get-Into-Commercial-Real-Estate.jpg
cdn.heroinvesting.com/content/images/2023/06/ 		136 KB
136 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/06/Header-TemplateDiversifying-Your-Portfolio--How-to-Get-Into-Commercial-Real-Estate.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a419430671c692bb6feaa153dd70c8cb45d7330af771945627517c69f9178e1d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
139271
last-modified
Tue, 13 Jun 2023 00:16:12 GMT
server
cloudflare
etag
W/"22007-188b21c311c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RIYK24MK4Lg6jYWXTPSC1MT2Bwe%2BmjwRsxKJE6hI7lvfJzhUoIc3hxKjDcXo%2FJt0EAswAGjy2j77sxrlvP2YWAMNv9gSwyDttZplw9LY4n4XNNFHRLdmnsswU%2BNEMOwSNjbrxwIFJB8X43b3qnUSolkrsco%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428ad65a6-FRA
x-proxy-cache
MISS
Wholesaling-Real-Estate--A-Beginner-s-Guide-to-Profits.jpg
cdn.heroinvesting.com/content/images/2023/06/ 		187 KB
188 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/06/Wholesaling-Real-Estate--A-Beginner-s-Guide-to-Profits.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ff451152a1b8870a4eea684a88cebe0e7c2da192ef293cf24ca8f7df671fc60c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
191932
last-modified
Thu, 08 Jun 2023 16:34:21 GMT
server
cloudflare
etag
W/"2edbc-1889bdbed1f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8WooRgMcbOuVg9SmHXs%2FXxA6dFiDPLF4tR0en0zfG8ZtULgVGiuq8xBDsHa8DV1UYtuhu5ep%2FbVc93QpJ52dHC73dz7FaHO34aSFaqkCJGBlXaixJBXAHgg6LLjZHXLib7eu%2Fs4%2F6bBdMMt2Lu5gbZ7m1Pk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428af65a6-FRA
x-proxy-cache
MISS
Try-Not-To-Laugh-Weekends-In-America-v1.jpg
cdn.heroinvesting.com/content/images/2023/09/ 		150 KB
150 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/09/Try-Not-To-Laugh-Weekends-In-America-v1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
bf4aee80fda9289a2513b0a11860587a459ffff6f514377f4144f3b49d131923

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
153357
last-modified
Wed, 20 Sep 2023 16:25:24 GMT
server
cloudflare
etag
W/"2570d-18ab3691b9c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GsWwWu3tOAOC2UfhvE8cWTr%2B4EoKIrnrebosHBq827LjaNmHIVIhXPCleYT371vkPOhpGy5H6eGEcOPEMTAXFPIQ1RTVxetkqBGjHH7NtAkjuY7%2FDUZ6navMgV%2Bp%2BAoll4lsnY7GzV01c%2FkfU1J521%2FbLxI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b065a6-FRA
x-proxy-cache
MISS
8-Best-Places-To-Retire-In-California.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		209 KB
209 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/8-Best-Places-To-Retire-In-California.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0e9bc90553426ee05176b51669d1158118047057a21b7210e2b3949867552607

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
213944
last-modified
Wed, 31 May 2023 16:13:16 GMT
server
cloudflare
etag
W/"343b8-1887295c125"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ynNCTLbi3%2FrJeTZhevsCrLt6TCqy8jI77o8G4Y8j4JEBLSxU4k7uiGuFNaP%2BTfVT2lsKSzXj1FOYcmUok21ZgtllpYejR%2FU7Wxo6iYQduqaRKfGhn2gJycT%2B77QQzpbFibnp3kvjzqf4kouauwkV3XUR0oo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b265a6-FRA
x-proxy-cache
MISS
Volunteering-Abroad-for-Adventure-Seeking-Seniors.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		107 KB
107 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/Volunteering-Abroad-for-Adventure-Seeking-Seniors.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
67d925b372e6d3c1f16737bc4c3be142c656d3584b16a3db4225ea7206276d26

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
109406
last-modified
Fri, 19 May 2023 17:10:30 GMT
server
cloudflare
etag
W/"1ab5e-18834fdd54b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hbBoMkU6B1A0vJh%2BssXPphQeGG87MLLopj1VGvcL1cKcr0oSaVTYmOYO1J6Yp9XOBkEq9YWxwGI0Fag4WqVtMJo0Uh%2FCaAzLA4W14JvZ7g0pd7t1Cm22%2BgIQO3ssFkj41hJAIFoPJN%2Fl0x5F1LLxoUEpTI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b365a6-FRA
x-proxy-cache
MISS
Tips-for-Avoiding-Living-Trust-Mistakes.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		170 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/Tips-for-Avoiding-Living-Trust-Mistakes.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4a17bf30016786630e6f00ef0689bbaff043fe680fbc0991dfb57aa5cff60ed7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
174107
last-modified
Fri, 19 May 2023 16:39:06 GMT
server
cloudflare
etag
W/"2a81b-18834e11743"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kB1hTH%2FzjGkFPKaCud%2FT6LmyGfss%2Fli6%2BIyjKlhms0BbdNrX2IUP%2B2NcNQossQzXu%2BdNKx%2BR%2BAaOP0Ny3%2FZ2pVtP2i7Kwm5D41dHWjn2A%2FBgW1MS5GxarMxQWDY5YQxSiEcfIIxedPyBZJkKb4Pux9HPa80%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b465a6-FRA
x-proxy-cache
MISS
What-Happens-To-Credit-Card-Debt-When-You-Die-.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		102 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/What-Happens-To-Credit-Card-Debt-When-You-Die-.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c3a7d1b2bb387c1f03e7809c00b4594b3f80dc72cc1b664dac82d8d168d9b0f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
103998
last-modified
Wed, 24 May 2023 16:49:41 GMT
server
cloudflare
etag
W/"1963e-1884eaa926f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=50%2BvWqeIWUZ9fw%2BTlm%2Fw2l5Q2eGmCW1SVzB1vjmwpoGO7ZOCNsPIaY2F0C5p5ATmMKtVbntUtuwNk0Hc%2Fo8%2BPO189Ho%2FX7UCioGh%2FeHTXBqSXYjmYFmfKQojM9xQYYPZOxs1jI9Z3odjM4mCedNpNgfjdgo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b565a6-FRA
x-proxy-cache
EXPIRED
Why-Should-You-Perform-Volunteer-Work-After-Retirement.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		96 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/Why-Should-You-Perform-Volunteer-Work-After-Retirement.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2506212509b1d340b5330bbc500c0226469fd51e2c9fd182facff7b6ae64da24

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
98331
last-modified
Fri, 12 May 2023 23:31:31 GMT
server
cloudflare
etag
W/"1801b-188124e2464"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bd0U85Ny9HHcQlS5KeCAvkjidLcCgGyduvu4AGrTtNpYwyWY40tTEkkNwlythF6c%2BmPJj%2BI%2BtS5Y%2FfnzPs1nPD7WoLNcsBm20ejFzHV0ADTybXUcCVhmvPWmRgc5CLBBMatGZHB7pB0q%2F61P9XHbSuiX3qw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b765a6-FRA
x-proxy-cache
MISS
How-to-Choose-the-Right-RV-for-Your-Retirement-Road-Trip.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/How-to-Choose-the-Right-RV-for-Your-Retirement-Road-Trip.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
cf203740dc9baffee1d429b0b0f17846eebbcc3437e01026b4617159a5419204

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
98087
last-modified
Fri, 12 May 2023 23:25:59 GMT
server
cloudflare
etag
W/"17f27-18812491662"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WdPaqKFLWZLXaCkZRhLTwAtifbae6610TjMMDS0Cp6wbgPWlUzIrrpuWhw02vi2EsnH6Wnj41SPjSSMzqcmsFuZ4fhG2ce9xo9OVzu88Lm0lwAyzekiLjoYY9Mlc8mQ%2BQxK1OcKRdtEmIS210Szua%2BoRIHw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b865a6-FRA
x-proxy-cache
MISS
Managing-Your-Retirement-Portfolio.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/Managing-Your-Retirement-Portfolio.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f0a272140f39235a8c48f5065d49e3f9a9cef387f8a3a76ef56ea4cd43783376

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
117055
last-modified
Wed, 17 May 2023 16:56:10 GMT
server
cloudflare
etag
W/"1c93f-1882aa3fe6c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IU1eObM1qdzteDWMYDUF2Ic9DXjteGt1aaCqZ8N1aD51vT8VI%2BtIQttdMEHNEI2IE%2F53dPyaS11yP3AF8Qu6xczKPmuchTQ4FIB%2F4MhNxYvxRRj72wmGV2AMTriHWV%2FYM06NyxbsY3Gp%2FfV%2BpVvu3kQHT8A%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428b965a6-FRA
x-proxy-cache
MISS
Smart-Ways-to-Budget-for-Expenses-During-Retirement.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/Smart-Ways-to-Budget-for-Expenses-During-Retirement.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8fdd3ef0e419019b4ed7077983c7c32074e85493e323033dbadc3dbfddbbcc60

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
52999
last-modified
Fri, 12 May 2023 18:14:56 GMT
server
cloudflare
etag
W/"cf07-188112c502b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXWrQpPt8aGX%2FvQ9Yydr9pY9XgW6q8ktRIwhXTih6Ht7wgudsgMLxFlorKaVkLka4RPcfc%2Fq0LXOJuAb%2FKNVdAZ4Ghsv3LVSZ6PQ8m%2FFBT0K7R159i8xVN9eib4Vro%2Br05ru32Px%2FJmxjTPbsBSrdFahjz8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428ba65a6-FRA
x-proxy-cache
MISS
Best-Coastal-Retirement-Communities-for-Beach-Lovers.jpg
cdn.heroinvesting.com/content/images/2023/05/ 		107 KB
108 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/05/Best-Coastal-Retirement-Communities-for-Beach-Lovers.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
cb7ea6a539cc6f9a651bde3ca31fefdda677f55ce3a63f82c4b8c3b20e47a77e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
110054
last-modified
Fri, 12 May 2023 18:06:24 GMT
server
cloudflare
etag
W/"1ade6-18811247e87"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLtjAZkf%2FcBzxE4etNxuv05AY6sD%2BpOKCAiq7wlRLCINbjurLRaCo30RvKkv6cmZZHZ%2Fs1fKL43A6cMw83FAnBIcDyiSq978TPg7j9aE26wxVMKqfrU0U0lAx8QBEMFU%2BaMm53E7e4O%2BNfrhBn3CuZPUXIw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428bb65a6-FRA
x-proxy-cache
MISS
Iconic-Vintage-Photos-Capture-More-Than-Expected.jpg
cdn.heroinvesting.com/content/images/2023/10/ 		140 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2023/10/Iconic-Vintage-Photos-Capture-More-Than-Expected.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0b1f978922b7cefed8ac48debfbf7443b859425a36a3df23ed8b7620fd9963fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
143459
last-modified
Thu, 26 Oct 2023 23:36:43 GMT
server
cloudflare
etag
W/"23063-18b6e58eeb1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygPK3beaapViqG490%2B%2B5%2F%2F0Il7IE2IAGWp3sh1tlXPgNCvvVfWXdjCo6Jpu%2Fv4h20rXSuxq%2F2T1zYi2BxGyxsC%2BPJ4aZDblD%2F8Pihc0gbWzRlE7EZBO2nZqcwtLj42cfAlL4ysiUeBqG8V5upt0EIIXagco%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a1c34428bc65a6-FRA
x-proxy-cache
MISS
23331d4.js
heroinvesting.com/_nuxt/ 		1 KB
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/23331d4.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e800:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
e0625a022bd3b199157833e0338f4eae7eb814ad18da77a4f315851c3e0d2e57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 20:00:00 GMT
content-encoding
gzip
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
583898
etag
W/"47e-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
R5nvOCWgzDVcZEm1Wbg_ezE10rp1sLsX056m-8D3RfXBKKgAbNRv8A==
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		101 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5b91ab3d018aacfb63598f8ab24ad7f3033e36ba2133ed79f0c2822b5a9caecf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31647
x-xss-protection
0
server
cafe
etag
962 / 19683 / m202311090101 / config-hash: 16204867678510254442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 22 Nov 2023 14:11:38 GMT
yield-manager-script-v2.2.8-prod
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 		99 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0e50db0d6679dac85be85bf1cc2c0d12725b403a32d8d33f0bc45c676be8978

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWuXdLW%2FMWbWlagj509%2FjeU8R8%2FX5nc7y8Ctux7okjHiU4KwKcegps7yB3ORePA3W5J7Oj9cokDiXcBluR9%2F1Y%2BpjUGO8nHBk0vTO6rfCxh7HUzd4JWXhjbqXxda9W7%2FqUJ3DWzazrxh3VE%2FvysrQuvjV5RLCDKel1%2FZpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a1c344ea0a39c2-FRA
alt-svc
h3=":443"; ma=86400
apstag.js
c.amazon-adsystem.com/aax2/ 		267 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-37-209.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 13:43:11 GMT
content-encoding
gzip
via
1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront), 1.1 cb64e02e44588dfd13b2a4b2483c404c.cloudfront.net (CloudFront)
last-modified
Mon, 13 Nov 2023 20:18:44 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, MUC50-P2
age
1708
x-amz-server-side-encryption
AES256
etag
W/"2d08dd94de483579c1dc3f3783c06f6e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
gpVK-F9b1L_nBwghvFD5TFDLFbHxjLpbtGBG0eRYDEhU97w2kheqnA==
vRL9rGsaHH7Mx6NDN.deploy
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 		565 KB
169 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b952ae1a582910bbfd4efa3b03c3dd91b903fc474d62dbbda8db0729f34ea02c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fr%2FirCi5h5ahjg5tbrI5aceZkQmoLWbtiJz%2Fb6yhwOFksy%2Fh%2Bmz4ECPzphc3NN42UlWWDjNyKK3IyPm51Stf3jEoS8f6b4WVFehuD6or%2FA2PcI11FrwKuM0bn%2BOkh6ntBIlgEJRgW1mN7YWiMpnnV7vlGhytGt6rli9vpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a1c344ea0c39c2-FRA
alt-svc
h3=":443"; ma=86400
nYpzKWqvlq9.css
static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/ Frame EB29 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/nYpzKWqvlq9.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2863b52bbc74d053b6415278249cb4258747dd6f355f6ba30739b1f84e76861a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
o/7VM47+HYG0hT0S5PaW4w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5162
reporting-endpoints
x-fb-debug
aF3rAcAJ8BvcPziFgvFztltb2oN0uE7IFpCYyiI6MI+L3ddwc52ebYiH3qA81nWw8RaxmEp+jj0u/irfzIevkw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Thu, 14 Nov 2024 19:20:44 GMT
4QNrDZlUEha.js
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame EB29 		354 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/4QNrDZlUEha.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2a825d7064ec55137b18338cb054d681dd83bfb5b1748dd73a97dc655f60f6dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
FRh78VAxIpPdFdf+hnWh+w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
93698
reporting-endpoints
x-fb-debug
dDJCgW4W6K04HiB8/hs0XTi/JV0Wrm2aaZkeOwO228U8esb7I5kXQ0i8V4phfIHILFzV8KxcFFXFOjrlEtvr6A==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 16 Nov 2024 01:17:09 GMT
b_OFeehPNlN.js
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ Frame EB29 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/b_OFeehPNlN.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0a059e6e40c554ecbc83955d6bc031af1fe8adc0070e7630b8bd73eb94f65c71
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
zzid7JviIdKBgSgVn23PJA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2278
reporting-endpoints
x-fb-debug
lxckdRbjNfBTnwyiRnsLT63S8Dk92JnNfP2l70GdR4B5ef2hICCJvqBt6X6lvUJzT4EXP8M0vuO0Zxl16JfX7Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Thu, 14 Nov 2024 16:12:35 GMT
Mwbeih08K_0.js
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ Frame EB29 		94 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/Mwbeih08K_0.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d710a08e346f38576d6e37a705127c0613322ab3e3d0fe0e6cdfe694b8471f62
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
WFTT0JaFigU976eC+N/HRg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27415
reporting-endpoints
x-fb-debug
MKk0a/GiQJka8i0+HIDSBdTYTyjhPRC5oNtKe8lt7tgx21DZ4w8Q7vA85tOCRKTI1k/FnIQSgepInK9VsBBqWA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Fri, 15 Nov 2024 07:27:42 GMT
IFmJ5c2dA79.js
static.xx.fbcdn.net/rsrc.php/v3iAxA4/y5/l/de_DE/ Frame EB29 		102 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/y5/l/de_DE/IFmJ5c2dA79.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
af14027e2986a3c157a1aa716c77938851b1e99a80f86850611f771e71190c50
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
EW2J7Hr7kJbGcNe11rTIJg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
30036
reporting-endpoints
x-fb-debug
kMwXwg1KDW2HZotPSU7DCeGexIRz0ehSZYB/6VSen+SVNqPPOfAPkZ1FXWpueOvGZGXreeHsweTZmxxt4RcF1Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Fri, 15 Nov 2024 07:29:41 GMT
p55HfXW__mM.js
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ Frame EB29 		507 B
996 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/
Origin
https://www.facebook.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
L5E9gSgR735vyjAzTFly4g==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
293
reporting-endpoints
x-fb-debug
QDCvM9fFGGpdLzKua7R6vgMwoIf3ncqT8TMMBiQaMFRGW1g9l1KgG5EkeDGWKsK24510aJFRTULFEsc7FZ6Ibg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sun, 10 Nov 2024 16:46:15 GMT
278482311_116380361018885_1836512003623861853_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-6/ Frame EB29 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t39.30808-6/278482311_116380361018885_1836512003623861853_n.jpg?stp=dst-jpg_p206x206&_nc_cat=105&ccb=1-7&_nc_sid=5f2048&_nc_ohc=c5HDevnmryAAX-DclyA&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AfAHHkAry5jC8uTpMIuz8KY3vplvgNdKNUYIXqOyPHbJWA&oe=6563CF03
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
dedf366251268708e5b04677d175714ed61cd669e16383f4857f2df80647b466

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
x-storage-error-category
dfs:none;sc_p:200:WSE_NOT_SET
last-modified
Wed, 13 Apr 2022 00:24:14 GMT
content-type
image/jpeg
access-control-allow-origin
*
content-digest
adler32=3536979056
thrift_fmhk
GBCReqiiQ7w7mlcshJpYQUMnFfDr4Z0EAA==
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
2405290262
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
6716
278502272_116380517685536_169863435363523684_n.jpg
scontent.xx.fbcdn.net/v/t39.30808-1/ Frame EB29 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t39.30808-1/278502272_116380517685536_169863435363523684_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=104&ccb=1-7&_nc_sid=5f2048&_nc_ohc=XGI4o2iQ-BkAX8lfUov&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AfCGQGuL821r95ZvT_Z8V79ZR3L2z2eorZyzIgbHkPw3tQ&oe=656365B5
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=360&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
535291b89d01e51c8366ca2268b580c203f70e106d5e0dddaaa2fc7d5b2235b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
x-storage-error-category
dfs:none;sc_p:200:WSE_NOT_SET
last-modified
Wed, 13 Apr 2022 00:24:57 GMT
content-type
image/jpeg
access-control-allow-origin
*
content-digest
adler32=1610464874
thrift_fmhk
GBDCDUJ5pzcP9cXiIUo7J/6dFfDr4Z0EAA==
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
2857374795
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
1427
latest.js
static.kueezrtb.com/js/ 		203 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.kueezrtb.com/js/latest.js?_=1700662298414
Requested by
Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2414badced0e65e0d68b7fbe36506f936f39d76ac7506e9a3fc3480a7ce652a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 09 Nov 2023 16:06:41 GMT
server
cloudflare
x-amz-request-id
CX5FGZP1TRAY460E
age
265391
etag
W/"42940e383bd2f06e3d801c6872fec418"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-access-control-allow-origin, x-amz-meta-access-control-allow-methods
cf-ray
82a1c3451b208fc8-FRA
x-amz-id-2
u4LjT2hSs/mX+ut8/cxRobzP37SBXQIgRpPZbcLIILBErU+iNfCVHXfNfqNkFjEEcuL/hfE/Rxo=
cmp.js
static.vidazoo.com/basev/cmp/1.0.1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/cmp/1.0.1/cmp.js
Requested by
Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vwpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:651 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b70b5ab26a51f7829a43fa74bbb2abc2fab541d5842d7c481274f9aaa239a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
THJ8PTYHWNR62A0S
age
42369
x-amz-server-side-encryption
AES256
content-length
1392
x-amz-id-2
/bCLEw/0kRRPQPdG4ohjpi77LgtNI7GMeVKACN7safN2h0QZjIhXIq5liCAeT70yL1BkmtvzJ1E=
last-modified
Tue, 26 Sep 2023 11:15:59 GMT
server
cloudflare
etag
"ae30727db9cee5c3bcee5965142f5f72"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a1c3452a0f9125-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 14:11:38 GMT
tcf.js
static.vidazoo.com/basev/tcf/1.0.2/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/tcf/1.0.2/tcf.js
Requested by
Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vwpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:651 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e602d10aeab60c205781599d1dd4e46d615c1938e62f66d5752fb08ad800fa2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
2GXZR0CGTFKDPMWG
age
47532
x-amz-server-side-encryption
AES256
content-length
5069
x-amz-id-2
3hF+JMmb2feUCqYZp3SXhrmzy6Z/gPkeCEBppu1GiEhFNCOxd0ODvzNEJ5A1CtBAuSeNBL8DPmA=
last-modified
Thu, 27 Jul 2023 14:01:24 GMT
server
cloudflare
etag
"ccd7d1f71f0b08742cb487f337f006fb"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a1c3452a119125-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 14:11:38 GMT
js
www.googletagmanager.com/gtag/ 		206 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10887832869&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3f4c97d1f004d9adb1e2df416644f1544dd760eeb17e3ea573206ecb9393cd94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75317
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 Nov 2023 14:11:38 GMT
collect
region1.google-analytics.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je3b81v879042239&_p=1700662298143&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1909277577.1700662298&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=index&dp=%2F&dl=https%3A%2F%2Fheroinvesting.com%2F&sid=1700662298&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1072
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-37-209.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
date
Wed, 22 Nov 2023 08:49:47 GMT
x-amz-cf-pop
MUC50-P2
age
19312
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
C4Ff38M8SQ_gEcYaNTpbBvKZzkWwMsjoVeXIPkoF1j82UcTID9kqiA==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/?random=1700662298629&cv=11&fst=1700662298629&bg=ffffff&guid=ON&async=1&gtm=45be3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2F&tiba=HeroInvesting&hn=www.googleadservices.com&frm=0&auid=1161652064.1700662299&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2F&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10887832869&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ca205937385e136bbf7757cff2a75ee59d4cb157c847b2e4abf2b351c06d387c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1249
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame EB29 		573 B
712 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/nYpzKWqvlq9.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0,cross/nYpzKWqvlq9.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
x-content-type-options
nosniff
content-md5
07aG/2AEtDHVAZ5LUajMDQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
573
reporting-endpoints
x-fb-debug
xzSMIq/DjjDmxFVjDrzt9NmGCM4gA/tZY5n4ZdJMmdWJvo6JW5SrYeiOisjgoWDmdncN5AlwAKBj9OObSDL1UQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
priority
u=3,i
expires
Fri, 08 Nov 2024 05:04:59 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 		429 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:38:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
12781
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137535
x-xss-protection
0
server
cafe
etag
18342593356503948095
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Thu, 21 Nov 2024 10:38:37 GMT
fpd
u.kueezrtb.com/ 		244 B
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://u.kueezrtb.com/fpd?_=1700662298707&yv=29acde3
Requested by
Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/js/latest.js?_=1700662298414
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83dfaad4d5f12ce36a8c1deee6d8fa578b17d31411f003fade2f3db5160b3828

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
cf-ray
82a1c3470d508fc8-FRA
content-length
222
dye
track.kueezrtb.com/ 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:init&_=1700662298706
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c3470d518fc8-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:init&_=1700662298706
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c3470d538fc8-FRA
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:fpdr&_=1700662298707
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c3470d528fc8-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:fpdr&_=1700662298707
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c3470d578fc8-FRA
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fheroinvesting.com%2F&domain=heroinvesting.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 22 Nov 2023 14:11:38 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
193960
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
d34c3868-1544-44a2-9899-167326b5d575
config.aps.amazon-adsystem.com/configs/ 		537 B
805 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/d34c3868-1544-44a2-9899-167326b5d575
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-122.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
7ab3ebae891a75d2dfbc5dd36107f16a0b9ba271694c40f5b55279b4d69c9d53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
via
1.1 f212784a4dc77817b66a91a042658fa6.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
MUC50-P2
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
537
x-amz-cf-id
_hM2TN5U3nBgbGjqswVPs8z9oQ-M-1KVnkDdghQP6A9sb_tdnRmHbA==
config
c.amazon-adsystem.com/cdn/prod/ 		0
313 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fheroinvesting.com&pubid=d34c3868-1544-44a2-9899-167326b5d575
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-37-209.muc50.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:34:01 GMT
via
1.1 cb64e02e44588dfd13b2a4b2483c404c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
MUC50-P2
age
13057
x-cache
Hit from cloudfront
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
hTCXrHNy79M5JfOWRv1J8x0UL9h5nnAQ7kaJaBC_MIWHXqyUfBSuWQ==
envelope
lexicon.33across.com/v1/ 		49 B
251 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lexicon.33across.com/v1/envelope?pid=0015a00003Ek3OWAAZ&gdpr=0&src=pbjs&ver=8.20.0&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
via
1.1 google
vary
origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
json
gum.criteo.com/sid/ 		2 B
376 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fheroinvesting.com%2F&domain=heroinvesting.com&cw=1&lsw=1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:38 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
201259
expires
0
d9core
d9.flashtalking.com/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/d9core
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.19.59 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash
44598edeeb264908da136f46d23b7f9a7900bf887b8ced23ec332dec69558964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:38 GMT
Server
Apache/2.4.52 () OpenSSL/1.0.2k-fips
ETag
5bc31bf7d4a298e1bef9d35fce222bfc
Access-Control-Allow-Methods
GET,POST,SERVER
P3P
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin
d9.flashtalking.com
Content-Type
application/javascript;charset=utf-8
Cache-Control
private, must-revalidate, proxy-revalidate, max-age=172800
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
10814
prebid
id5-sync.com/api/config/ 		136 B
419 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533568.ip-162-19-138.eu
Software
/
Resource Hash
0c945aa0bb5ba5a939754f316628f652efd88279fdba1fda70102f12984e7c9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
id
id.crwdcntrl.net/ 		43 B
318 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.24.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-24-0.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:38 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
x-server
10.45.4.228
access-control-allow-credentials
true
content-length
43
expires
0
config.js
cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/ 		89 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/config.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23af93c9b164275cac4f0854507fbd3cf31ae07b91538cad58d49ed8fabe443a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 22 Nov 2023 13:09:14 GMT
server
cloudflare
x-amz-request-id
TJSPBM1A9J3702YF
etag
W/"d8bbb9b8f6f8af77aa1625ec018c7114"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a1c347aa7a1989-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
3Nbg4Qv5koOQ5aN2OnPr1CrqRtItawhHfz+NF7baTQy8mGM3FM1Ah1VlXZzwje0iK1JOK9X44oY=
client-v2.js
vrl9rgsahh7mx6ndn.ay.delivery/ 		90 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68c17e743f229f07f1375bd906669e46147d13fd2c92be22317bd3d4e505b5e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 22 Nov 2023 13:52:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nkvdp4nQkWVd4w9QQo%2FVy62eqqzBxIkU1h9xV5K7wrAezQyMWY06kiX2YMWPqSFLfEXfakRLHnMrHK6gFxLEdRw3zdgfV%2BNZMqItqmk1DvXdjHi6boX59M00PRkr1hmaW4931Fgtl2PP1TJA67oJ2kD5oWrnrnRPrShRrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cf-ray
82a1c34718451e5e-FRA
alt-svc
h3=":443"; ma=86400
localstore.js
script.4dex.io/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:38 GMT
Content-Encoding
br
CF-Cache-Status
HIT
Last-Modified
Mon, 06 Nov 2023 14:13:09 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Age
1381379
ETag
W/"e90435520cec1363a82b67d8298d79a8"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FxgPuFJAT9F%2F2oJ0kDryZaQ2LPt%2FHpEm2lDf5oAcH%2BIRN5pNwJxwX%2B4xOZUkru8%2FDCpAkk77LLMq%2FGXwYUMtraMGPJtnKReiKDl3scaJ8EOHjLwyBouJThThWT2oQX0biBs%2FGsnRhRfeJ3%2B"}],"group":"cf-nel","max_age":604800}
Cache-Control
public, max-age=1800
Connection
keep-alive
CF-RAY
82a1c347a84a9165-FRA
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2F&pid=1fyzoRAcx9Ew1&cb=0&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.191.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-191-32.muc50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 21be3420a436f8727342146a9b19af68.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
MUC50-P4
x-amz-rid
FZQFBD0G6QRS988NNHHG
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
zMHSOsC_3kkZwCbwmQ_XAWXxnvM6esysL4QLX0lhKuyo5DRs0RIimg==
/
www.google.com/pagead/1p-user-list/10887832869/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10887832869/?random=1700662298629&cv=11&fst=1700661600000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2F&tiba=HeroInvesting&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2F&fmt=3&is_vtc=1&cid=CAQSGwDICaaN0ofVovHBWmsbbhQOSF-_OsBOCLdKhg&random=2604797361&rmt_tld=0&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10887832869/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10887832869/?random=1700662298629&cv=11&fst=1700661600000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2F&tiba=HeroInvesting&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2F&fmt=3&is_vtc=1&cid=CAQSGwDICaaN0ofVovHBWmsbbhQOSF-_OsBOCLdKhg&random=2604797361&rmt_tld=1&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
22890879159
fundingchoicesmessages.google.com/i/ 		161 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/22890879159?ers=3
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
29941692bb0759e585de4cc78396732acfe7e4e69346e452ecd1d74f30d8cc57
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-vfgAS879Zbt02SUKbTvPiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-security-policy
script-src 'report-sample' 'nonce-vfgAS879Zbt02SUKbTvPiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
api.assertcom.de/ 		0
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
65.21.238.88 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88.238.21.65.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
hash
vrl9rgsahh7mx6ndn.ay.delivery/ 		4 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/hash?e=vRL9rGsaHH7Mx6NDN&k=%7C295&v=5000
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
262b06d105e1c865b01c3e0a74291cdae511ef15f3d456e14fbe2dffd9efe3b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
4
last-modified
Wed, 22 Nov 2023 14:11:38 GMT
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMmMDZTntz5qZdhJvGhMmUF2HWz9YhPCYJWGOgrp%2FhdNMBsBTmdKR8fri4lSNz7SCvLCnmRKiMhLiHW%2B4obw6sOo%2BvB39ysV%2FFnxQ0evJRo1U1jffmq6OcNpwdxjQ64KpsospDexE7nndoF1wpntqlUlsXinne4qj6w9UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=1800
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
82a1c3483cee9273-FRA
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
pageview
api.assertcom.de/ 		0
310 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/pageview
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
65.21.238.88 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88.238.21.65.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
linreg.min.js
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
linreg_da.min.js
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 		187 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg_da.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b76b819a56cefc5344fabd9df41fdab467b1038d63992c2cabe70ab71d44c8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Nov 2023 12:49:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
699
etag
W/"655b55df-2ebee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZHnN7HTnH7SrSRu6EnsnyMLjg4kJHrx4t3whRLFY7KWUhvjosp6h%2BCuOlJE5Iag4iOyhKbkSshHhhaZRQcSZFvwq6HQX3T%2FI65n5zfNpu9%2FC3bT6GJpoiU7BkbTElljxVkcXIFH%2BJKhH9VTu87VQelKb806pATCxMSJGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a1c347da151e5e-FRA
alt-svc
h3=":443"; ma=86400
forest.min.js
vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
277 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.116 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533567.ip-162-19-138.eu
Software
/
Resource Hash
1fba390cf716bf6f81d7888adfb489d01bc6e7882d3c4f412a223f4154425f3f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
script.js
cadmus.script.ac/dahhc4ozyvjm6/ 		129 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
716425cd0fe759b9d4e1d4bc35fb7658eb7a6f54568786f92f46266f9fffce33

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:38 GMT
content-encoding
gzip
last-modified
Wed, 22 Nov 2023 13:50:54 GMT
server
cloudflare
age
0
etag
W/"7374ff2fd42faae348c038b19797618bb469e43d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray
82a1c3489a6bbbbc-FRA
adagio.js
script.4dex.io/ 		77 KB
24 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:38 GMT
Content-Encoding
br
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
1377647
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 06 Nov 2023 14:13:08 GMT
Server
cloudflare
ETag
W/"ccc354615ffb5b4afd96268bab4a6502"
Vary
Origin, Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DtrE2jKxQsElvhghBCg3pgHdi1W1fV50SvfwncovdXmmWnf0SYn%2F7IsUR9xOo57sAR%2FtJWq6WCVajG%2FDuLF9UDuYHhWx%2FlvdO8duoa%2FpR8DTEpvXXKVcL3Garpu86bvau3S6hl54dRUu%2F59I"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
public, max-age=1800
CF-RAY
82a1c3484cc53a73-FRA
dye
track.kueezrtb.com/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:fpdrd&_=1700662298955
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c348aee18fc8-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:fpdrd&_=1700662298955
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c348aee48fc8-FRA
1468.json
id5-sync.com/g/v2/ 		251 B
534 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/1468.json
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533568.ip-162-19-138.eu
Software
/
Resource Hash
3b6ef414e305b2b8fa5587f3e8b4f39c25d58084e847d126e0c869c53e55e40b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
lgc
d9.flashtalking.com/ 		147 B
756 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/lgc
Requested by
Host: d9.flashtalking.com
URL: https://d9.flashtalking.com/d9core
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.19.59 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash
da5f2936b72b0ab18456bc90cd00419e1d738b264916c0f95b429ab0424b13a6

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 22 Nov 2023 14:11:38 GMT
Server
Apache/2.4.52 () OpenSSL/1.0.2k-fips
Access-Control-Allow-Methods
GET,POST,SERVER
P3P
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin
https://heroinvesting.com
Content-Type
application/json;charset=ISO-8859-1
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
147
1a
i.clean.gg/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
via
1.1 google
server
nginx/1.21.6
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
AGSKWxVITLzIl2a06FNIUOmnFMguxHNeiJJOBI6HgGL9EeoFUqaqQCVt49sFnPUjOr8kozFcPI73am1XWj70MosdcIyoaRx-0VCdB4p5lUR3zcJWdK70wO_HY4bCvRYQCto7IZb7T57OZA==
fundingchoicesmessages.google.com/f/ 		363 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVITLzIl2a06FNIUOmnFMguxHNeiJJOBI6HgGL9EeoFUqaqQCVt49sFnPUjOr8kozFcPI73am1XWj70MosdcIyoaRx-0VCdB4p5lUR3zcJWdK70wO_HY4bCvRYQCto7IZb7T57OZA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAwNjYyMjk5LDg3MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL2hlcm9pbnZlc3RpbmcuY29tLyIsbnVsbCxbWzgsIk50czVMdllJb2JrIl0sWzksImRlIl0sWzE5LCIxIl0sWzE3LCJbMF0iXV1d
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d1339fc385417cf3d3fd95cc850f728b7d81a86cfd679ba7e1fa388e527bddde
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-HK6zbe0DcNdwDkL7iPjPGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-HK6zbe0DcNdwDkL7iPjPGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
hbjson
grid.bidswitch.net/ 		23 B
367 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.159.189.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-189-64.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b8f8e874d2d21930d7ba36b1ff4553240659aadcdca2569a33c101f45059ba8c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 14:11:39 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
48
ortb
bid.contextweb.com/header/ 		0
781 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-mwpw4
prebid
mp.4dex.io/ 		60 B
398 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
x-err
Shapings: no adunits with size and seat and mapping
x-version
3.0.0-gcp-ams
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a1c34a59a718cd-FRA
expires
0
trinity.json
apex.go.sonobi.com/ 		200 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2286f86f55b99ab6%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2F&s=4420312f-c9a8-4604-817f-55a65ce7d74a&pv=a108153e-0a34-4ce7-b274-ccd4b78bae99&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%2288e81bea-080b-4414-9983-cc4cbfdfb87b%22%2C%22pcidDate%22%3A1700662299116%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%2239c2fe20-ac0c-422b-9f5d-4ee5f30abfe7%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2F%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22flashtalking.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22cb46278c198d4d17b5d1d2017e8f54df%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22HHID%22%3A%229aea874bb3e1443f8cafd75a64b21b34%22%2C%22DeviceID%22%3A%22cb46278c198d4d17b5d1d2017e8f54df%22%2C%22SingleDeviceID%22%3A%22cb46278c198d4d17b5d1d2017e8f54df%22%7D%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%2C%22pba%22%3A%22Ub7Z1Gn6qjD8K1Jo5qPwng%3D%3D%22%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2237a4e212-20a7-46ca-9f6c-b668db772c9f%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
23151a6b1b97939049be050503199713a14caecb1394f210b7f174653b0d32bc
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-57
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
181
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
6d61943a764a50b655df44349f7d0353d3cc6817084587a6f5d1915086a3002b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:38 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
89
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 14:11:39 GMT
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
hb-mm-multi
hb.minutemedia-prebid.com/ 		84 B
427 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.249.240.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
1863c8464bdd4851c79515d75aee81af471494224b1bb46fb905f9535b60912b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
server
istio-envoy
x-reason
maxmind anonymous
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
16
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
84
fastlane.json
fastlane.rubiconproject.com/a/api/ 		377 B
903 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=cb46278c198d4d17b5d1d2017e8f54df%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=37a4e212-20a7-46ca-9f6c-b668db772c9f%5E1&rf=https%3A%2F%2Fheroinvesting.com%2F&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2F&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=39c2fe20-ac0c-422b-9f5d-4ee5f30abfe7&l_pb_bid_id=1668134a0a608b9&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=d2a76580-5ac9-442a-ab64-bcabfcbc3a27&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.4278556324190772
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
7f11a9b7de1fe6187a3eb9e530eee65f768f4c8c502ae47b2ce8f7677cd72703

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
377
expires
Wed, 17 Sep 1975 21:32:10 GMT
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.227.4.68 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:39 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
unruly_prebid
targeting.unrulymedia.com/ 		0
165 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-56.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 14:11:39 GMT
hb
ssc.33across.com/api/v1/ 		66 B
322 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
d2aaaa9f16434cdbe007199ddd2cc7e7523a6e18b9cfe2311c7049368a2fe85e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
colossusssp.com/ 		2 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
209.192.253.44 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:39 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
bid
s.seedtag.com/c/hb/ 		11 B
380 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
11
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:39 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
v1
prg.smartadserver.com/prebid/ 		19 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.116 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
7a30c43952d4ef5a041bdb5dcdc006688a4801e9ca48245b60fede43a5fa4d59

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
hb-multi
hb.yellowblue.io/ 		84 B
427 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
9ad42d12d0273a0f8c363e7b2bd33f77f6bcbabbcbb06d6231032b0614a5c647

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
server
istio-envoy
x-reason
maxmind anonymous
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
72
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
84
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
140.82.40.19 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
140.82.40.19.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:39 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
prebid-request
onetag-sys.com/ 		15 B
414 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
pbjs
htlb.casalemedia.com/openrtb/ 		37 B
552 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab9d3d20fb5dcfc01c291c535840efd09ce43b7946f351d7ce5644f978c55060

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cOXtVaHxuyAK8mwWMblhF%2FI9cXU7NHCjOfPoNND%2FytWox2CcTpGejTJqNYoAtqwXDHlvOR361GQsZybjTkNnPDq8rVRJ7D%2BJc7HCle%2BTpU%2BeCsS6P%2BtCFcCcXZ6zQuF1Ycmd8Rl4"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a1c34a6d72bbb5-FRA
alt-svc
h3=":443"; ma=86400
content-length
37
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
634 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.142.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-142-98.compute-1.amazonaws.com
Software
/
Resource Hash
9fe6153fc5f786f1a0bf0846536b77f58340e4d9fdc55137185b2879ff9a46d8

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
/
prebid.dblks.net/openrtb/ 		158 B
421 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.178 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
a69912fe7e863fe41f1104eb1007d546d67d424db55b155fa3adf168516e96ea

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:28 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9e-9oUmpzTTez15n7T5TAvNHAuo6Z4"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
158
auction
tlx.3lift.com/header/ 		19 B
528 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2F&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.185.207.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-207-108.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
accept-ch
sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
imp
g2.gumgum.com/hbid/ 		360 B
619 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700662299141&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1__ayManagerEnv__1&ftrackId=cb46278c198d4d17b5d1d2017e8f54df&id5id=0&pubcid=37a4e212-20a7-46ca-9f6c-b668db772c9f&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com&ns=10240
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
142d2b05f9df369af3e1c069552ebf08e6c42da0dded470be7a75df0a3988f26

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
bid
ap.lijit.com/rtb/ 		24 B
404 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.6 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
3969182a1e46bc9c7b52a41d624d18ae25c72db59a031e847229771a252cd01f

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 14:11:39 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
c
prebid.a-mo.net/a/ 		0
356 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:38 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
server
envoy
vary
origin, Accept-Encoding
v1
btlr.sharethrough.com/universal/ 		0
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.176.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-176-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 14:11:39 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:br&_=1700662299122&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c349b8028fc8-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=8d223818a279f306&sid=a5803c1786c9213b&pvi=4b2972d035b0c5f0&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2F&furl=https%3A%2F%2Fheroinvesting.com%2F&sr=1600x1200&type=latest:br&_=1700662299122&bidder=kueezrtb&at=display&v=1
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:15e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a1c349b8058fc8-FRA
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&groups=1214
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:39 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
1a
i.clean.gg/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=utf-8
date
Wed, 22 Nov 2023 14:11:39 GMT
server
nginx/1.21.6
via
1.1 google
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 14:11:39 GMT
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202310231203/ 		264 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Oct 2023 16:04:16 GMT
server
cloudflare
x-amz-request-id
1A4EHPD39F41F6QA
age
1189799
etag
W/"866ce4ef9ef41c261f6060e4f642bb88"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
82a1c34a9e181989-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
GjOIvZG9k9tEvLHaTchQufVH9UuOlAv+bfBUOZrovMafl2oMDGasRZ1QEyF87q0qOWaKHZQaofQ=
css
fonts.googleapis.com/ 		69 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Google+Symbols|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx-VBI7cufk83j17-qyMs5NHKqYbA/m=web_iab_tcf_v2_wall_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4cb7ee295b14fe670ced1e8271273041990ca3d5af39accf8e960c227148eab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 22 Nov 2023 14:11:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 14:11:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 22 Nov 2023 14:11:39 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 03:53:37 GMT
x-content-type-options
nosniff
age
469082
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 16 Nov 2024 03:53:37 GMT
AGSKWxXcTY6lFr4wMzaBhXaIxYIoEX7IJnRFBHGxnpgij_Dc7ckw-3JXt1We0qjlaMD3LMm1HDT9umv550vZRioFyQM11X_h-q-vg2Sdcll-GDuRynJC9jJGgC-u3bLcU2w5Ffjr8gqJOA==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXcTY6lFr4wMzaBhXaIxYIoEX7IJnRFBHGxnpgij_Dc7ckw-3JXt1We0qjlaMD3LMm1HDT9umv550vZRioFyQM11X_h-q-vg2Sdcll-GDuRynJC9jJGgC-u3bLcU2w5Ffjr8gqJOA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/am=CAM/d=1/rs=AJlcJMyTmwD9vZzPw60_wPGGncvG1CmM1A/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce--Ijr5KSjFqu9BbAxkxyxlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
content-security-policy
script-src 'report-sample' 'nonce--Ijr5KSjFqu9BbAxkxyxlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
error
api.assertcom.de/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/error
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
65.21.238.88 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88.238.21.65.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:39 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Google+Symbols|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 18:16:19 GMT
x-content-type-options
nosniff
age
503720
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48432
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:40:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 15 Nov 2024 18:16:19 GMT
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1214
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:39 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
checksync.php
contextual.media.net/ Frame D42D 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9%2C508&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
99dc6efbb92e8a11bdaefa83dd1a518c6a015455f0c6ff5c6ef218a562755573
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8418
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 14:11:40 GMT
expires
Fri, 24 Nov 2023 14:11:40 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
sync
eb2.3lift.com/ Frame CCD4 		37 B
140 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:40 GMT
/
sync.cootlogix.com/api/sync/iframe/ Frame C34A 		109 B
422 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
143.244.158.175 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
GET, HEAD, OPTIONS, POST
access-control-allow-origin
*
content-length
109
content-type
text/html
date
Wed, 22 Nov 2023 14:11:40 GMT
p3p
CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
sync
cookies.nextmillmedia.com/ Frame 6201 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cookies.nextmillmedia.com/sync?type=iframe
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.39.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-39-43.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash
11c4d847faa1a75d75f0ce42414094da93d3fe370b3a245f32d47b67e49d53d2

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
1891
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
server
fasthttp
/
sync.kueezrtb.com/api/sync/iframe/ Frame 3E13 		109 B
422 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
143.244.158.175 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
GET, HEAD, OPTIONS, POST
access-control-allow-origin
*
content-length
109
content-type
text/html
date
Wed, 22 Nov 2023 14:11:40 GMT
p3p
CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
ixmatch.html
js-sec.indexww.com/um/ Frame E220 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.76 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
117
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
82a1c353e9b618c1-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 14:11:40 GMT
expires
Wed, 22 Nov 2023 18:11:40 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
/
onetag-sys.com/usync/ Frame C0BA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1700662299413
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
strict-transport-security
max-age=15552000
/
ssc-cms.33across.com/ps/ Frame D9EA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined&gpp=&gpp_sid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP011 /
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
server
33XP011
x-33x-status
2000208
/
s.0cf.io/ Frame 6492 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
MISS
cf-ray
82a1c354491af138-CDG
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVs27ctENLoHBmpFT8xgcG8D81nCfMMc85VsdYilzSVlI%2Bso%2FBM4J39BrwG5gTletlFs19IzpqMfoZ80wtKEic4r3d4cm1wnmZOd257zU2GEXYI7Cpu%2BJX4rRcn8cLntM9e70Nkwgg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
visitormatch
bh.contextweb.com/ Frame BC0C 		27 B
650 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bh.contextweb.com/visitormatch
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
content-type
text/html;charset=iso-8859-1
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
usync.html
eus.rubiconproject.com/ Frame 688B 		281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 14:11:40 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
isyn
prebid.a-mo.net/ Frame 729D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
date
Wed, 22 Nov 2023 14:11:40 GMT
server
envoy
vary
Accept-Encoding
x-envoy-upstream-service-time
1
iframe
sync.colossusssp.com/ Frame ACCA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.240.155.76 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/plain
Date
Wed, 22 Nov 2023 14:11:41 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
7318ffc0e8fa1d771446
aax-eu.amazon-adsystem.com/x/ 		47 B
47 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/x/7318ffc0e8fa1d771446
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.228.203 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:40 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
24359J6X0VT81R6XHCNZ
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
text/javascript;charset=UTF-8
Connection
keep-alive
Content-Length
47
sync
x.bidswitch.net/ 		43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=themediagrid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.103.174 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-103-174.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:40 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
9.gif
id5-sync.com/s/441/ 		43 B
920 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/s/441/9.gif?puid=&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533568.ip-162-19-138.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 14:11:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
usync.js
eus.rubiconproject.com/ Frame 688B 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:40 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=33924
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:37:04 GMT
setuid
pbs.nextmillmedia.com/ Frame 2854
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dappnexus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcookies.nextmillmedia.com%252Fsetuid%253Fbidder%253Dappnexus%2526nmuid%253D%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526u...
  • https://cookies.nextmillmedia.com/setuid?bidder=appnexus&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=1192107794460162654
  • https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1192107794460162654
86 B
395 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1192107794460162654
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.142.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-142-98.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=1192107794460162654
server
fasthttp
/
ssc-cms.33across.com/ps/ Frame 6B42 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP018 /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:40 GMT
server
33XP018
x-33x-status
2000208
prebid
rtb.openx.net/sync/ Frame 663C 		43 B
245 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
usermatch
ssum-sec.casalemedia.com/ Frame B099
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_pri...
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=19...
2 KB
860 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59fb56f748a7652ca6301d3ee2b22d8c097580e8a79b6aab4c085c56df265df8

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a1c3560c94bbb5-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4Ra%2FN4DLCXiF4BA4S%2BR0EBEO%2BKENUhh3WNP49cSfUqQ7Aqn1qCuSZl64j%2BpEPLQM89XJrM5zbePv%2FiXy77sx0rJtYkXoC18665nMJ0aK%2FMwnAbmRKQ6GzmqiYpk0C2WbA9aqaDW31AiDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a1c355ec5ebbb5-FRA
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39f87a7ZtCvRFCiV4r6JIQWgLkMDRxNQH2luxQZSUqG0dhlIpdMFXjCX8qPrWtJg%2BQH8eEigDezQpB44kirLzdbdEoSN6iIeahhrltn9ZtIYq5cT5zSgS9v7Jbq%2BaGecRAa2RhE8CIHHJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame A09A
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid=
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 14:11:41 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
server
AkamaiGHost
setuid
cookies.nextmillmedia.com/ Frame 0C68
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.39.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-39-43.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
server
fasthttp

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 14:11:40 GMT
location
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
server
envoy
x-envoy-upstream-service-time
0
ImgSync
image8.pubmatic.com/AdServer/ Frame 4111 		0
42 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.18 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 14:11:40 GMT
setuid
pbs.nextmillmedia.com/ Frame 2460
Redirect Chain
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%...
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=9027f31f-3654-4177-9b18-c0e55f187585&gdpr_consent=null&gdpr=null
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=9027f31f-3654-4177-9b18-c0e55f187585
86 B
413 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=9027f31f-3654-4177-9b18-c0e55f187585
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.194.142.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-142-98.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=9027f31f-3654-4177-9b18-c0e55f187585
server
fasthttp
usync.js
eus.rubiconproject.com/ Frame A09A 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=33923
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:37:04 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame B099
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZV4MHSm9YlAbp0b96qvcwQAAFD0AAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEWcbghJJ1d3qKFQ5PbIF68&google_cver=1
43 B
767 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEWcbghJJ1d3qKFQ5PbIF68&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xSWg4hc3hTfCAfnOo9D8Ms458fzKDlsxIto1gEKk08tgv4pf166Aekt9RMKO21Qc%2BmABYZLx8z%2FV5igFE%2FtUvQI3f2g7tGKgVGNS67G4ylz%2FHCby0SjBdKmiiCDmnJSjMoJWY6bPCkcI2g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a1c356dc404d64-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEWcbghJJ1d3qKFQ5PbIF68&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame B099
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZV4MHSm9YlAbp0b96qvcwQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKTbCY6jK6CFcG-9llMswYI&google_cver=1
43 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKTbCY6jK6CFcG-9llMswYI&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8BiUYtyOXeWDqe%2FJOOfr%2BWZy7dHe%2FNF5KplEaV8QKHbGJ0BNQKpNGxUuslEf64n3EZ7oU1yNemP%2FSr4SASF8T7TO1IlOt7Ke6Z%2BeRmfG23Hm6WH4W8gP9fg52M%2BjtXpb1lyaY8LYfOeing%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a1c356dc424d64-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEKTbCY6jK6CFcG-9llMswYI&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
501709.gif
idsync.rlcdn.com/ Frame B099
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZV4MHSm9YlAbp0b96qvcwQAA%265181&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZV4MHSm9YlAbp0b96qvcwQAA%265181&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=d443929f8241426595b731615e223b6f
  • https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=d443929f-8241-4265-95b7-31615e223b6f
  • https://p.rfihub.com/cm?pub=39342&in=1&userid=72cdd2bb-a4a1-4098-a5d7-084943d6464c%3A1700662301.9603922&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D72cdd2bb-a4a1-4098-a5d7-084943d...
  • https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5134455422342951920&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3D72cdd2bb-a4a1-4098-a5...
  • https://idsync.rlcdn.com/501709.gif?partner_uid=72cdd2bb-a4a1-4098-a5d7-084943d6464c%3A1700662301.9603922&_=1700662301.977418
0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/501709.gif?partner_uid=72cdd2bb-a4a1-4098-a5d7-084943d6464c%3A1700662301.9603922&_=1700662301.977418
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:42 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0

Redirect headers

date
Wed, 22 Nov 2023 14:11:42 GMT
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
server
lighttpd/1.4.69
x-amz-cf-pop
MUC50-C1
vary
Cookie
x-cache
Miss from cloudfront
content-type
text/html; charset=utf-8
location
https://idsync.rlcdn.com/501709.gif?partner_uid=72cdd2bb-a4a1-4098-a5d7-084943d6464c%3A1700662301.9603922&_=1700662301.977418
content-length
445
x-amz-cf-id
VfqrxbwxLcey_O0Zs2n1Ch-ip4LQwsPbhQ5xLA3xzyhKOpAxicBvHw==
casale
match.adsrvr.org/track/cmf/ Frame B099 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
ssbsync.smartadserver.com/api/ Frame B099 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=82&gdpr=$%7bGDPR%7d&gdpr_consent=$%7bGDPR_CONSENT%7d
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.150 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-length
0
crum
dsum-sec.casalemedia.com/ Frame B099
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181&tc=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181&tc=1
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181&tc=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZID3EBk8cVTlijel%2BsP95KnA73FrrXmZJgsTHYEEXpS7X4URiFOXHgEIDD2QuL6OUhCd1NgsxqCKv6OnnLoXR1R22GBjHFXieFf3Jre1JBT01uq3ZLD89FyjLeISXcm85plBjb3QEbHnw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a1c356ec4f4d64-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4MHSm9YlAbp0b96qvcwQAA%265181&tc=1
pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT, Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
rum
dsum.casalemedia.com/ Frame B099
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700748701
43 B
328 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700748701
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ycu9ulK9KU1dwgg6N7dRqW1qWtmLdO0kLWaNzC%2BniSE%2FQOvIRGe6lC025PRm6tj%2BEDuAwd1dTLEnTicJY5%2F5ZHtJj6Buw0yBCBuC6ytVaiYAFHNiXWujR4bwwTSm2qZVB9tPymcP"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a1c3576e55bbb5-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1700748701
pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
ZV4MHSm9YlAbp0b96qvcwQAAFD0AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame B099 		43 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZV4MHSm9YlAbp0b96qvcwQAAFD0AAAAB?gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:b34:3da1:cf11:a756 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
setuid
pbs.nextmillmedia.com/ Frame B099
Redirect Chain
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZV4MHSm9YlAbp0b96qvcwQAA%265181
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4MHSm9YlAbp0b96qvcwQAA&5181
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4MHSm9YlAbp0b96qvcwQAA&5181
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
44.194.142.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-194-142-98.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
text/html
pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
vary
Origin
expires
0

Redirect headers

location
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4MHSm9YlAbp0b96qvcwQAA&5181
date
Wed, 22 Nov 2023 14:11:41 GMT
server
fasthttp
content-length
0
getuidj
ib.adnxs.com/ Frame 6492
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
696 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4fdcc7f8c4b48e047fc515e0fc1a5f0808d853a544a6a051fcfaa3b02edca250
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
4693c6f6-01aa-4d78-ad28-7f5d1ec1aafa
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
0bdedcaf-a750-47e7-bbf6-1a98681747bf
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
s.0cf.io/ Frame 56D0
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3579c3265a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=siMweV7nkGMKoplzd092MUGL%2BbFBSsHj%2FeCUGirIL%2FYYYNt%2B9QILjqH39uz0t5sjHNMwjCfSI15xjBYq4p3KYcfAAlS%2BlnJIZ4NPXDmcyb3dOzwzoqDanUaWY8Wb1hsMuBBf8zDTwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=76&uid=896330134250540384609
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
getuids
prebid-server.rubiconproject.com/ Frame 6492 		43 B
347 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
f6039cf2d98ffcd26a23c5b1b2f49961066dab363764d0ae7dbe25b4f3a7c2ed

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
69
Expires
0
rid
match.adsrvr.org/track/ Frame 6492 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
86e6be34c0461c52274e8532eeb809500e6d440459158dc063e72624f2b15803

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 14:11:41 GMT
connectmyusers.php
cdn.connectad.io/ Frame FFF4 		1 KB
855 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1639
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a1c3579a4f929f-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
last-modified
Wed, 22 Nov 2023 13:44:22 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame 8682 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame A09E 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
69f43a3f845b6434390b51d72bee28c3a0ca2f5eea2f4af954ec9a2b37d730c0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
etag
W/"0cc4c397447de2e67afe4e0d4f6890927"
server
nginx
timing-allow-origin
*
/
s.0cf.io/ Frame 88D5
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D74%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3579c3465a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2FDiyWLL%2BFh0%2FqG0kUCvDwy%2FLCqffRIewS7We%2FALpMGDgO4sGeQMFsLH3RNRMx94yxbX%2F1SnwJwGkvxcPtd%2Fnsf58p8M5tXhXIJl5oQ62ADqKMgANjcC2s9ZhZ5XOZ6svoBFJNMWUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a1c3574e31bbb5-FRA
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=74&uid=ZV4MHSm9YlAbp0b96qvcwQAA%265181
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7GPDEaVmKG5Rz2hBUDHYR7Gs1kmLsqqsczAs09yyDDkd8wXWSGRq2ONbFWjA8JcTxktq8ieUcfv0u1GzdisxrctQOzn33U1V%2FUxqXbJpglzJ18DIcqBB%2F6JZCnYmbogWfvNSpcfG"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
prebid
rtb.openx.net/sync/ Frame 2C18 		43 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame ECC5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.6 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 14:11:41 GMT
X-Sovrn-Pod
ad_ap2ams1
us.gif
sync.go.sonobi.com/ Frame 9579 		49 B
443 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-57
x-xss-protection
0
/
s.0cf.io/ Frame 70EC
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700662301479
  • https://ad.turn.com/r/cs?pid=45&rndcb=6643566881
  • https://sync.1rx.io/usersync/turn/4168599253139101563?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5082
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c35d4a9965a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:42 GMT
expires
Wed, 22 Nov 2023 14:41:42 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FL5rIPpqJX%2FqUvL5beHk0NFgXrD0e1pntvGvmWa%2B%2B704KK0BnSO9Or9bi%2BDuJM5xgcQNxW3eO8pvEZ0dbXCWUFyKMtR02H5aKLSM9NpzUFe0BU1yxyKEDHBiRo63MgPzcz5E%2BjaevQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html
date
Wed, 22 Nov 2023 14:11:42 GMT
etag
RXff137ec2b6d8490c9f1621217695c603003
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=22&uid=RX-ff137ec2-b6d8-490c-9f16-21217695c603-003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
occ
ups.analytics.yahoo.com/ups/58448/ Frame 9E12 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=43a87d7e3603b5177%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 14:11:41 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
/
s.0cf.io/ Frame FAC0
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D81%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3576bea65a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oyevUknG2%2BvtQnW21OWf%2BYI%2FsaMrxNrhOo%2Fu27DJ2DiZupwXQzUtbvTXS%2FxtoXo3ehuTVM%2BTHXlBWVa8fSkjiEAYySytW%2BW8%2BFdvGj%2Bg5hY49QcMpH9xfZ6TJdjSIGaaZnb%2Bq3lZow%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=81&uid=?gdpr=0&gdpr_consent=0
server
envoy
x-envoy-upstream-service-time
1
/
onetag-sys.com/usync/ Frame 671D 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame 6492 		9 B
291 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.251.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame 3148 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP016 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:40 GMT
server
33XP016
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame 807E 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.18 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 14:11:40 GMT
/
s.0cf.io/ Frame 3C81
Redirect Chain
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D21%26uid%3D%25%25VGUID%25%25
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3579c3565a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpasrDTdSJoVFKC37bRfPGEtw1DKzC9crRPYX1CCofksF%2BXcjowL7Jss%2BNPPRSrUsZ%2FNlnmzBvlVz0s0YXT85xG3iACQCaUe9LXMBz85IBPQ3ydgqVyqHdt49flJE6yn3FqeqxlsXw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=21&uid=kL7zWeN9luuQ&ev=1&pid=561205
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
v1
match.sharethrough.com/universal/ Frame 7D98 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.212.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-212-171.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
/
s.0cf.io/ Frame 0D49
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D82%26uid%3D%5Bssb_s...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3589d6c65a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kyEG%2FwiwVdRZFcSTCoTHWInM8l9pews%2Bc5amTbe1KhIbwOl6P6iWBUWV3nkBOAXo6FiZKSwV9pBdPtm1EQ6rJ0ypPrxABydNIfdcfClKrGAIvCURr0DVgLsNO2su9PKxmeuIUJYY3w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=82&uid=2832770561346401217
/
s.0cf.io/ps/ Frame 92CE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=43a87d7e3603b51&dbid=43a87d7e3603b51
  • https://s.0cf.io/ps/?dbid=43a87d7e3603b51
2 B
485 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
MISS
cf-ray
82a1c3579c3865a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gmoZHqJ503aZmcGzILhDjuuqsB2jDQU5GyWCAhAujX5y1tjQzARunQ6or6xm2Iqu10zA9TEzAmQe65MwsM%2FEktPhtHqhqxkcMbHHyJkbjH9h%2FNPX05zAy9%2B2r17ipGKI3B0E7Ax1zg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
315
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=43a87d7e3603b51#ps=true&id=666&uid=CAESEH_j2hHK_OhexnsOofdZAHw&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
/
s.0cf.io/ Frame F6C4
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D61%26uid%3D%5BMM_UUID%5D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c357ec9265a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DR8dJx8yjjCBZ%2BvMht6ODXPa91M%2F1PXMyBVgaNY449IJ3YyQR%2BtDqfT3O5Ga27MOjbMrQt%2B8%2BcF3B7Oeb7X4kCtX%2FjodAB%2B7GWKC3QaaYQabMzivnQxWlOr2T3DvgWiL%2FmC61qIglw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:41 GMT
Expires
Wed, 22 Nov 2023 14:11:40 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 1143 599e619 master zrh zrh-pixel-x24 config_version:"941"
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=61&uid=3812655e-0c1e-4b00-8454-34e3d0f7f4a6&gdpr=0&gdpr_consent=0
/
s.0cf.io/ Frame 9754
Redirect Chain
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c35abfa065a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wxyEHlHJyGaSm3Xq54uK6BbW0s%2BbfGCetK9PfUbFAlq1YVJity%2BGkLDg8qunx%2Bz7RY003pces5SlLCCkoYl%2FHIwKmBoph7%2BM3k4BnlIr09eugR30q0Gwm7SxAI52g9Imboyi4rCy3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
154
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:11:41 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=88&uid=0000EEA
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
pragma
no-cache
server
Apache
strict-transport-security
max-age=86400 ; includeSubDomains max-age=604800
x-mnet-hl2
E
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
f5d74bbd-0022-4808-87f2-6107da913dc6
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=
  • https://usersync.gumgum.com/usersync?b=bsw&i=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&us_privacy=
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=bsw&i=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&us_privacy=
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
//usersync.gumgum.com/usersync?b=bsw&i=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&us_privacy=
date
Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Date
Wed, 22 Nov 2023 14:11:41 GMT
Connection
keep-alive
Content-Length
124
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame A09E 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:b34:3da1:cf11:a756 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=7347db8f-0964-409e-a781-87e077117861
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=7347db8f-0964-409e-a781-87e077117861
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=7347db8f-0964-409e-a781-87e077117861
Date
Wed, 22 Nov 2023 14:11:41 GMT
Connection
keep-alive
X-CI-RTID
95ac6b43-6f2e-42ce-a79f-832c72991deb
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame A09E 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.18.47.7 Miami, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:40 GMT
content-length
0
server
b
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=wQSD8DEYqcMs&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=wQSD8DEYqcMs&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=wQSD8DEYqcMs&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
usersync
usersync.gumgum.com/ Frame A09E
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=3414619779619386313
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=3414619779619386313
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=3414619779619386313
date
Wed, 22 Nov 2023 14:11:40 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 48B0
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame DCD3 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84OTRhY2M5NC0xZmE3LTQzNWUtOTY5YS0zMGVkZTliMGQ5YmQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0536 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.213.164.238 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-164-238.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=103453
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Thu, 23 Nov 2023 18:55:54 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 20E9 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame E989
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5ucAAKQA06YAAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5ucAAKQA06YAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 14:11:42 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5ucAAKQA06YAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
2
X-SO-Cluster-ID
0
X-SO-HostName
m-ad422.dc4p.scaleout.jp
X-SO-IP
81.95.5.37
X-SO-Key
ZV4MHsCo5ucAAKQA06YAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4MHsCo5ucAAKQA06YAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad422"}
X-SO-LB-Hostname
a-tgng40016.dc2p.scaleout.jp
X-SO-Upstream-ID
m-ad422
usersync
usersync.gumgum.com/ Frame CCC8
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:41 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT Wed, 22 Nov 2023 14:11:41 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame 998A
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 14:11:41 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
/
s.0cf.io/ Frame 4FC3 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c357cc6865a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQfdvFKvAKtmzjeio8ipBDCWl%2BNoFTNDv6dsBvNgrz0HXtdbVt%2FoMnQo3SLurup9eol6fN49Mt10PmIHW0AOlsFDa6PwVjblSryyP4CWyZAI0YkJtjlBoNIDXX9GzBwd1i%2F86pkqwA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
khaos.json
token.rubiconproject.com/ Frame 688B 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
cc9654c54e9aa67bf2b10be1073297a8
Expires
0
getuidj
ib.adnxs.com/ Frame FAC0
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
696 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4fdcc7f8c4b48e047fc515e0fc1a5f0808d853a544a6a051fcfaa3b02edca250
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
49325bb3-a9bf-4abc-9e23-175344a7875f
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
6f9ce4fa-b97d-4247-bece-e40144be910f
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
s.0cf.io/ Frame B22E
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3582cd365a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4koivanbVJze%2BU%2BkvjfAA7NkXUFyNsY85MENMgloBck%2FBzkb6qaPStd%2Fbi1vT8TUEQbVTA0FqDSYoq27IVvu2SEPeE0E5ObvCLt%2Fvn%2BuTJQfw8HUr%2FSERqpJrNTQDEUBNb8QAERjAg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=76&uid=896330134250540384609
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
getuids
prebid-server.rubiconproject.com/ Frame FAC0 		43 B
347 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
f6039cf2d98ffcd26a23c5b1b2f49961066dab363764d0ae7dbe25b4f3a7c2ed

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
69
Expires
0
rid
match.adsrvr.org/track/ Frame FAC0 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
86e6be34c0461c52274e8532eeb809500e6d440459158dc063e72624f2b15803

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 14:11:41 GMT
connectmyusers.php
cdn.connectad.io/ Frame 19BE 		1 KB
706 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1639
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a1c357ea82929f-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
last-modified
Wed, 22 Nov 2023 13:44:22 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame E870 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame 929D 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
69f43a3f845b6434390b51d72bee28c3a0ca2f5eea2f4af954ec9a2b37d730c0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
etag
W/"0cc4c397447de2e67afe4e0d4f6890927"
server
nginx
timing-allow-origin
*
/
s.0cf.io/ Frame 4EEF
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D74%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3583ce265a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2Fq3%2FMm6v56ir2iAVfzKru0gXbyuHzIEoX8%2Bz5%2BXU75a0qqDWIEkgOvoRfPHnV2WUH0m%2BDh%2B%2FUZFXMOhm9xLPCVErjZOeqSbPCupM9EBtZMMludX4xjujiU%2FyLqe%2BfX0awfLBJAsMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a1c357fdbd4d64-FRA
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=74&uid=ZV4MHSm9YlAbp0b96qvcwQAA%265181
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SeFETealJYOl0avd5fHV7HdMq2eR4QPiRzkFYgBQEVsmPxFA2I9%2Bv0sD8LmP7iW5EegZh%2F9qvbk2Ic64ZWbpMl0BDHnhuDwUEICDxkme6XeofjtuTLQebeDRBmYh3To1rMu3l7%2Bu"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
prebid
rtb.openx.net/sync/ Frame E395 		43 B
58 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame D8D7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.6 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 14:11:41 GMT
X-Sovrn-Pod
ad_ap2ams1
us.gif
sync.go.sonobi.com/ Frame BB3C 		49 B
442 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-57
x-xss-protection
0
/
s.0cf.io/ Frame 2661
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700662301478
  • https://ad.turn.com/r/cs?pid=45&rndcb=8695355592
  • https://sync.1rx.io/usersync/turn/4240656847177029499?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5082
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c35d4a9d65a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:42 GMT
expires
Wed, 22 Nov 2023 14:41:42 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvL5vdisX9H9TevUarQ4YFC5OC2vOpyQJ9hFN%2F2kApRGH7rOabf15floipqXRwC2L1ewg60JIcu5FN5ojNLK3D6oQ9p2YY9jFHEdBqc%2BixycxaZTZKN5PS1%2BlKHmCHsmPjN5v3iGmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html
date
Wed, 22 Nov 2023 14:11:42 GMT
etag
RXff137ec2b6d8490c9f1621217695c603003
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=22&uid=RX-ff137ec2-b6d8-490c-9f16-21217695c603-003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
occ
ups.analytics.yahoo.com/ups/58448/ Frame 33AE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=43a87d7e3603b5177%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 14:11:41 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
/
s.0cf.io/ Frame C15E
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D81%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3584d1165a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2X3Fqyt0tC2weocOy0PUDKigBJu6b6OkDwgExmZSGDWGsKHpZK9z5G9lJDT5V0GpiIewcUmGtaxmvrBWOEhhsMzC9OhPONE5ms0S0tE0A%2FKHveC6tl%2FBQgV1BrZl%2BeBAC%2FyICq9wvw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=81&uid=?gdpr=0&gdpr_consent=0
server
envoy
x-envoy-upstream-service-time
1
/
onetag-sys.com/usync/ Frame 5BDF 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame FAC0 		9 B
290 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.251.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame B123 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP008 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
server
33XP008
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame 57EE 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.18 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 14:11:40 GMT
/
s.0cf.io/ Frame BE5A
Redirect Chain
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D21%26uid%3D%25%25VGUID%25%25
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3584d1465a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQHvA2eEpmpw7jMVSYY4YB83tolS704jeGlvRcQqbjlqS8hJ%2FXvpUHCkVHf19FVSLHpHyv23lfH0nkBZ3IXPuTFQ5wnroNSypWsjivTNpoEicB08QUWLKmFrVFhT42CpD0mhhJYuKA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=21&uid=RSK4Y3qADv0z&ev=1&pid=561205
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
v1
match.sharethrough.com/universal/ Frame EA4F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.212.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-212-171.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
/
s.0cf.io/ Frame 54CB
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D82%26uid%3D%5Bssb_s...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3589d6d65a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bA2jD8Oxu7XFsea3MtspFQhd%2FZjFwXKLTuE8UGYeADUqa9QlGc7qwOcVJAxgAXNMVpYRpJoZP%2BPddCEOE7WXMFkDh3m5Vk1TCLhDrmt9UgiwrlqKqezjOTDTo%2BKm9rex%2FCTXpMj3gQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 14:11:40 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=82&uid=3414619779619386313
/
s.0cf.io/ps/ Frame 191C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=43a87d7e3603b51&dbid=43a87d7e3603b51
  • https://s.0cf.io/ps/?dbid=43a87d7e3603b51
2 B
492 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3586d2f65a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zms7K%2F4Z0fVOtjixQSQGqRUCdZBV%2Fc9NwLTt7qleCeXsm6a%2F9ZI1YyB5wOnNmBHIXbIotJfg3tLlIIVNsXdxTSPbI%2FwlvUF93%2F3NnA6FOt8dx%2BgxXWfTqsU%2FHQtrUGdlkYg0cbkYsw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
315
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=43a87d7e3603b51#ps=true&id=666&uid=CAESEH_j2hHK_OhexnsOofdZAHw&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
/
s.0cf.io/ Frame 9F2E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D61%26uid%3D%5BMM_UUID%5D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c3584d1665a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iJ8THZN84JqISV%2BON874Efgigdcud%2BmVfje64wdaUP%2BPFs67M4CL9eZRYks5flo%2B1DN%2Fh8iERsjhwhUyb%2BvaLvWev2Fa81HnzsIV6mjXr3%2B2X2sUkMApzC4jlFfBdZQkOLYU450hfw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:41 GMT
Expires
Wed, 22 Nov 2023 14:11:40 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 1143 599e619 master zrh zrh-pixel-x13 config_version:"941"
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=61&uid=3812655e-0c1e-4b00-8454-34e3d0f7f4a6&gdpr=0&gdpr_consent=0
/
s.0cf.io/ Frame A437
Redirect Chain
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c35abfa965a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tJIcjOlBw8%2FcvTYfgAQwhdeD6dbLUwure0h%2FX%2FWp9r3DuHZNW%2FhAMSY5I78HG5yLiV9rcQWVaXtudyMxHMm8IBFs5cAkf9Vgv3mr4U7j2t9aszxc1xq9ug3MBe8ChHrpqspkahOdyw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
154
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:11:41 GMT
location
https://s.0cf.io/#ps=true&dbid=43a87d7e3603b51&id=88&uid=0000EEA
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
pragma
no-cache
server
Apache
strict-transport-security
max-age=86400 ; includeSubDomains max-age=604800
x-mnet-hl2
E
usync.js
eus.rubiconproject.com/ Frame 998A 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=33923
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:37:04 GMT
usersync
usersync.gumgum.com/ Frame 929D
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
f172b5ad-d0cf-4c31-931d-db215382c383
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame 929D
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=
  • https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_user_id=${BSW_USER_UD}&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&gdpr_pd=&us_privacy=
  • https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Server
54.93.103.174 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-103-174.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
date
Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame 929D
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame 929D
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Date
Wed, 22 Nov 2023 14:11:41 GMT
Connection
keep-alive
Content-Length
124
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 929D 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:b34:3da1:cf11:a756 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame 929D
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=b5716afa-1eff-4e2c-bc22-cee9d7c7cd3b
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=b5716afa-1eff-4e2c-bc22-cee9d7c7cd3b
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=b5716afa-1eff-4e2c-bc22-cee9d7c7cd3b
Date
Wed, 22 Nov 2023 14:11:41 GMT
Connection
keep-alive
X-CI-RTID
bab842b3-c4c0-471d-8506-b93ce2ea80b7
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame 929D 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.18.47.7 Miami, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-length
0
server
b
usersync
usersync.gumgum.com/ Frame 929D
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame 929D
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=aZOyjDpvZSoz&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=aZOyjDpvZSoz&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=aZOyjDpvZSoz&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
usersync
usersync.gumgum.com/ Frame 929D
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
date
Wed, 22 Nov 2023 14:11:40 GMT
content-length
0
1
sync-eu.connectad.io/syncer/ Frame 05AB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://cdn.connectad.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
82a1c358aaef929f-FRA
date
Wed, 22 Nov 2023 14:11:41 GMT
server
cloudflare
usersync
rtb.gumgum.com/ Frame A918
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame EF10 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84OTRhY2M5NC0xZmE3LTQzNWUtOTY5YS0zMGVkZTliMGQ5YmQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 20B2 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.213.164.238 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-164-238.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=103453
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Thu, 23 Nov 2023 18:55:54 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 75DD 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame 73F4
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAivJAMAAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAivJAMAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 14:11:42 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAivJAMAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
6
X-SO-Cluster-ID
0
X-SO-HostName
a-ad40145.dc2p.scaleout.jp
X-SO-IP
81.95.5.37
X-SO-Key
ZV4MHsCo5r8AAAivJAMAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4MHsCo5r8AAAivJAMAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40145"}
X-SO-LB-Hostname
a-tgng40001.dc2p.scaleout.jp
X-SO-Upstream-ID
a-ad40145
usersync
usersync.gumgum.com/ Frame A54C
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:41 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT Wed, 22 Nov 2023 14:11:41 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame C9C5
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 14:11:41 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
/
s.0cf.io/ Frame 2A4E 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5081
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c358cd9665a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OiuZgqMjTSyZRh0XtTJmfHijd4Ls9i0qFXLhZ%2F4RLWFG2ks1334KVEdO%2FJEUFm6f6y949elU8nNUr%2FiktWde370HV%2F0uFUCzXJUjfAlXq3ho23ngHYuXT97FHNariI0AeWylXbVdGw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
usync.js
eus.rubiconproject.com/ Frame C9C5 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=33923
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:37:04 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 0536 		0
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=656942&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-length
0
khaos.json
token.rubiconproject.com/ Frame A09A 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
cc9654c54e9aa67bf2b10be1073297a8
Expires
0
getuidj
ib.adnxs.com/ Frame C15E
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
696 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4fdcc7f8c4b48e047fc515e0fc1a5f0808d853a544a6a051fcfaa3b02edca250
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
3356a78e-0995-4c67-a43e-22b04127fab3
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
fa5c713a-3460-4ef4-b31b-0e0916941154
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
getuid
eb2.3lift.com/ Frame F02F 		0
0
getuids
prebid-server.rubiconproject.com/ Frame C15E 		43 B
347 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
f6039cf2d98ffcd26a23c5b1b2f49961066dab363764d0ae7dbe25b4f3a7c2ed

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
69
Expires
0
rid
match.adsrvr.org/track/ Frame C15E 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
86e6be34c0461c52274e8532eeb809500e6d440459158dc063e72624f2b15803

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 14:11:41 GMT
connectmyusers.php
cdn.connectad.io/ Frame 725C 		1 KB
867 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2956
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a1c359fa509b76-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
last-modified
Wed, 22 Nov 2023 13:22:25 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame 5CF8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame DC6F 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
69f43a3f845b6434390b51d72bee28c3a0ca2f5eea2f4af954ec9a2b37d730c0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
etag
W/"0cc4c397447de2e67afe4e0d4f6890927"
server
nginx
timing-allow-origin
*
usermatchredir
ssum.casalemedia.com/ Frame 1488 		0
0
prebid
rtb.openx.net/sync/ Frame CCD5 		43 B
58 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame 4A0C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.6 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 14:11:41 GMT
X-Sovrn-Pod
ad_ap2ams1
us.gif
sync.go.sonobi.com/ Frame 95D9 		49 B
367 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.67 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-57
x-xss-protection
0
RX-ff137ec2-b6d8-490c-9f16-21217695c603-003
sync.targeting.unrulymedia.com/csync/ Frame 3B45
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://ad.turn.com/r/cs?pid=45&rndcb=5091847746
  • https://sync.1rx.io/usersync/turn/4096541659101173627?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c...
0
0
occ
ups.analytics.yahoo.com/ups/58448/ Frame 176B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=43a87d7e3603b5177%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 14:11:41 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
0
prebid.a-mo.net/cchain/ Frame 32CB 		0
0
/
onetag-sys.com/usync/ Frame B607 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame C15E 		9 B
290 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.251.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame 69AE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP001 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
server
33XP001
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame F7B9 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.47.127.18 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 14:11:40 GMT
rtset
bh.contextweb.com/ Frame 1171 		0
0
v1
match.sharethrough.com/universal/ Frame F5C9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.212.171 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-212-171.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
sync
ssbsync-global.smartadserver.com/api/ Frame 96B8 		0
0
/
s.0cf.io/ps/ Frame 718C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=43a87d7e3603b51&dbid=43a87d7e3603b51
  • https://s.0cf.io/ps/?dbid=43a87d7e3603b51
2 B
484 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=43a87d7e3603b51
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8f15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a1c35a5f3c65a2-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Wed, 22 Nov 2023 14:41:41 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zwKeTGTFYW8zzoTzN8cBvgwOrY2dFWJd0rDExjmeszGSPbSEWCfrqAAcKe5eSKEAe0DsNixJlcOxAjxjfGOKBIHV02HPeqofn7t1PxfAVsOFf8HXK6ThG5i%2FLuOhIQ6uloWGfX%2FdhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
315
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=43a87d7e3603b51#ps=true&id=666&uid=CAESEH_j2hHK_OhexnsOofdZAHw&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
img
sync.mathtag.com/sync/ Frame 9744 		0
0
cksync.php
hbx.media.net/ Frame FD7C 		0
0
usersync
usersync.gumgum.com/ Frame DC6F
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 14:11:41 GMT
an-x-request-uuid
920a581f-3de4-4158-9903-072a6b7c6dd3
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=1192107794460162654
x-proxy-origin
81.95.5.37; 81.95.5.37; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame DC6F
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=
  • https://u.ipw.metadsp.co.uk/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_user_id=${BSW_USER_UD}&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18&gdpr=0&gdpr_consent=0&gdpr_pd=&us_privacy=
  • https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Server
54.93.103.174 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-103-174.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
https://x.bidswitch.net/sync?dsp_id=339&expires=14&gdpr=1&gdpr_consent=0&user_group=0&user_id=&ssp=gumgum2&bsw_param=e6553a18-143e-451b-8847-95c5cfa61f18
date
Wed, 22 Nov 2023 14:11:41 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame DC6F
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=c39cbf65-3eab-4cdd-b99f-2de0f8da8883&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame DC6F
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4$ip$81.95.5.37
Date
Wed, 22 Nov 2023 14:11:41 GMT
Connection
keep-alive
Content-Length
124
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame DC6F 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:b34:3da1:cf11:a756 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame DC6F
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=7442f637-0040-45b5-aac8-5b980006dd58
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=7442f637-0040-45b5-aac8-5b980006dd58
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=7442f637-0040-45b5-aac8-5b980006dd58
Date
Wed, 22 Nov 2023 14:11:41 GMT
Connection
keep-alive
X-CI-RTID
061f17b7-76d7-4e3c-91ee-0420430873ba
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame DC6F 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.18.47.7 Miami, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 14:11:41 GMT
content-length
0
server
b
usersync
usersync.gumgum.com/ Frame DC6F
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_894acc94-1fa7-435e-969a-30ede9b0d9bd&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame DC6F
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=y4VsBVR2D7EY&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=y4VsBVR2D7EY&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=y4VsBVR2D7EY&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
usersync
usersync.gumgum.com/ Frame DC6F
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 14:11:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=2832770561346401217
date
Wed, 22 Nov 2023 14:11:41 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 23F6
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.168.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-168-98.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=2795206951161514148&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame 0B70 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84OTRhY2M5NC0xZmE3LTQzNWUtOTY5YS0zMGVkZTliMGQ5YmQ=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C7CC 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.213.164.238 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-213-164-238.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=103453
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 14:11:41 GMT
expires
Thu, 23 Nov 2023 18:55:54 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame C2FA 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 14:11:41 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame 0AFA
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAiqA9UAAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAiqA9UAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 14:11:42 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4MHsCo5r8AAAiqA9UAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
2
X-SO-Cluster-ID
0
X-SO-HostName
m-ad222.dc4p.scaleout.jp
X-SO-IP
81.95.5.37
X-SO-Key
ZV4MHsCo5r8AAAiqA9UAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4MHsCo5r8AAAiqA9UAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad222"}
X-SO-LB-Hostname
a-tgng40001.dc2p.scaleout.jp
X-SO-Upstream-ID
m-ad222
usersync
usersync.gumgum.com/ Frame 8233
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 14:11:41 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT Wed, 22 Nov 2023 14:11:41 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=3NxIgVYnSuZ6hJWRVymzznuhTtfHGDc7YYDCsfTclJw&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame 87D2
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 14:11:41 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 14:11:41 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usync.js
eus.rubiconproject.com/ Frame 87D2 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.251 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-251.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 14:11:42 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=33922
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:37:04 GMT
khaos.json
token.rubiconproject.com/ Frame 998A 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
cc9654c54e9aa67bf2b10be1073297a8
Expires
0
khaos.json
token.rubiconproject.com/ Frame C9C5 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
cc9654c54e9aa67bf2b10be1073297a8
Expires
0
khaos.json
token.rubiconproject.com/ Frame 87D2 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
cc9654c54e9aa67bf2b10be1073297a8
Expires
0
/
dblksync.dblks.net/dblksync/ Frame 7D80 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dblksync.dblks.net/dblksync/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312079475-3322140-7880-1&id=43a87d7e3603b51&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:861f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
5069
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
82a1c36559bfbb95-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:43 GMT
last-modified
Tue, 14 Nov 2023 18:39:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVRKMySM3sY2nOJVA5%2BO1wlrYrc4fe7IEOZWlqEXaI4L%2BIY95rxzMtdZ53kG%2F8qGwexmgP6PQxca%2F9cWo0sln3HaKJWX3lsXwSKMdoFMAOM95RDGQ9eFs%2B2ft68gwRUU%2B1XdCx9EjG8AizAQYkqItoo%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
dblksync.dblks.net/dblksync/ Frame 00B5 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dblksync.dblks.net/dblksync/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:861f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
5069
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
82a1c36559c1bb95-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:43 GMT
last-modified
Tue, 14 Nov 2023 18:39:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WPlZ61TiY%2FRcGE9wI1nyMnm%2FfxI55ZInZmttr3psINOPeSzFWDZyAXfdMPmPTkm7cAr8PukjiUx1FdhQnICbQI6vus018g8LrmrfR2xHkgGTgl3y0MthVHfOCuxGGxXTe4qFGbMokaUIKugWc5O0kY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
dblksync.dblks.net/dblksync/ Frame 6175 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dblksync.dblks.net/dblksync/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:861f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
5070
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
82a1c368be0ebb95-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 14:11:44 GMT
last-modified
Tue, 14 Nov 2023 18:39:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERVlyIB8AyGYuvjbFPFid54wgTFpcHsd2oHw1dxB1LcwX%2ByXYwtwFqfelsSHA1k23TpGk7T9H1LD9mWX0rm9HJ0S9M33wEcljeKyAjPkZGfNC4Acw0kij1XE2Irz3bopVULaQ5MWa9G4WwF8h2Li9FY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
eb2.3lift.com
URL
https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D76%26uid%3D%24UID
Domain
ssum.casalemedia.com
URL
https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D74%26uid%3D
Domain
sync.targeting.unrulymedia.com
URL
https://sync.targeting.unrulymedia.com/csync/RX-ff137ec2-b6d8-490c-9f16-21217695c603-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D22%26uid%3DRX-ff137ec2-b6d8-490c-9f16-21217695c603-003
Domain
prebid.a-mo.net
URL
https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D81%26uid%3D
Domain
bh.contextweb.com
URL
https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D21%26uid%3D%25%25VGUID%25%25
Domain
ssbsync-global.smartadserver.com
URL
https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D82%26uid%3D%5Bssb_sync_pid%5D
Domain
sync.mathtag.com
URL
https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D61%26uid%3D%5BMM_UUID%5D
Domain
hbx.media.net
URL
https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D43a87d7e3603b51%26id%3D88%26uid%3D%3Cvsid%3E

Verdicts & Comments Add Verdict or Comment

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| documentPictureInPicture function| getUrlParameter function| chooseSplitTests function| loadScript object| properSpecialOps string| utm_source undefined| fbCode object| __NUXT__ function| tryLoadAssertive function| tryLoadProper object| splitTests object| webpackJsonp object| __core-js_shared__ object| core object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| dataLayer function| gtag object| assertiveQueue object| $nuxt object| scr number| now object| node object| v_0x5e13 function| v_0x3fb3 object| __vdzworkers__ object| _vdzwgt_ object| AdGarden object| google_tag_manager object| google_tag_data object| ayManagerEnv object| googletag object| apstag function| onYouTubeIframeAPIReady object| gaGlobal object| vdzCmp function| a0Y function| a0t function| a0j object| adsbygoogle object| pbjs object| pbjsl string| aYZcOSkshq object| vdzTcf object| _aps boolean| apstagLOADED object| GooglebQhCsO object| ggeac object| google_js_reporting_queue object| pbjsChunk object| _pbjsGlobals object| ADAGIO object| mnet function| UAParser object| apscustom object| D9v object| D9r object| confiant object| biddersCPMAdjustment object| assertive undefined| google_measure_js_timing boolean| _assertiveInitialized object| ntv object| _taboola object| OBREvents string| send object| d9PendingXDR object| sas object| apntag object| _ADAGIO object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| NWMyNTNhZjg1YmVhNTQ0ZGxvYWRlcl9qcw== string| NWMyNTNhZjg1YmVhNTQ0ZGNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| nmmRefreshCounts

70 Cookies

Domain/Path Name / Value
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr
Value: 1
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr-exp
Value: "2023-11-23 14:11:39"
i.liadm.com/s Name: _li_ss
Value: CggKBgiiARDHFg
.heroinvesting.com/ Name: _ga_PNTYD12RWN
Value: GS1.1.1700662298.1.0.1700662298.0.0.0
.heroinvesting.com/ Name: _ga
Value: GA1.1.1909277577.1700662298
.heroinvesting.com/ Name: _gcl_au
Value: 1.1.1161652064.1700662299
.kueezrtb.com/ Name: kuid
Value: 1ddbc4fa4928cb0c
.script.ac/ Name: __cf_bm
Value: SkjSUVYIf6DvROP311QxYferZDrjfQOzHsTc8T_ABpc-1700662298-0-AcM+c5oIt4FY3Wp2Kbc+/RMVIO0xT3ybE2701Q05yTlQfeCYg8ubMPd3lLRC33KyeRnn/V1wTK6ZWcYXqDl6rAY=
.flashtalking.com/ Name: _D9J
Value: 4fa4a556b51947338f825658452a0c0d
prebid.a-mo.net/ Name: _Amc_b
Value: 0
.prebid.a-mo.net/ Name: __amc
Value: 1_1700662299_1700662299
.gumgum.com/ Name: cs
Value: true
.go.sonobi.com/ Name: __uis
Value: eb1366af-5e2c-408a-8918-c88aa5db75a9
.go.sonobi.com/ Name: _usd_heroinvesting.com
Value: a108153e-0a34-4ce7-b274-ccd4b78bae99
.go.sonobi.com/ Name: __uin_zt
Value: 2810316567870353321
.go.sonobi.com/ Name: __uin_st
Value: mv3s2ybMUdxvG8uSkNNv7UPkeU4
.go.sonobi.com/ Name: __uin_rh
Value: Cr7Cq7gGM9RqFDjQq9BacdOlWTcDnSDC0EgvDsJLhuc
.go.sonobi.com/ Name: __uin_an
Value: 6440687115695549674
.go.sonobi.com/ Name: __uin_bw
Value: b1b8b06e-b9b6-4a85-a1c8-f66d69f6bdda
.go.sonobi.com/ Name: __uin_pp
Value: vffprw8nIm16
.go.sonobi.com/ Name: __uin_td
Value: ff2abb5b-e030-4771-a1dc-0bca859c074b
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: __uin_z1
Value: 1
.go.sonobi.com/ Name: __uir_z1
Value: 28127499
.rubiconproject.com/ Name: khaos
Value: LP9UF8H0-V-EZLZ
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB13fa2W9XeVgF4C1LCtWBX9mfsNIvv6QtqRoUZOq/XfJtRqk6muGTGx8a8bGwP47VKMCL+3kiImJzBL9RgbQbtMK04Jxx6SvqchkTnGhAX54b7FQD2yB//h3OlDu/ORdD8=
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: c5b45f34918a01ee
cookies.nextmillmedia.com/ Name: NMUID
Value: csuid_98e129bd-94f6-4327-ba5b-703c74ccf6a4
.adnxs.com/ Name: uuid2
Value: 1192107794460162654
.casalemedia.com/ Name: CMID
Value: ZV4MHSm9YlAbp0b96qvcwQAA
.casalemedia.com/ Name: CMPS
Value: 5181
.casalemedia.com/ Name: CMPRO
Value: 5181
.csync.loopme.me/ Name: viewer_token
Value: 9027f31f-3654-4177-9b18-c0e55f187585
.creativecdn.com/ Name: u
Value: 6msveThBo1JMVyVYRLqc
.creativecdn.com/ Name: g
Value: 6msveThBo1JMVyVYRLqc_1700662301232
.creativecdn.com/ Name: ts
Value: 1700662301
.doubleclick.net/ Name: IDE
Value: AHWqTUkrZ01B5h_X2yAMPdftQ5OGNePL9PLKXPG8YYIfT37zbbaUo1kDFNhkOUIYtQs
cookies.nextmillmedia.com/ Name: syncedBidders
Value: {"ix":1}
.0cf.io/ Name: _dbid
Value: 43a87d7e3603b51
.yahoo.com/ Name: A3
Value: d=AQABBB0MXmUCEOEdXS2FvZ-GyICzooD8uLEFEgEBAQFdX2VnZQAAAAAA_eMAAA&S=AQAAAiKV6E2gUcipGIufhnAOnbs
.3lift.com/ Name: tluid
Value: 896330134250540384609
pbs.nextmillmedia.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJpeCI6eyJ1aWQiOiJaVjRNSFNtOVlsQWJwMGI5NnF2Y3dRQUEiLCJleHBpcmVzIjoiMjAyMy0xMi0wNlQxNDoxMTo0MS4zMDIwNDY5MzdaIn19fQ==
.gumgum.com/ Name: vst
Value: e_894acc94-1fa7-435e-969a-30ede9b0d9bd
.bidswitch.net/ Name: tuuid
Value: e6553a18-143e-451b-8847-95c5cfa61f18
.bidswitch.net/ Name: c
Value: 1700662301
.bidswitch.net/ Name: tuuid_lu
Value: 1700662301
.mathtag.com/ Name: uuid
Value: 3812655e-0c1e-4b00-8454-34e3d0f7f4a6
.openx.net/ Name: i
Value: e70d244c-bf39-4b7c-8432-f5e554adba38|1700662301
.adform.net/ Name: C
Value: 1
.smartadserver.com/ Name: pid
Value: 2832770561346401217
.adform.net/ Name: uid
Value: 2795206951161514148
.liadm.com/ Name: lidid
Value: d443929f-8241-4265-95b7-31615e223b6f
.go.sonobi.com/ Name: HAPLB8G
Value: s8557|ZV4MI
.ads.pubmatic.com/ Name: KCCH
Value: YES
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4.Wj94abwqhGhIXBoledkDrcVwKDL1CJFTsIebEFEYYKY
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-c20b79d3-8b16-55e2-51ca-93c52ac8c5f4.Wj94abwqhGhIXBoledkDrcVwKDL1CJFTsIebEFEYYKY
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3Awgt504sWVeJRypPFKsjF9FFfBSU.FWZXYv3ZnNZGHMdIEaDafTCUhtwdSqb5SO1xy9sZedM
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3Awgt504sWVeJRypPFKsjF9FFfBSU.FWZXYv3ZnNZGHMdIEaDafTCUhtwdSqb5SO1xy9sZedM
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIHdD5aik2sMuu9MUMiKohGwkzzWhkJfMui96JqsVistBEHwYBCCdmPiqBjABOgRyABfNQgTvvP3o.CZ6%2FBpVHhv7InrF2S77xpR2tOuT8qKOZ20TCqqPSp7I
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIHdD5aik2sMuu9MUMiKohGwkzzWhkJfMui96JqsVistBEHwYBCCdmPiqBjABOgRyABfNQgTvvP3o.CZ6%2FBpVHhv7InrF2S77xpR2tOuT8qKOZ20TCqqPSp7I
.ipredictive.com/ Name: cu
Value: 7442f637-0040-45b5-aac8-5b980006dd58|1700662301886
.turn.com/ Name: uid
Value: 4096541659101173627
.rezync.com/ Name: zync-uuid
Value: 72cdd2bb-a4a1-4098-a5d7-084943d6464c:1700662301.9603922
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-ff137ec2-b6d8-490c-9f16-21217695c603-003%22%7D
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-ff137ec2-b6d8-490c-9f16-21217695c603-003%22%7D
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0NjExNTUxMjI2MbI0NbQ0MhDiM9R1zUkMMkx0czIucXYEANYQPxwlAAAA
.rfihub.com/ Name: euds
Value: H4sIAAAAAAAA_wXBwRGAMAgEwI_t4BxwQrAbEiqxcne_K9POjO0tzVYhakk_k4LFok8weF5NIMIcelfAy-wHZ4C34zoAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_5skbG5ulJySYpSUpJtokmioa2JgaaGbaJpirmtgYWJpYpxiZmJmkmxlaG5gYGZmZGxgqGdpZmBsaWQ0S5gXLghEJotQ-aYAeS_iKVoAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0NjExNTUxMjI2MbI0NbQ0MhDiM9R1zUkMMkx0czIucXYEANYQPxwlAAAA
live.rezync.com/ Name: sd-session-id
Value: .eJwNysEOgyAMANB_6VmWUgpYfsYgcCCbbLHuMuO_z-NL3gnLp-1bHm0ckI792yYor35LIZ2g_be1JyTw1jF7z0SOSbwVQrgm0Kba32Pp9T6RSq20riZztoZRZpN9jQZnFnY1cOCSbEQMgRzahwR0QgTXH62vJVA.ZV4MHg.E_iLXPDffWYjcd9AUt3oGyTqof8

25 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
javascript warning URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js(Line 9)
Message:
Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network error URL: https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
network error URL: https://idsync.rlcdn.com/501709.gif?partner_uid=72cdd2bb-a4a1-4098-a5d7-084943d6464c%3A1700662301.9603922&_=1700662301.977418
Message:
Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.teads.tv
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad.turn.com
adgarden.market
ads.pubmatic.com
ads.servenobid.com
ap.lijit.com
apex.go.sonobi.com
api.assertcom.de
b1sync.zemanta.com
bh.contextweb.com
bid.contextweb.com
brightcombid.marphezis.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
cadmus.script.ac
casale-match.dotomi.com
cdn.confiant-integrations.net
cdn.connectad.io
cdn.heroinvesting.com
cm.g.doubleclick.net
colossusssp.com
config.aps.amazon-adsystem.com
contextual.media.net
cookies.nextmillmedia.com
cpm.qortex.ai
creativecdn.com
csync.loopme.me
d9.flashtalking.com
dblksync.dblks.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
exchange.kueezrtb.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
g2.gumgum.com
googleads.g.doubleclick.net
grid.bidswitch.net
gtrack.kueezrtb.com
gum.criteo.com
hb.minutemedia-prebid.com
hb.yellowblue.io
hbx.media.net
heroinvesting.com
htlb.casalemedia.com
i.clean.gg
i.liadm.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
idsync.rlcdn.com
image6.pubmatic.com
image8.pubmatic.com
js-sec.indexww.com
lb.eu-1-id5-sync.com
lexicon.33across.com
live.rezync.com
match.adsrvr.org
match.deepintent.com
match.sharethrough.com
mp.4dex.io
onetag-sys.com
p.rfihub.com
pbs.nextmillmedia.com
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prebid.cootlogix.com
prebid.dblks.net
prebid.media.net
prg.smartadserver.com
region1.google-analytics.com
report2.hb.brainlyads.com
rtb.gumgum.com
rtb.openx.net
s.0cf.io
s.seedtag.com
scontent.xx.fbcdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.kueezrtb.com
static.vidazoo.com
static.xx.fbcdn.net
sync-eu.connectad.io
sync.1rx.io
sync.colossusssp.com
sync.cootlogix.com
sync.go.sonobi.com
sync.ipredictive.com
sync.kueezrtb.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
targeting.unrulymedia.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
track.kueezrtb.com
u.ipw.metadsp.co.uk
u.kueezrtb.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vrl9rgsahh7mx6ndn.ay.delivery
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
x.bidswitch.net
bh.contextweb.com
eb2.3lift.com
hbx.media.net
prebid.a-mo.net
ssbsync-global.smartadserver.com
ssum.casalemedia.com
sync.mathtag.com
sync.targeting.unrulymedia.com
104.18.36.155
104.18.38.76
108.138.36.122
108.138.37.209
140.82.40.19
143.244.158.175
145.40.97.67
162.19.138.116
162.19.138.117
172.217.16.194
172.240.155.76
172.64.151.101
178.128.135.204
18.159.189.64
18.173.191.32
18.185.207.108
18.195.212.171
18.200.168.98
18.202.39.252
185.184.8.90
185.29.132.245
185.86.138.150
185.86.139.116
185.86.139.94
185.89.210.153
193.0.160.130
198.47.127.18
198.47.127.19
199.212.255.178
2.18.160.23
2001:4860:4802:32::36
208.93.169.131
209.192.253.44
211.120.53.200
216.52.2.6
23.213.164.238
23.35.228.23
23.35.229.251
23.35.229.56
23.56.202.187
2600:9000:2251:e800:6:1c12:bd80:93a1
2600:9000:2251:ee00:6:1c12:bd80:93a1
2600:9000:2394:7c00:3:6d3c:dac0:93a1
2602:803:c004:200::140
2606:4700:10::ac43:15e8
2606:4700:10::ac43:8ae
2606:4700:20::ac43:4bf1
2606:4700:3036::ac43:9447
2606:4700:4400::ac40:90a6
2606:4700:4400::ac40:994e
2606:4700::6812:1691
2606:4700::6812:651
2606:4700:e2::ac40:861f
2606:4700:e2::ac40:8a0c
2606:4700:e2::ac40:8f15
2a00:1450:4001:812::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::2008
2a02:2638:3::c
2a02:fa8:8806:20::2040
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a05:d018:d29:3602:b34:3da1:cf11:a756
3.126.176.240
3.75.62.37
3.89.216.2
34.120.63.153
34.149.20.76
34.149.50.64
34.234.39.43
34.247.233.198
34.249.240.92
34.95.69.49
35.210.239.72
35.214.167.69
35.227.252.103
35.244.159.8
35.244.174.68
35.244.193.51
37.157.5.132
44.194.142.98
46.228.164.11
46.228.174.115
46.228.174.117
50.31.142.31
51.89.9.253
52.215.24.0
52.223.40.198
52.3.113.141
52.87.28.41
54.247.19.59
54.84.92.154
54.93.103.174
63.32.251.103
64.227.4.68
65.21.238.88
67.202.105.23
67.220.228.203
69.166.1.67
69.166.1.9
69.173.144.137
69.173.144.138
76.223.111.18
77.245.57.72
8.18.47.7
99.84.88.8
009a6be7dbc551e6f53c525875fed89d7da48c41e5f1a123c38d91e4e4a9b846
02b6a4cea9e3cb9cae8bc6e8823137f630bc4bba3034e991aad496a143f9607e
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60
0a059e6e40c554ecbc83955d6bc031af1fe8adc0070e7630b8bd73eb94f65c71
0a8962b0bb1b97d791d1c4f031adbda78917d572becb7e382ee73841adae192f
0adf3c9350c649d2b7218be2bf95e0d362cfd57f73ddf4373f252fcebe4cb0a5
0b1f978922b7cefed8ac48debfbf7443b859425a36a3df23ed8b7620fd9963fa
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c0dbe11130009b028ada6960f7e69e3d1c24cdd4a4294af0a9778339f1be6ae
0c945aa0bb5ba5a939754f316628f652efd88279fdba1fda70102f12984e7c9f
0de5d56039ab501a4791d2db4f049e3ff363f97b64e9f4d7e5d4eb92ec058588
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
0e9bc90553426ee05176b51669d1158118047057a21b7210e2b3949867552607
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f2018d5aa4e1627840981bb00f1b1a9bf6c409479fa3fa3899b7fa50b8a23fc
0fbee40d848d6df79b375ca87bdb53f4e97bfb3c6dc2a1d03cb8fd74a395eca4
0ffcdfacfa747ec1af447e1e5602e8be7d8d168c1b065845e77a67ffba77b594
10e85cad8aa79f58268db0ff78f64523fd0bdf5a4e2d8286a49f115f8a86a4cf
11c4d847faa1a75d75f0ce42414094da93d3fe370b3a245f32d47b67e49d53d2
12c2c5879869f4df381804a5ce8d962523039494efae426ee339bb18d136d331
142d2b05f9df369af3e1c069552ebf08e6c42da0dded470be7a75df0a3988f26
14d5ec601cfe44e33426c1f24a19839982de53ee168574d62102d77d77302765
1863c8464bdd4851c79515d75aee81af471494224b1bb46fb905f9535b60912b
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
1fba390cf716bf6f81d7888adfb489d01bc6e7882d3c4f412a223f4154425f3f
21ab500bcb9567d957868c369e32d24e3de5c9d0077037a528b0e43ade895d59
23151a6b1b97939049be050503199713a14caecb1394f210b7f174653b0d32bc
23af93c9b164275cac4f0854507fbd3cf31ae07b91538cad58d49ed8fabe443a
2414badced0e65e0d68b7fbe36506f936f39d76ac7506e9a3fc3480a7ce652a0
2506212509b1d340b5330bbc500c0226469fd51e2c9fd182facff7b6ae64da24
25581311dd8d50e3059dab384f4c34c4ab6c3cf50ad6f56af4a85e07321c169c
262b06d105e1c865b01c3e0a74291cdae511ef15f3d456e14fbe2dffd9efe3b9
27458a828150a9e0983b25da625f80c2bfae4ac9e27ecdf11a571e8b662d0832
2863b52bbc74d053b6415278249cb4258747dd6f355f6ba30739b1f84e76861a
288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981
29941692bb0759e585de4cc78396732acfe7e4e69346e452ecd1d74f30d8cc57
2a825d7064ec55137b18338cb054d681dd83bfb5b1748dd73a97dc655f60f6dd
2b809092933155217e4c079a6ee4f9f222dc7bda019697017a481d825e5c93fc
2e487fb39e7490a9f4a64909ff2874fe4bcea0a157f9b3746b3fe896c67069fc
2ee5b4a88b61a823f3d2a8d95f77460081b9c656e513c346e163f721d936cc5f
2f81a0db72dd60cad903ccf6f4cb0eb23de179c450040731b5a5e90fca85840a
30bbd756bf57f0ab238ae540e25864babf2bc5cae06da6d297ef07e769468c35
37cdd0aeba2e57ddfb0770a5c5614e9eab2ed688f716bcdcdd73f1baaf7b4b25
38169a43d6649aab2275328838c895f03265a4ce17c1ba6e8857baf4da449d84
3969182a1e46bc9c7b52a41d624d18ae25c72db59a031e847229771a252cd01f
3b6ef414e305b2b8fa5587f3e8b4f39c25d58084e847d126e0c869c53e55e40b
3cafa852eb00b7e80728a28bf10fdedb6d01ae654fb04d7e983e3462b8b0edfb
3f4c97d1f004d9adb1e2df416644f1544dd760eeb17e3ea573206ecb9393cd94
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44598edeeb264908da136f46d23b7f9a7900bf887b8ced23ec332dec69558964
47e0c902d11889abf7a636c8e981d7653995c8b30c22f7d01233275e199c3c81
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a123bff683144a7ecc232725e55af4c182a03dfa634d5d39f0da05c09d8f633
4a17bf30016786630e6f00ef0689bbaff043fe680fbc0991dfb57aa5cff60ed7
4b70b5ab26a51f7829a43fa74bbb2abc2fab541d5842d7c481274f9aaa239a53
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e5f1b14f824baaaad1b124e0612095b690172c222fdc6ded6426f0dc8aac91a
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4fdcc7f8c4b48e047fc515e0fc1a5f0808d853a544a6a051fcfaa3b02edca250
535291b89d01e51c8366ca2268b580c203f70e106d5e0dddaaa2fc7d5b2235b1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56939e06ab2cb38895d26a98e53f13e4fa8507be612ac0d2537b7f1c68988087
59fb56f748a7652ca6301d3ee2b22d8c097580e8a79b6aab4c085c56df265df8
5a99612d9b5cb97ad873c0c0ad6bb9a28cdb71e035d4c817e974714e734c585d
5b91ab3d018aacfb63598f8ab24ad7f3033e36ba2133ed79f0c2822b5a9caecf
5bda6629647f72090e2e060d37a82b896e5db4c4f292a27c711713bb4af566ad
5d90313e752d9a70502b59e6a405b2dd9bfe407becd61f1cc44e2a4c988478aa
61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
67d925b372e6d3c1f16737bc4c3be142c656d3584b16a3db4225ea7206276d26
68c17e743f229f07f1375bd906669e46147d13fd2c92be22317bd3d4e505b5e7
69c45b9cb0396b768d7bf68dbe59a89f7d5905bd6bf47656d7c7ce590707c2e3
69f43a3f845b6434390b51d72bee28c3a0ca2f5eea2f4af954ec9a2b37d730c0
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c06cb54fd77979d1bfcde9cc23f061ea3e9a379ce3d5f6f6b69f18d1918e9a1
6d61943a764a50b655df44349f7d0353d3cc6817084587a6f5d1915086a3002b
716425cd0fe759b9d4e1d4bc35fb7658eb7a6f54568786f92f46266f9fffce33
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39
7a30c43952d4ef5a041bdb5dcdc006688a4801e9ca48245b60fede43a5fa4d59
7ab3ebae891a75d2dfbc5dd36107f16a0b9ba271694c40f5b55279b4d69c9d53
7b76b819a56cefc5344fabd9df41fdab467b1038d63992c2cabe70ab71d44c8a
7f11a9b7de1fe6187a3eb9e530eee65f768f4c8c502ae47b2ce8f7677cd72703
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
83dfaad4d5f12ce36a8c1deee6d8fa578b17d31411f003fade2f3db5160b3828
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b
857ebc48c65e73a90ed84bccb7caffdc85eafc7bb752e1fe8bec6336dc5855e0
86e6be34c0461c52274e8532eeb809500e6d440459158dc063e72624f2b15803
8712124400acb4adbdf68dfe256b6c07b1f0a20c43a28d58783001891e9be999
8a57de42d0833a00a1e8dd86578bc5aa67cb08b7d713e91194fa24ff73dfc67e
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8e9dd810101bd0ac738ac53d917763531db10ea62eafdf8973bfcdbe27bf200e
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fdd3ef0e419019b4ed7077983c7c32074e85493e323033dbadc3dbfddbbcc60
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
99dc6efbb92e8a11bdaefa83dd1a518c6a015455f0c6ff5c6ef218a562755573
9ad42d12d0273a0f8c363e7b2bd33f77f6bcbabbcbb06d6231032b0614a5c647
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9ddf06ff4aef8ed10ffc56e31c2e1bdd78a28481a39971a8e11d25cc64cb2b84
9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
9fe6153fc5f786f1a0bf0846536b77f58340e4d9fdc55137185b2879ff9a46d8
a0046a671aa51cf5e7e32ff8472fb5cedb4ca0b30e1fd5cbbead849cfa241db2
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1082fad1c573f075461d23efa791f3f1a0f52d4e8d21c4fa9f99527660052a1
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84
a419430671c692bb6feaa153dd70c8cb45d7330af771945627517c69f9178e1d
a69912fe7e863fe41f1104eb1007d546d67d424db55b155fa3adf168516e96ea
a8f81ae29f4f064b09f32197200198492754cd553979c148f3955b9cb31f819f
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc
ab9d3d20fb5dcfc01c291c535840efd09ce43b7946f351d7ce5644f978c55060
af14027e2986a3c157a1aa716c77938851b1e99a80f86850611f771e71190c50
af377810107047cffd1cbb097f000d85002b82817de4f80fcfe5189de0311809
b00e095c26a1cf90a20a5f74241458ed7f467d10fe92713efaac6b9e558f5d56
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b183decea5d7862cd0a2249dd1cfbfff7b9361506d61c12100b527260508bd3b
b5e700284424ca0cbe29494aeba247313172c1aea0ebbdf5c2790851ec89010b
b74c57956156cfdb6ea1f2b5442d62bfd3d771a122de72133859f318f4b2d6c1
b8f8e874d2d21930d7ba36b1ff4553240659aadcdca2569a33c101f45059ba8c
b952ae1a582910bbfd4efa3b03c3dd91b903fc474d62dbbda8db0729f34ea02c
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8
bd65e821bb0e54acae7f6e413c39450c87ac0f27fc1e9d8c866e20bcb7722bb0
bf4aee80fda9289a2513b0a11860587a459ffff6f514377f4144f3b49d131923
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c3a7d1b2bb387c1f03e7809c00b4594b3f80dc72cc1b664dac82d8d168d9b0f0
c4cb7ee295b14fe670ced1e8271273041990ca3d5af39accf8e960c227148eab
c59c29f4f48ecb4bb4bb5ac8544ac47ab9fb06c3ae03f0a5af4b94e50886e4b9
c6d76b45f080a8303a400ddf62d30f582a7da2cd485aa471bf733d414ee0a7e8
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d
ca205937385e136bbf7757cff2a75ee59d4cb157c847b2e4abf2b351c06d387c
cb7ea6a539cc6f9a651bde3ca31fefdda677f55ce3a63f82c4b8c3b20e47a77e
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cd132dc9cbf1505dc2496fc0a6401fe0b71731536bce145f02911957c1a82747
cda916e31b503b3bd54dc7efc94c844cd3f272847ffdb0bc75d9bc41c7f76ee2
cf203740dc9baffee1d429b0b0f17846eebbcc3437e01026b4617159a5419204
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d0e50db0d6679dac85be85bf1cc2c0d12725b403a32d8d33f0bc45c676be8978
d1339fc385417cf3d3fd95cc850f728b7d81a86cfd679ba7e1fa388e527bddde
d2aaaa9f16434cdbe007199ddd2cc7e7523a6e18b9cfe2311c7049368a2fe85e
d5915b502e41b30c5615303301c70515cc3a303e7fbc62dbcc1ca078935491d2
d710a08e346f38576d6e37a705127c0613322ab3e3d0fe0e6cdfe694b8471f62
da5f2936b72b0ab18456bc90cd00419e1d738b264916c0f95b429ab0424b13a6
dc3b896b624e3166ce5175285bfa09e99afc2888caabb96b5f0473f0ca3bb036
ddc3c129677114da7c0f261ded73146caef312f0c819bc69d7336c9ab24edc66
dedf366251268708e5b04677d175714ed61cd669e16383f4857f2df80647b466
e0625a022bd3b199157833e0338f4eae7eb814ad18da77a4f315851c3e0d2e57
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e602d10aeab60c205781599d1dd4e46d615c1938e62f66d5752fb08ad800fa2d
e605414c5d690913c053ec344fd3fd58b19ecd5f111fb05e4e912bc52a77fa66
ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0a272140f39235a8c48f5065d49e3f9a9cef387f8a3a76ef56ea4cd43783376
f2136cad836f6718b547510ddc64eb39360e8ab7ba83b09aace7444b4be3820a
f4e357ce8bcfae0dfa36a5705311291180ea2bc11f8e5b182685383e088b16d3
f54aed9527ac229c6a5b15e49f73aa17cdf8224171095ef9c65ccd10ecd5af49
f6039cf2d98ffcd26a23c5b1b2f49961066dab363764d0ae7dbe25b4f3a7c2ed
f97b357206c08f2a73432addcaf75b90afb626778d60519bc830d33ca28b626c
f9b01a3da483e7102d50a7a205a0f52f0966cdbbf098aa9d997d2a549fe3fdf6
fcf2d590317ceca4857d61b3de3861dc72cd6b3632daa57ad50fe047bec60614
fd203fa26128d610033dd12862e969808c72ed396eeb2f769322c5aa3ab2f0ad
ff451152a1b8870a4eea684a88cebe0e7c2da192ef293cf24ca8f7df671fc60c