URL: https://ndnation.com/all-smiles-in-irish-romp/
Submission: On September 04 via manual from US — Scanned from DE

Summary

This website contacted 120 IPs in 13 countries across 99 domains to perform 362 HTTP transactions. The main IP is 192.124.249.105, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is ndnation.com. The Cisco Umbrella rank of the primary domain is 279118.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on October 31st 2022. Valid for: a year.
This is the only time ndnation.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 192.124.249.105 30148 (SUCURI-SEC)
4 2606:4700:e0:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.1.252.251 14618 (AMAZON-AES)
11 2a00:1450:400... 15169 (GOOGLE)
1 69.16.175.42 20446 (STACKPATH...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 104.16.132.24 13335 (CLOUDFLAR...)
1 151.101.2.62 54113 (FASTLY)
2 2600:9000:239... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 34.228.251.145 14618 (AMAZON-AES)
2 13.32.121.37 16509 (AMAZON-02)
2 2620:116:800d... 16509 (AMAZON-02)
1 172.64.146.152 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
6 18.66.202.223 16509 (AMAZON-02)
1 18.66.112.8 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:223... 16509 (AMAZON-02)
1 52.206.212.116 14618 (AMAZON-AES)
3 69.16.175.10 20446 (STACKPATH...)
5 54.236.239.161 14618 (AMAZON-AES)
1 2001:4860:480... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:440... 13335 (CLOUDFLAR...)
1 2400:52e0:1e0... 200325 (BUNNYCDN)
3 2a02:2638:d::2 44788 (ASN-CRITE...)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 104.18.35.167 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 18.66.97.88 16509 (AMAZON-02)
1 34.96.70.87 396982 (GOOGLE-CL...)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
1 2.20.217.188 16625 (AKAMAI-AS)
6 52.222.253.136 16509 (AMAZON-02)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
3 52.210.102.126 16509 (AMAZON-02)
3 172.240.155.108 7979 (SERVERS-COM)
3 34.149.20.76 15169 (GOOGLE)
5 3.122.125.22 16509 (AMAZON-02)
4 216.52.2.30 32475 (SINGLEHOP...)
4 35.227.252.103 15169 (GOOGLE)
3 2602:803:c003... 26667 (RUBICONPR...)
3 2a02:2638:d::a 44788 (ASN-CRITE...)
8 54.147.66.236 14618 (AMAZON-AES)
3 138.197.55.50 14061 (DIGITALOC...)
5 18.156.195.47 16509 (AMAZON-02)
2 7 185.89.210.122 29990 (ASN-APPNEX)
3 185.64.189.112 62713 (AS-PUBMATIC)
7 54.84.92.154 14618 (AMAZON-AES)
1 2600:9000:205... 16509 (AMAZON-02)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 108.157.194.62 16509 (AMAZON-02)
4 192.0.77.48 2635 (AUTOMATTIC)
1 2 34.120.107.143 396982 (GOOGLE-CL...)
1 35.190.39.111 15169 (GOOGLE)
4 141.95.98.64 16276 (OVH)
2 6 2a02:2638:3::c 44788 (ASN-CRITE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 18.200.64.186 16509 (AMAZON-02)
2 162.19.138.120 16276 (OVH)
1 23.21.152.207 14618 (AMAZON-AES)
2 178.250.1.11 44788 (ASN-CRITE...)
6 18.66.196.33 16509 (AMAZON-02)
3 34.98.64.218 396982 (GOOGLE-CL...)
20 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
4 2.19.244.232 16625 (AKAMAI-AS)
1 185.86.138.154 201081 (SMARTADSE...)
1 37.18.16.22 205675 (HYBRID-AS)
1 3.71.149.231 16509 (AMAZON-02)
4 4 46.228.174.117 56396 (AMOBEE)
5 3.227.115.35 14618 (AMAZON-AES)
1 1 100.26.92.212 14618 (AMAZON-AES)
1 1 208.93.169.131 46244 (WEBMD-IDC...)
2 2 23.212.211.47 16625 (AKAMAI-AS)
6 23.218.210.30 16625 (AKAMAI-AS)
3 3 35.214.195.248 15169 (GOOGLE)
2 2 147.75.84.158 54825 (PACKET)
1 8.2.108.251 46636 (NATCOWEB)
1 3 198.47.127.19 3257 (GTT-BACKB...)
4 108.157.177.59 16509 (AMAZON-02)
2 69.173.151.100 26667 (RUBICONPR...)
24 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 35.186.193.173 15169 (GOOGLE)
8 20 216.58.206.34 15169 (GOOGLE)
4 4 37.157.6.237 198622 (ADFORM)
2 2 76.223.111.18 16509 (AMAZON-02)
1 2 51.89.9.253 16276 (OVH)
2 18.158.83.223 16509 (AMAZON-02)
2 5 69.173.144.165 26667 (RUBICONPR...)
4 4 69.173.144.139 26667 (RUBICONPR...)
1 1 2a05:d018:d29... 16509 (AMAZON-02)
4 35.71.131.137 16509 (AMAZON-02)
1 2620:1ec:21::14 8068 (MICROSOFT...)
2 4 52.46.130.91 16509 (AMAZON-02)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2600:1901:0:7... 15169 (GOOGLE)
4 2606:4700:20:... 13335 (CLOUDFLAR...)
6 2a00:1450:400... 15169 (GOOGLE)
2 2 92.123.148.9 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 4 142.250.186.70 15169 (GOOGLE)
2 2 84.200.5.215 44066 (DE-FIRSTC...)
1 167.233.13.224 24940 (HETZNER-AS)
1 145.239.193.130 16276 (OVH)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
2 2 213.155.156.169 1299 (TWELVE99 ...)
1 87.118.116.9 31103 (KEYWEB-AS)
2 18.134.234.224 16509 (AMAZON-02)
1 18.66.147.120 16509 (AMAZON-02)
1 99.86.4.52 16509 (AMAZON-02)
2 18.171.28.113 16509 (AMAZON-02)
2 67.202.105.21 32748 (STEADFAST)
4 6 44.193.144.116 14618 (AMAZON-AES)
1 2.19.244.218 16625 (AKAMAI-AS)
2 8 185.80.39.216 27381 (CASALE-MEDIA)
3 3 185.64.190.79 62713 (AS-PUBMATIC)
1 2 185.64.191.210 62713 (AS-PUBMATIC)
2 44.235.222.29 16509 (AMAZON-02)
2 2 151.101.130.49 54113 (FASTLY)
1 52.48.108.9 16509 (AMAZON-02)
1 2 35.204.158.49 396982 (GOOGLE-CL...)
1 34.200.50.179 14618 (AMAZON-AES)
1 1 178.250.7.11 ()
2 185.64.190.80 ()
1 54.239.33.159 ()
2 2 34.111.129.221 ()
1 34.111.131.239 ()
362 120
Apex Domain
Subdomains
Transfer
34 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 107
tpc.googlesyndication.com — Cisco Umbrella Rank: 150
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
347 KB
33 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 203
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
cm.g.doubleclick.net — Cisco Umbrella Rank: 237
ad.doubleclick.net — Cisco Umbrella Rank: 173
187 KB
28 ad4m.at
as.ad4m.at — Cisco Umbrella Rank: 34772
ad4m.at — Cisco Umbrella Rank: 12393
assets.ad4m.at — Cisco Umbrella Rank: 44002
2 MB
22 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 510
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1036
eus.rubiconproject.com — Cisco Umbrella Rank: 593
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1110
pixel.rubiconproject.com — Cisco Umbrella Rank: 366
token.rubiconproject.com — Cisco Umbrella Rank: 597
38 KB
17 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 512
ads.pubmatic.com — Cisco Umbrella Rank: 513
image6.pubmatic.com — Cisco Umbrella Rank: 752
image8.pubmatic.com — Cisco Umbrella Rank: 653
image2.pubmatic.com — Cisco Umbrella Rank: 895
simage2.pubmatic.com
109 KB
17 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 327
aax.amazon-adsystem.com — Cisco Umbrella Rank: 404
s.amazon-adsystem.com — Cisco Umbrella Rank: 310
aax-eu.amazon-adsystem.com
135 KB
14 nextmillmedia.com
pbs.nextmillmedia.com — Cisco Umbrella Rank: 4207
cookies.nextmillmedia.com — Cisco Umbrella Rank: 3326
6 KB
13 aniview.com
tg1.aniview.com — Cisco Umbrella Rank: 12126
track1.aniview.com — Cisco Umbrella Rank: 1826
player.aniview.com — Cisco Umbrella Rank: 1746
go1.aniview.com — Cisco Umbrella Rank: 6219
sync.aniview.com — Cisco Umbrella Rank: 1743
144 KB
12 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 767
gum.criteo.com — Cisco Umbrella Rank: 426
mug.criteo.com — Cisco Umbrella Rank: 2631
dis.criteo.com
16 KB
12 ndnation.com
ndnation.com — Cisco Umbrella Rank: 279118
299 KB
10 cloudmcapp.com
cmcsports.cloudmcapp.com — Cisco Umbrella Rank: 175972
beacons.cloudmcapp.com — Cisco Umbrella Rank: 176736
2 MB
9 openx.net
rtb.openx.net — Cisco Umbrella Rank: 751
oajs.openx.net — Cisco Umbrella Rank: 1329
google-bidout-d.openx.net — Cisco Umbrella Rank: 1333
u.openx.net — Cisco Umbrella Rank: 670
didna-d.openx.net — Cisco Umbrella Rank: 55783
2 KB
8 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 475
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590
7 KB
8 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 239
acdn.adnxs.com — Cisco Umbrella Rank: 578
22 KB
7 brainlyads.com
report2.hb.brainlyads.com — Cisco Umbrella Rank: 3898
5 KB
7 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1973
ups.analytics.yahoo.com — Cisco Umbrella Rank: 326
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 451
2 KB
6 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 405
127 KB
6 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 755
id5-sync.com — Cisco Umbrella Rank: 400
55 KB
6 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1074
ssc.33across.com — Cisco Umbrella Rank: 3667
lexicon.33across.com Failed
ssc-cms.33across.com — Cisco Umbrella Rank: 1064
10 KB
5 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1105
771 B
4 ad4mat.net
static-de.ad4mat.net — Cisco Umbrella Rank: 167849
prod-rtb.ad4mat.net — Cisco Umbrella Rank: 137423
8 KB
4 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 348
1 KB
4 adform.net
c1.adform.net — Cisco Umbrella Rank: 591
dmp.adform.net Failed
3 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
4 w.org
s.w.org — Cisco Umbrella Rank: 2473
2 KB
4 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 659
1 KB
4 avplayer.com
player.avplayer.com — Cisco Umbrella Rank: 13911
track1.avplayer.com — Cisco Umbrella Rank: 16702
358 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 47
229 KB
4 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1070
384 KB
3 weborama.fr
cr.frontend.weborama.fr
idsync.frontend.weborama.fr
898 B
3 webgains.io
analytics.webgains.io — Cisco Umbrella Rank: 30936
api.webgains.io — Cisco Umbrella Rank: 76621
18 KB
3 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 890
858 B
3 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 561
2 KB
3 resetsrv.com
ads.resetsrv.com — Cisco Umbrella Rank: 13010
1 KB
3 colossusssp.com
colossusssp.com — Cisco Umbrella Rank: 1319
sync.colossusssp.com Failed
729 B
3 minutemedia-prebid.com
hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3259
1 KB
3 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 809
bcp.crwdcntrl.net — Cisco Umbrella Rank: 776
sync.crwdcntrl.net
12 KB
3 criteo.net
static.criteo.net — Cisco Umbrella Rank: 603
74 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
region1.google-analytics.com — Cisco Umbrella Rank: 2547
21 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 214
143 KB
3 qortex.ai
tags.qortex.ai — Cisco Umbrella Rank: 21839
events.qortex.ai — Cisco Umbrella Rank: 20287
14 KB
2 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 791
1 KB
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 692
648 B
2 a2z.com
prod.tahoe-analytics.publishers.advertising.a2z.com — Cisco Umbrella Rank: 4868
375 B
2 webgains.com
track.webgains.com — Cisco Umbrella Rank: 49150
2 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 4396
739 B
2 awin1.com
www.awin1.com — Cisco Umbrella Rank: 18330
1 KB
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 342
291 B
2 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 736
490 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 388
957 B
2 ctnsnet.com
gcm.ctnsnet.com — Cisco Umbrella Rank: 50826
1 KB
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 805
s.tribalfusion.com — Cisco Umbrella Rank: 1949
1 KB
2 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 880
328 B
2 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 936
798 B
2 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1471
26 KB
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1417
106 KB
2 gstatic.com
fonts.gstatic.com
82 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1240
pixel.quantserve.com — Cisco Umbrella Rank: 928
10 KB
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 165
3 KB
2 mm-syringe.com
bucket1.mm-syringe.com — Cisco Umbrella Rank: 36073
7 KB
2 webspectator.com
wfpscripts.webspectator.com — Cisco Umbrella Rank: 165559
webservices.webspectator.com — Cisco Umbrella Rank: 150286
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41
storage.googleapis.com — Cisco Umbrella Rank: 393
30 KB
1 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 564
433 B
1 webgains.team
cdn.track.production.webgains.team — Cisco Umbrella Rank: 92540
3 KB
1 congstar.de
banner.congstar.de — Cisco Umbrella Rank: 104108
550 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1537
631 B
1 dotomi.com
dclk-match.dotomi.com — Cisco Umbrella Rank: 3037
104 B
1 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 47866
466 B
1 o2online.de
partner.o2online.de — Cisco Umbrella Rank: 76377
1 KB
1 lead-alliance.net
www.lead-alliance.net — Cisco Umbrella Rank: 70829
435 B
1 telefonica-partner.de
www.telefonica-partner.de — Cisco Umbrella Rank: 70577
261 B
1 conrad.de
www.conrad.de — Cisco Umbrella Rank: 90611
492 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 365
647 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1239
576 B
1 smartyads.com
demo-wls-ssp-node.smartyads.com — Cisco Umbrella Rank: 261076
280 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 551
653 B
1 disqus.com
ssp.disqus.com — Cisco Umbrella Rank: 1334
322 B
1 hybrid.ai
dm.hybrid.ai — Cisco Umbrella Rank: 8123
1 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 777
75 B
1 script.ac
cadmus.script.ac — Cisco Umbrella Rank: 1754
437 B
1 rtbhouse.com
esp.rtbhouse.com — Cisco Umbrella Rank: 3189
513 B
1 cloudmcplayer.com
playlist.cloudmcplayer.com — Cisco Umbrella Rank: 334116
1 KB
1 cloudfront.net
d1w6a77c28m7kb.cloudfront.net
112 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1190
17 KB
1 uidapi.com
cdn.prod.uidapi.com — Cisco Umbrella Rank: 1732
2 KB
1 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 1403
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 320
1 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 1404
8 KB
1 b-cdn.net
didna.b-cdn.net — Cisco Umbrella Rank: 50508
1 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 1104
601 B
1 amazonaws.com
09nfgyvbtl.execute-api.us-east-1.amazonaws.com — Cisco Umbrella Rank: 186678
2 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1136
633 B
1 solutionshindsight.net
static.solutionshindsight.net — Cisco Umbrella Rank: 32793
30 KB
1 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 3342
4 KB
1 southbendtribune.com
www.southbendtribune.com — Cisco Umbrella Rank: 315240
32 KB
1 townnews.com
bloximages.chicago2.vip.townnews.com — Cisco Umbrella Rank: 19901
69 KB
0 rlcdn.com Failed
api.rlcdn.com Failed
0 agkn.com Failed
fid.agkn.com Failed
0 wise.space Failed
wise.space Failed
362 99
Domain Requested by
20 cm.g.doubleclick.net 8 redirects 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
eus.rubiconproject.com
20 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
ndnation.com
12 assets.ad4m.at as.ad4m.at
12 ndnation.com ndnation.com
11 pagead2.googlesyndication.com ndnation.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
www.googletagservices.com
8 ad4m.at as.ad4m.at
ad4m.at
8 as.ad4m.at 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
as.ad4m.at
ad4m.at
8 pbs.nextmillmedia.com ndnation.com
cookies.nextmillmedia.com
ssum-sec.casalemedia.com
7 report2.hb.brainlyads.com ndnation.com
7 ib.adnxs.com 2 redirects ndnation.com
acdn.adnxs.com
7 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
6 cookies.nextmillmedia.com 4 redirects ndnation.com
cookies.nextmillmedia.com
6 cdn.ampproject.org cdn.confiant-integrations.net
6 eus.rubiconproject.com player.aniview.com
eus.rubiconproject.com
ndnation.com
cookies.nextmillmedia.com
6 cmcsports.cloudmcapp.com player.avplayer.com
6 gum.criteo.com 2 redirects static.criteo.net
ndnation.com
6 aax.amazon-adsystem.com c.amazon-adsystem.com
6 c.amazon-adsystem.com storage.googleapis.com
c.amazon-adsystem.com
player.aniview.com
5 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
5 pixel.rubiconproject.com 2 redirects eus.rubiconproject.com
5 sync.aniview.com player.aniview.com
5 c2shb.ssp.yahoo.com ndnation.com
5 btlr.sharethrough.com ndnation.com
5 track1.aniview.com ndnation.com
player.aniview.com
4 ad.doubleclick.net 4 redirects
4 s.amazon-adsystem.com 2 redirects eus.rubiconproject.com
ssum-sec.casalemedia.com
4 match.adsrvr.org eus.rubiconproject.com
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
ssum-sec.casalemedia.com
4 token.rubiconproject.com 4 redirects
4 c1.adform.net 4 redirects
4 beacons.cloudmcapp.com tg1.aniview.com
4 ads.pubmatic.com player.aniview.com
ndnation.com
4 www.google.com tpc.googlesyndication.com
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
ndnation.com
4 id5-sync.com cdn.id5-sync.com
ndnation.com
4 s.w.org ndnation.com
4 rtb.openx.net ndnation.com
cookies.nextmillmedia.com
4 ap.lijit.com ndnation.com
player.aniview.com
4 www.googletagmanager.com ndnation.com
www.googletagmanager.com
4 use.fontawesome.com ndnation.com
use.fontawesome.com
3 image8.pubmatic.com 3 redirects
3 ssum-sec.casalemedia.com 1 redirects cookies.nextmillmedia.com
ssum-sec.casalemedia.com
3 image6.pubmatic.com 1 redirects ads.pubmatic.com
3 csync.loopme.me 3 redirects
3 sync.1rx.io 3 redirects
3 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com securepubads.g.doubleclick.net
cdn.confiant-integrations.net
3 hbopenbid.pubmatic.com ndnation.com
3 ads.resetsrv.com ndnation.com
3 bidder.criteo.com ndnation.com
3 fastlane.rubiconproject.com ndnation.com
3 ssc.33across.com ndnation.com
3 colossusssp.com ndnation.com
3 hb.minutemedia-prebid.com ndnation.com
3 static.criteo.net securepubads.g.doubleclick.net
ndnation.com
static.criteo.net
3 player.avplayer.com tg1.aniview.com
player.avplayer.com
ndnation.com
3 www.googletagservices.com ndnation.com
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
2 cr.frontend.weborama.fr 2 redirects
2 simage2.pubmatic.com ads.pubmatic.com
2 um.simpli.fi 1 redirects
2 sync-tm.everesttech.net 2 redirects
2 prod.tahoe-analytics.publishers.advertising.a2z.com c.amazon-adsystem.com
2 image2.pubmatic.com 1 redirects
2 ssc-cms.33across.com ndnation.com
cookies.nextmillmedia.com
2 api.webgains.io analytics.webgains.io
2 track.webgains.com as.ad4m.at
2 d5p.de17a.com 2 redirects
2 www.awin1.com 2 redirects
2 prod-rtb.ad4mat.net 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
2 static-de.ad4mat.net as.ad4m.at
2 x.bidswitch.net 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
2 onetag-sys.com 1 redirects 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
2 eb2.3lift.com 2 redirects
2 gcm.ctnsnet.com 2 redirects
2 pixel-us-east.rubiconproject.com eus.rubiconproject.com
2 prebid.a-mo.net 2 redirects
2 secure-assets.rubiconproject.com 2 redirects
2 mug.criteo.com ndnation.com
2 lb.eu-1-id5-sync.com cdn.id5-sync.com
ndnation.com
2 oajs.openx.net 1 redirects ndnation.com
2 script.4dex.io ndnation.com
script.4dex.io
2 cdn.id5-sync.com securepubads.g.doubleclick.net
ndnation.com
2 cdn.confiant-integrations.net ndnation.com
cdn.confiant-integrations.net
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.gstatic.com fonts.googleapis.com
2 sb.scorecardresearch.com wfpscripts.webspectator.com
ndnation.com
2 bucket1.mm-syringe.com ndnation.com
2 tags.qortex.ai ndnation.com
tags.qortex.ai
1 idsync.frontend.weborama.fr
1 sync.crwdcntrl.net
1 aax-eu.amazon-adsystem.com ads.pubmatic.com
1 dis.criteo.com 1 redirects
1 track1.avplayer.com player.avplayer.com
1 match.prod.bidr.io ssum-sec.casalemedia.com
1 acdn.adnxs.com ndnation.com
1 didna-d.openx.net ndnation.com
1 cdn.track.production.webgains.team as.ad4m.at
1 analytics.webgains.io track.webgains.com
1 banner.congstar.de as.ad4m.at
1 dsp.adfarm1.adition.com 1 redirects
1 dclk-match.dotomi.com 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
1 pv.medialead.de as.ad4m.at
1 partner.o2online.de as.ad4m.at
1 www.lead-alliance.net 1 redirects
1 www.telefonica-partner.de 1 redirects
1 www.conrad.de as.ad4m.at
1 px.ads.linkedin.com eus.rubiconproject.com
1 pr-bh.ybp.yahoo.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 s.tribalfusion.com 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
1 a.tribalfusion.com 1 redirects
1 demo-wls-ssp-node.smartyads.com player.aniview.com
1 u.openx.net player.aniview.com
1 bh.contextweb.com 1 redirects
1 ssp.disqus.com 1 redirects
1 ups.analytics.yahoo.com player.aniview.com
1 dm.hybrid.ai player.aniview.com
1 ssbsync.smartadserver.com player.aniview.com
1 google-bidout-d.openx.net oa.openxcdn.net
1 go1.aniview.com player.aniview.com
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 cadmus.script.ac script.4dex.io
1 esp.rtbhouse.com invstatic101.creativecdn.com
1 playlist.cloudmcplayer.com ndnation.com
1 player.aniview.com player.avplayer.com
1 d1w6a77c28m7kb.cloudfront.net ndnation.com
1 secure.cdn.fastclick.net ndnation.com
1 cdn.prod.uidapi.com securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 cdn-ima.33across.com securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 didna.b-cdn.net ndnation.com
1 pixel.quantserve.com ndnation.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 events.qortex.ai tags.qortex.ai
1 region1.google-analytics.com www.googletagmanager.com
1 09nfgyvbtl.execute-api.us-east-1.amazonaws.com tg1.aniview.com
1 rules.quantcount.com secure.quantserve.com
1 static.solutionshindsight.net storage.googleapis.com
1 cd.connatix.com ndnation.com
1 secure.quantserve.com wfpscripts.webspectator.com
1 webservices.webspectator.com wfpscripts.webspectator.com
1 www.southbendtribune.com ndnation.com
1 bloximages.chicago2.vip.townnews.com ndnation.com
1 tg1.aniview.com ndnation.com
1 wfpscripts.webspectator.com ndnation.com
1 storage.googleapis.com ndnation.com
1 fonts.googleapis.com ndnation.com
0 dmp.adform.net Failed
0 sync.colossusssp.com Failed ndnation.com
cookies.nextmillmedia.com
0 api.rlcdn.com Failed ndnation.com
0 fid.agkn.com Failed ndnation.com
0 lexicon.33across.com Failed cdn-ima.33across.com
ndnation.com
0 wise.space Failed ndnation.com
362 154
Subject Issuer Validity Valid
ndnation.com
Starfield Secure Certificate Authority - G2
2022-10-31 -
2023-10-31
a year crt.sh
use.fontawesome.com
GTS CA 1P5
2023-09-01 -
2023-11-30
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
storage.googleapis.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
*.webspectator.com
Go Daddy Secure Certificate Authority - G2
2023-06-12 -
2024-07-11
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
*.aniview.com
GeoTrust TLS RSA CA G1
2023-07-15 -
2024-08-14
a year crt.sh
qortex.ai
GTS CA 1P5
2023-08-24 -
2023-11-22
3 months crt.sh
bloximages.chicago2.vip.townnews.com
GeoTrust TLS RSA CA G1
2023-03-13 -
2024-04-12
a year crt.sh
southbendtribune.com
R3
2023-07-13 -
2023-10-11
3 months crt.sh
bucket1.mm-syringe.com
Amazon RSA 2048 M02
2023-04-26 -
2024-05-24
a year crt.sh
*.scorecardresearch.com
Sectigo RSA Domain Validation Secure Server CA
2022-12-15 -
2023-12-28
a year crt.sh
quantserve.com
R3
2023-08-29 -
2023-11-27
3 months crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2
2022-08-22 -
2023-09-23
a year crt.sh
*.gstatic.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01
2023-02-28 -
2024-02-17
a year crt.sh
solutionshindsight.net
Amazon RSA 2048 M01
2023-02-22 -
2024-01-19
a year crt.sh
*.execute-api.us-east-1.amazonaws.com
Amazon RSA 2048 M01
2023-05-23 -
2024-06-20
a year crt.sh
*.avplayer.com
GeoTrust TLS RSA CA G1
2023-08-14 -
2024-09-13
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
confiant-integrations.net
GTS CA 1P5
2023-07-23 -
2023-10-21
3 months crt.sh
*.b-cdn.net
Sectigo RSA Domain Validation Secure Server CA
2022-11-07 -
2023-11-11
a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-08-05 -
2023-10-31
3 months crt.sh
oa.openxcdn.net
GTS CA 1D4
2023-07-27 -
2023-10-25
3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2022-09-06 -
2023-09-30
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01
2022-11-07 -
2023-12-06
a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4
2023-08-26 -
2023-11-24
3 months crt.sh
cdn.prod.uidapi.com
R3
2023-08-10 -
2023-11-08
3 months crt.sh
secure.cdn.fastclick.net
DigiCert TLS RSA SHA256 2020 CA1
2022-12-02 -
2023-12-02
a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01
2023-03-16 -
2024-03-08
a year crt.sh
script.4dex.io
Cloudflare Inc ECC CA-3
2022-11-23 -
2023-11-22
a year crt.sh
*.minutemedia-prebid.com
Amazon ECDSA 256 M01
2023-04-18 -
2024-05-16
a year crt.sh
*.colossusssp.com
Go Daddy Secure Certificate Authority - G2
2022-09-08 -
2023-10-10
a year crt.sh
ssc.33across.com
GTS CA 1D4
2023-08-30 -
2023-11-28
3 months crt.sh
*.sharethrough.com
Amazon RSA 2048 M01
2023-06-14 -
2024-07-12
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2023-05-06 -
2024-05-04
a year crt.sh
*.openx.net
RapidSSL TLS RSA CA G1
2023-08-18 -
2024-08-18
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2023-03-05 -
2024-04-03
a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-19 -
2023-10-18
3 months crt.sh
pbs.nextmillmedia.com
Amazon RSA 2048 M01
2023-06-13 -
2024-07-12
a year crt.sh
resetsrv.com
E1
2023-08-14 -
2023-11-12
3 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-05-23 -
2023-11-15
6 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2023-04-20 -
2024-05-20
a year crt.sh
report2.hb.brainlyads.com
R3
2023-08-23 -
2023-11-21
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2022-12-08 -
2023-12-07
a year crt.sh
playlist.cloudmcplayer.com
Amazon RSA 2048 M02
2023-02-15 -
2024-03-15
a year crt.sh
*.w.org
Sectigo ECC Domain Validation Secure Server CA
2022-12-06 -
2024-01-06
a year crt.sh
esp.rtbhouse.com
GTS CA 1D4
2023-07-14 -
2023-10-12
3 months crt.sh
*.id5-sync.com
R3
2023-09-01 -
2023-11-30
3 months crt.sh
cadmus.script.ac
E1
2023-09-02 -
2023-12-01
3 months crt.sh
*.eu-1-id5-sync.com
R3
2023-09-01 -
2023-11-30
3 months crt.sh
cmcsports.cloudmcapp.com
Amazon RSA 2048 M02
2023-06-20 -
2024-07-19
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
www.google.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-01-21 -
2024-01-23
a year crt.sh
*.hybrid.ai
Sectigo RSA Domain Validation Secure Server CA
2022-09-26 -
2023-09-26
a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-08-03 -
2024-01-24
6 months crt.sh
*.smartyads.com
Go Daddy Secure Certificate Authority - G2
2022-10-10 -
2023-11-11
a year crt.sh
beacons.cloudmcapp.com
Amazon RSA 2048 M02
2023-06-20 -
2024-07-18
a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2023-03-23 -
2024-03-23
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
prod-rtb.ad4mat.net
GTS CA 1D4
2023-07-31 -
2023-10-29
3 months crt.sh
misc-sni.google.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
*.google.com
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
pv.medialead.de
R3
2023-08-13 -
2023-11-11
3 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018
2023-08-15 -
2024-09-15
a year crt.sh
*.webgains.com
Amazon RSA 2048 M01
2023-05-15 -
2024-06-13
a year crt.sh
*.webgains.io
Amazon RSA 2048 M01
2023-07-24 -
2024-08-22
a year crt.sh
cdn.track.production.webgains.team
Amazon RSA 2048 M03
2023-08-30 -
2024-09-27
a year crt.sh
cookies.nextmillmedia.com
Amazon RSA 2048 M02
2023-06-13 -
2024-07-11
a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018
2022-10-21 -
2023-10-22
a year crt.sh
casalemedia.com
Go Daddy Secure Certificate Authority - G2
2022-12-13 -
2024-01-13
a year crt.sh
prod.tahoe-analytics.publishers.advertising.a2z.com
Amazon RSA 2048 M01
2023-02-21 -
2024-03-21
a year crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01
2023-03-03 -
2024-02-19
a year crt.sh
*.match.prod.bidr.io
Amazon RSA 2048 M02
2023-02-09 -
2024-01-26
a year crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01
2023-06-21 -
2024-03-02
8 months crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1
2022-11-07 -
2023-12-08
a year crt.sh

This page contains 54 frames:

Primary Page: https://ndnation.com/all-smiles-in-irish-romp/
Frame ID: 8A9630F7C85F4D5A37E3A702E84C582D
Requests: 177 HTTP requests in this frame

Frame: https://cd.connatix.com/connatix.playspace.js
Frame ID: 9AC5E8FF1B36F749E2E41E0963BA601E
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/ns.html?id=GTM-PL4PD49
Frame ID: 724C80B0067BB6299F0A6EB78C1A74B7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230830/r20190131/zrt_lookup.html
Frame ID: F9E0B9CB279C2164F9D202DA8746980E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0187116050987673&output=html&adk=1812271804&adf=3025194257&lmt=1693853137&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693860767526&bpp=3&bdt=662&idt=272&shv=r20230830&mjsv=m202308290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1732077810434&frm=20&pv=2&ga_vid=750641541.1693860768&ga_sid=1693860768&ga_hid=1379078175&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31077327%2C31077330%2C31077527%2C44801484%2C44800659%2C20222283&oid=2&pvsid=1818314250748677&tmod=218581307&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=306
Frame ID: A6A42548F1FAD4FD04905632D128EF16
Requests: 1 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Frame ID: A83B95151C6AD7615BC13613492366A6
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=ndnation.com
Frame ID: 440543920A3B96EE87AA2BA7E57DAC79
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: DB4312228282119CD6CC2973B2DC1B83
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 248DA19560511D5D91818904DF64503C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0791F3D968F83353DDAD450C027317C6
Requests: 2 HTTP requests in this frame

Frame: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 26ECB1B1B6FC5C57185233E9F5693E8F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=161901&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D1%26key%3D
Frame ID: E6C300321A2E4E062F7CA2AD0E819862
Requests: 2 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=33&gdpr=1&gdpr_consent=&rdir=
Frame ID: 3F939FE4DCA0A3415E23D402117DB219
Requests: 1 HTTP requests in this frame

Frame: https://dm.hybrid.ai/match?id=407&vid=1693860768965-959104183839-001170-006-006430&gdpr=1&gdpr_consent=&burl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D166%26pid%3D5e7b9048180bd02ded4b0937%26key%3D%24%7BVID%7D
Frame ID: 365829ECC984BB8AF4461837E2E9FA9A
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58815/sync?redir=true&gdpr=1&gdpr_consent=
Frame ID: 086EE4ADAC5BC052A50EB8F2A32568F5
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=200&key=OPTOUT
Frame ID: FF9374FC3FA6E290A78CE29FAF39647E
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=52&key=ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
Frame ID: 32AA6746ECD173767C8371B691CAD505
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=10&pid=59c9148628a0612da3689288&key=oPzVxR0iTvt3&ev=1&us_privacy=1---&pid=562704
Frame ID: 63B615E848A79EFC9D95C7B1DCBCD7F3
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Frame ID: 0E7CD25EC7E9999979D390CC0D8ACAF5
Requests: 11 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D18%26key%3D%24UID
Frame ID: BE8944A54AA0B195B7AC7767AA1B492F
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=56&pid=59c9148628a0612da3689288&key=4e21b2dd-3734-4854-97e1-4b89738b2912&gdpr_consent=null&gdpr=1
Frame ID: 51011EBE37DFF27881271825CC9CBEF6
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=105&pid=59c9148628a0612da3689288&key=&gdpr=1
Frame ID: 5F5DAFBE904EE938A84E26C3EE285ED9
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D23%26key%3D
Frame ID: E3A080914196DBBCD7F20C478F188F00
Requests: 1 HTTP requests in this frame

Frame: https://c.amazon-adsystem.com/aax2/apstag.js
Frame ID: B1C06228BEF22207ABFE63992AC4A962
Requests: 6 HTTP requests in this frame

Frame: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 24E7EFC62BE0F00924AD1179290968B7
Requests: 10 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1h9e7dy7s9g0d7bhxmpnfbt71by8npemgmdwfc815aaap9cvxzsbba1hpwjt4nt1ts0kjktakja5sppybq276k6p04gncv2swrv1xqz03pw0jjhhsrvnpydw6n12rfx7g9nf56yeq8vvner2nhnqc34p89nq43hgwderj7gxyr34kjeg89wcahf88hc9mz87kzvp7ctycps98e90yjv4jftnhz33crkmxs6vabpv143a662kyamem049qb8280q22mpzw0b4g3qxctvm0sf14vy54bvmggfmcpd2ddf83qkrm346vnwnj24zted85ftyn9e2kkd94766myw5xjf6eheaej4rrp8v935ngs9kngkedy95md5ggnev4a58mqzqgmpg4925kwfk4qdvf314gfpb2v5z5ms2fdshb03jm7f9kn74&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%26client%3Dca-pub-7172845042955446%26adurl%3D
Frame ID: 25B43BAC585FD5893515352CA2DD294F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7E04B033142F21FC5E2BC6784CFB6BD4
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 5CEC03896D8CBE5A3074354E0A885C46
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Frame ID: 43D46653DC2849A05760F88FC9BDFFC2
Requests: 21 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ndnation.com
Frame ID: A0379CC875888F0CA514AD71F6CC7921
Requests: 2 HTTP requests in this frame

Frame: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 11ACA94E44DF563260804CC97667CE7C
Requests: 10 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Frame ID: D0F81FCED6452F82A747DE6AC6F3D073
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jf2dhcgnjnbhjs7rpxd1hrnb7ew5nz6pykgv0m02mfygx761chnqc6sv88y32dsg3dwe7tw84hc07m7m3wsbs8772jw0pwmh20j12r5fyaba0e2cv4tbjkpfn38e53vf3redhstyxf0cnh1z93cy2hb0v6njn44gxjb6ahg4r7qmqjmqsmsjn6ftsrqj3cddjdntc2tysg1ws0193m23kx7rhrmza1tvwmqskx6vxv31bazxzxa2matmk3ek3nk7t2d8jje65e27207xn6z8b5bvvy3bwpe10h0s6rt3etfpagfpk0hpmhvene0yn5gzhhqr12rgrhfm6hj5751ssqxjpx1jd2yd13crr37w9cs5vs7dhmg7adcz2rrk1p0b710smaznw8qbqhge8q1yxf6bqhyrn01d0tq56ce37nyv2af&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%26client%3Dca-pub-0187116050987673%26adurl%3D
Frame ID: 5D4E2742B114D672E73D57679C46CF67
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4ECDBC67BD05B53E890AD65F8CB2449E
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: B9CE2F30F2EDDA85E8613AF88C477F9A
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Frame ID: 2AD4D77A9C17D73160481CCDB7380D3E
Requests: 14 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159745
Frame ID: 348071EA0610C2857BD1650B15D685C0
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 41ECBBFD83C364303C23A5768EBAC6CC
Requests: 2 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dVaqIEv0Cr66eeaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 25495FEF8277D7410BF58EFA823E2F61
Requests: 1 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/sync?type=iframe
Frame ID: DDC9F9800EB74DFE3056C5DE68BC288B
Requests: 1 HTTP requests in this frame

Frame: https://didna-d.openx.net/w/1.0/pd
Frame ID: E6E6EEEE64BC9E9EF179F3CDC3F688A9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D0CA45542E5A9A7AEA6FE18FB8FB256E
Requests: 3 HTTP requests in this frame

Frame: https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Frame ID: 9272235A70F7498984C71FA8FD7C26EF
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=adnxs&uid=1907156604498028547
Frame ID: FFE52DF6EA1CAE2ADB2F4BC417F60022
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Frame ID: B4FCFB0F5E91BB6ECED95375A2AB12DC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Frame ID: 2B4413991867ECE0C9FE5E7001BFB310
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Frame ID: 6554D5440F85B61D105C8CFD78A6FFE4
Requests: 10 HTTP requests in this frame

Frame: https://sync.colossusssp.com/pbs.gif?gdpr=&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dcolossus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5BUID%5D
Frame ID: 9182EE120B63BF04C2F201C4BA2D949D
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Frame ID: A04BD71EFC3741F1F3889B54BDFD58E8
Requests: 3 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Frame ID: 0744A7974A2428D05AFB0D1B55395CAC
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=pubmatic&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
Frame ID: 7C38C1C80EBFF0DA8088A57C6983341B
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=4e21b2dd-3734-4854-97e1-4b89738b2912
Frame ID: 2B24DC14F78B5A461FC8FE8FA2B07DF7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: C3A04C963CF0B401D24285BAE3BA79B6
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299&redir=true&gdpr=0&gdpr_consent=
Frame ID: 54866AD98A804A10FEDF32EB9B9C4176
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

All Smiles in Irish Romp - NDNation

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • analytics\.webgains\.io

Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

362
Requests

87 %
HTTPS

31 %
IPv6

99
Domains

154
Subdomains

120
IPs

13
Countries

7391 kB
Transfer

14740 kB
Size

75
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 117
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&rid=esp&cc=1
Request Chain 131
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=ndnation.com&sn=ChromeSyncframe&so=0&topUrl=ndnation.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=cJhbgnx4ZEN1ZmQ3dXF3WTZLSWNDbmg5Y3JtNVNrOWVYTUJldk40bk5PeWJYNmZhUVl1QWtaMERhTHlqdDZjYVZHK2I0WXQ3bTY4Zjgwc1Nsbk5LZm42bXU1ekdUMWhDK3VkU3M3U1g0U0o1dlFZZEJJUjhnb0o4YnBnSFlkOUlIZWpMeHNaS0k2ZEZQR0Zzam0wdE5wd0l6YXUzN293Q3phZkM2YURmNUEwaG9aNm05SEZNQlRJNGFqdCtaT01Ycm5pUlpSeHhnVFZWbEhVUHJycUFPS1JKWmI3YXlYTU9UbkJUUzdTSWVkYzBLMDFqMUxYYi9LdmM5ay8wMXJpc2lRbjAvZFEzNEpyQnZ4YmhqM0JCak9EdGJodz09fA&cppv=2
Request Chain 174
  • https://sync.1rx.io/usersync2/rmpssp?sub=aniview&gdpr=1&gdpr_pd=0&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D200%26key%3D%5BRX_UUID%5D HTTP 302
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=200&key=OPTOUT
Request Chain 175
  • https://ssp.disqus.com/redirectuser/?partner=aniview&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D52%26key%3DBUYERUID HTTP 302
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=52&key=ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
Request Chain 176
  • https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D10%26pid%3D59c9148628a0612da3689288%26key%3D%25%25VGUID%25%25 HTTP 302
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=10&pid=59c9148628a0612da3689288&key=oPzVxR0iTvt3&ev=1&us_privacy=1---&pid=562704
Request Chain 177
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=aniview&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Request Chain 179
  • https://csync.loopme.me/?pubid=11455&gdpr=1&gdpr_consent=&redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D56%26pid%3D59c9148628a0612da3689288%26key%3D%7Bdevice_id%7D HTTP 307
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=56&pid=59c9148628a0612da3689288&key=4e21b2dd-3734-4854-97e1-4b89738b2912&gdpr_consent=null&gdpr=1
Request Chain 180
  • https://prebid.a-mo.net/cchain/0?gdpr=1&gdpr_consent=&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D105%26pid%3D59c9148628a0612da3689288%26key%3D HTTP 302
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=105&pid=59c9148628a0612da3689288&key=&gdpr=1
Request Chain 207
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEBah4Qs_m7RWVJtZDUtzrLk&google_cver=1&google_push=AXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBah4Qs_m7RWVJtZDUtzrLk&google_cver=1&google_push=AXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Request Chain 208
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEIQLNTvA8C-WLp5GNP0rzZg&google_cver=1&google_push=AXcoOmT15z8o7i4rT3QklcH30uOhZvqW6F4DWQ9dL35J4zypjtyi229UpJRpsqpxxjn3Xp4kGQMJyKpVfDkZDmlDLNpQG3I6NAxU0w HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT15z8o7i4rT3QklcH30uOhZvqW6F4DWQ9dL35J4zypjtyi229UpJRpsqpxxjn3Xp4kGQMJyKpVfDkZDmlDLNpQG3I6NAxU0w&google_hm=fBlI9W5pSK60AeBfT5MMPBU
Request Chain 209
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJh_X00qVnvBatJetXqs4T0&google_cver=1&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJa92UkAnBEwtGL-28-CeJuWO5hvA HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJh_X00qVnvBatJetXqs4T0&google_cver=1&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJa92UkAnBEwtGL-28-CeJuWO5hvA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJa92UkAnBEwtGL-28-CeJuWO5hvA
Request Chain 210
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEPMQMRhvOhecml5KW2OICS4&google_cver=1&google_push=AXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1693860769830 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-b4dac8b3-51a0-4a17-9fa5-0a509a57e558-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA%26google_hm%3DA7TayLNRoEoXn6UKUJpX5Vg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA&google_hm=A7TayLNRoEoXn6UKUJpX5Vg
Request Chain 211
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBE2FT1OXV347Zdb-8rtDtE&google_cver=1&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2PiqIMgZnNZXBzEcjpDOIrf72_JZC5GatIaVjxN79eF_N HTTP 302
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2PiqIMgZnNZXBzEcjpDOIrf72_JZC5GatIaVjxN79eF_N&google_gid=CAESEBE2FT1OXV347Zdb-8rtDtE HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjA2OTk2NTUyNTYxMDcwMTUxNDI3OQ%3D%3D&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2PiqIMgZnNZXBzEcjpDOIrf72_JZC5GatIaVjxN79eF_N
Request Chain 212
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEm0O26pikp0Q-dbCvPhsfI&google_cver=1&google_push=AXcoOmQH-oTqAtU0n7I8hAs241wyVVxfFZj9pvKtc8ZkYlgzhd-q9rPZCK9yI8SpVDGeGvT_rHS7gYYB53vfSjtI3upTZv-40KdvOk4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQH-oTqAtU0n7I8hAs241wyVVxfFZj9pvKtc8ZkYlgzhd-q9rPZCK9yI8SpVDGeGvT_rHS7gYYB53vfSjtI3upTZv-40KdvOk4 HTTP 302
  • https://onetag-sys.com/match/?int_id=19&google_error=5
Request Chain 216
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMoDFRDKDc27kxelKLGvsDc&google_cver=1
Request Chain 217
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/-IbFJZBL9H9pr9kpCAyBfg?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-By9OqPNE2oIg2bpspYXJ6WUljjkb1FvOVTLjeQ--~A
Request Chain 219
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LM5CYTG7-H-HWAA
Request Chain 220
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2U3MzQ4MTNiYjY5NzU1YTdlNmFmNzlmMDQ3ODU5NDA4NWQ3YmM0NQ
Request Chain 221
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=p81HlcLVQpuGMuPYpwX5BQ&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p81HlcLVQpuGMuPYpwX5BQ
Request Chain 222
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE01Q1lURzctSC1IV0FB HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMSWf6Vst0cv5ngC7beN7SA&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE01Q1lURzctSC1IV0FB&google_push=
Request Chain 267
  • https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneid8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzDoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://www.conrad.de/ztpv.php?awc=11354_412871_1693860770_02ed4bb0-4b65-11ee-b98b-2233369fc7ee&insert=AW&&gdpr=0&gdpr_consent=
Request Chain 270
  • https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117683V1226132702M%26subid%3DviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CKmHpIzrkYEDFbmJgwcdl_YGzw;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117683V1226132702M%26subid%3DviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
  • https://www.telefonica-partner.de/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://www.lead-alliance.net/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218
Request Chain 274
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=ndnation.com&sn=ChromeSyncframe&so=3&topUrl=ndnation.com&bundle=ZTkOWF92aUhWNlBmaXc4cVNnbTJ1ODZmdTklMkZzdzl0YUxBZ2dobzdPNGhiWk9hZyUyQkFwc2x2cVBSQjBjSzlRcHh6ZlVpJTJGeHkzT1ZsJTJGV1ZvbzRKQUR1JTJCUEtqQkVqTERKeXJvdSUyRk1VOXB3QldZdSUyRjl2eXN1M0wlMkJCTjlCc1ZNb01iZDNjNUpoOEl6WWRMemNxbnJwSHIxRzl3Y2pBJTNEJTNE&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=MSoHq3wrQWx5eGVneDVBeHdScFAwSlVlL2lNSU5sSndESkFORnl3UjNwTXZYbXJKV0xiRUc5T1kybjliVWNOcVVjS0RWcFZNTTQ4S3laN1d1b1kveXRKVDNHL055ZjZueDlLWEtWMUhYTGd1RmsvVEV3cGwrMTEwSm5DQkFqa2JGYWRGNmxOTndVN3FuQWpMZDIvL0NSTXprMUdJYU1XOXFIOEcyZDUyeGdLeldGd3hGeVhNRmtWVVZwbjg2RmhQTUh3TU0vYm5KTDRWMjg0OGgvQ2E2aU5IMS82VTljQ05VQWppTjVqVzF1ajFtQzJKQXU0YTA2cjNIVm55bHJPYXg3YmdDSDBCUnQxWmZPTkNuOHZQa1FRbGZwbTlCTUpsMVM0Vnp4My9JNzl4UmRMQT18&cppv=2
Request Chain 280
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEIQLNTvA8C-WLp5GNP0rzZg&google_cver=1&google_push=AXcoOmQILo9S3svNNg6bdiowMEwtLuHBtSC_BifSka4EVauKRwcCPzOWBum6hgFZUmwQ3KtaQVFhXGspBYuI9LS3SxK_ZTYv3NTyjez56nSYYq1K1gEJ95wZN6083927XeC7oYz8R-VeuMu3KTE HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQILo9S3svNNg6bdiowMEwtLuHBtSC_BifSka4EVauKRwcCPzOWBum6hgFZUmwQ3KtaQVFhXGspBYuI9LS3SxK_ZTYv3NTyjez56nSYYq1K1gEJ95wZN6083927XeC7oYz8R-VeuMu3KTE&google_hm=fBlI9W5pSK60AeBfT5MMPBU
Request Chain 281
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPqeR4ZtdZnGurEEil-qMqQ&google_cver=1&google_push=AXcoOmQwhIus08YwkaX5GiWMDxN5UnuK73thOYTOj1-M_stF5wD2l3l-FW8h2NKhSbfb_tjB1RL6FLtJvLtm0xFlTU9OMZdOR_smUIB2zbvnkLKqvDwWWD6ycvgGcMCNS8hh0xsX6ukFrQXUFCw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTA3NjYxMTE0OTM5NjExNQ%3D%3D&google_push=AXcoOmQwhIus08YwkaX5GiWMDxN5UnuK73thOYTOj1-M_stF5wD2l3l-FW8h2NKhSbfb_tjB1RL6FLtJvLtm0xFlTU9OMZdOR_smUIB2zbvnkLKqvDwWWD6ycvgGcMCNS8hh0xsX6ukFrQXUFCw
Request Chain 283
  • https://d5p.de17a.com/cookies/google?google_gid=CAESEBc_srK-FNq2jf-qV3HOLtw&google_cver=1&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKXXxM4TlGbGd-WwFmF0NhcRDOreVUn4xZCcMFBizFRg6Qx-d9vLQ6rA HTTP 302
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESEBc_srK-FNq2jf-qV3HOLtw&google_cver=1&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKXXxM4TlGbGd-WwFmF0NhcRDOreVUn4xZCcMFBizFRg6Qx-d9vLQ6rA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKXXxM4TlGbGd-WwFmF0NhcRDOreVUn4xZCcMFBizFRg6Qx-d9vLQ6rA
Request Chain 284
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJh_X00qVnvBatJetXqs4T0&google_cver=1&google_push=AXcoOmROf1T0y-5XMahVx5wkB3eSi6UPAqtxUQlkvwJix9Oadvr59g2b2HvQ5qfoDHTMsmZE-Pi3y3m2JJc7Ge_4iI2R1zsRY4GsGAPRKVbTv54czBKOGPZum0SLOWI1IuIi68snnw4hbKl7toQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmROf1T0y-5XMahVx5wkB3eSi6UPAqtxUQlkvwJix9Oadvr59g2b2HvQ5qfoDHTMsmZE-Pi3y3m2JJc7Ge_4iI2R1zsRY4GsGAPRKVbTv54czBKOGPZum0SLOWI1IuIi68snnw4hbKl7toQ
Request Chain 302
  • https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneiddEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJkoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CMTSvozrkYEDFVyPgwcdMVMLDg;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneiddEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJkoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneiddEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJkoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1693860771_033ea003-4b65-11ee-b98b-2233369fc7ee
Request Chain 330
  • https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
  • https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Request Chain 331
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dadnxs%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=adnxs&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=1907156604498028547 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=adnxs&uid=1907156604498028547
Request Chain 334
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Request Chain 336
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid= HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Request Chain 337
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Request Chain 338
  • https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEFBOEMxNkEtNUY5Qi00QUVCLTlENkYtNjNGQzlEODhBMjk5&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=pubmatic&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=pubmatic&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
Request Chain 339
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%7Bviewer_token%7D HTTP 307
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=4e21b2dd-3734-4854-97e1-4b89738b2912&gdpr_consent=null&gdpr=null HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=4e21b2dd-3734-4854-97e1-4b89738b2912
Request Chain 344
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZPZDpKU53IFtdvxTEIc0_gAADGMAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEjG2gF-bxtvTQmeLXQKDSo&google_cver=1
Request Chain 345
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZPZDpKU53IFtdvxTEIc0-gAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEB2XaiJyNgNv-A0C4b7vsk4&google_cver=1
Request Chain 348
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=ZPZDpQANzPOF6wAN HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZPZDpQANzPOF6wAN&_test=ZPZDpQANzPOF6wAN
Request Chain 350
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 307
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=4e21b2dd-3734-4854-97e1-4b89738b2912&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
Request Chain 351
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=1611C2A599BB4D64BC8251F08348DB57
Request Chain 352
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZPZDpKU53IFtdvxTEIc0-gAA%263171 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZPZDpKU53IFtdvxTEIc0-gAA&3171
Request Chain 357
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Request Chain 359
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iqjBal-bSuudb2P8nYiimQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 361
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1327062401 HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
Request Chain 362
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=aDBtTGFEelpsT2pSNnFiaXdJdndPdk15QQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%253D%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
Request Chain 363
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA2hzj2sTAIpmikPRCjkAVU&google_cver=1
Request Chain 366
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2530264497608913266

362 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ndnation.com/all-smiles-in-irish-romp/
137 KB
25 KB
Document
General
Full URL
https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
c663d02f1fd54eb4b7240aa7bb888b56405d1a6a5d0ac01890b9b70e1a420a20
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
25423
content-security-policy
upgrade-insecure-requests;
content-type
text/html; charset=UTF-8
date
Mon, 04 Sep 2023 20:52:46 GMT
etag
"634f-64f641f1-0;gz"
last-modified
Mon, 04 Sep 2023 20:45:37 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-sucuri-cache
MISS
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
x-xss-protection
1; mode=block
a5ff7.css
ndnation.com/wp-content/cache/minify/
102 KB
14 KB
Stylesheet
General
Full URL
https://ndnation.com/wp-content/cache/minify/a5ff7.css
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
db06d19451a1e93a142cfae831094f3e348673366c1ad9bc144544b0f11b2464
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
13675
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 15:27:18 GMT
server
nginx
etag
"356b-64f202d6-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
958a5.css
ndnation.com/wp-content/cache/minify/
223 KB
61 KB
Stylesheet
General
Full URL
https://ndnation.com/wp-content/cache/minify/958a5.css
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
dacd84380ab1a5a19fa282a8f488e45d49dc40595b1a030efcffe8cce31e6f3d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
61628
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 15:27:18 GMT
server
nginx
etag
"f0bc-64f202d6-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
all.css
use.fontawesome.com/releases/v5.0.12/css/
38 KB
9 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.0.12/css/all.css?ver=6.3.1
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:670b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ceee487a90eea3b0e52f01360b44e8b6ac0898062c143dbe724663efd3d6f63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
6RE78W2ZGSGGXJ11
age
536680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
riUVubTZ7NmmU8Ir83TPLh4CXFSQfzTUCek8r8J9W93zbav7EzGurU7Rdio4t04Zbmjz6lCn0Xs=
last-modified
Wed, 30 Jun 2021 15:27:17 GMT
server
cloudflare
etag
W/"d896a88b71aa2ba5d6bd670429bf1bad"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1PugtigV0K1GOrAb7x1%2FsqQ6ku2nYZjRsLrg%2FyTXo5%2BcYJdQ%2FmRIHI3w8AEkUtORja%2F%2BoR66f3UJz5ltb%2BDTChFYaw3feTEz8APsY6Hzli%2FqtW6xowEFJ4nLhVtx6w89ZjvBQ1GSfJEJhjKnMqDXRB9"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
80191e41489f366f-FRA
aa8d2.css
ndnation.com/wp-content/cache/minify/
34 KB
7 KB
Stylesheet
General
Full URL
https://ndnation.com/wp-content/cache/minify/aa8d2.css
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
a68087f20116e01c99dd290dc1abf685e724d834ebe5ffbae1dc273a6ea2c860
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
6321
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 15:15:04 GMT
server
nginx
etag
"18b1-64f1fff8-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts.googleapis.com/
13 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CRoboto+Slab%3A400%2C700&ver=6.3.1
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
507c16f4aecd6c9a19d4dbcccb3a470e046a4f606b3ab72ad080f65ac6a03b54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 04 Sep 2023 20:52:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 04 Sep 2023 20:52:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 04 Sep 2023 20:52:46 GMT
977bc.css
ndnation.com/wp-content/cache/minify/
6 KB
3 KB
Stylesheet
General
Full URL
https://ndnation.com/wp-content/cache/minify/977bc.css
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
3241f78f63bcbabb2f54458d0e617fa0e7b1a41d31c70d468394864a0cab06ab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
2482
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 15:27:18 GMT
server
nginx
etag
"9b2-64f202d6-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
all.js
use.fontawesome.com/releases/v5.0.12/js/
746 KB
270 KB
Script
General
Full URL
https://use.fontawesome.com/releases/v5.0.12/js/all.js?ver=6.3.1
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:670b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f59f47836471cf3f02edfb217afdf107bf29cfe25c424c8c514a32712fc2ee8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
0WT1A0PY516MM02H
age
524798
alt-svc
h3=":443"; ma=86400
x-amz-id-2
GxQ/AmFDoR6j3JeVh/IDkdzqWQCazXu91SRTgBQWZqrqsMLAgAMFWmieRsWlg89qPplK222aA10=
last-modified
Wed, 30 Jun 2021 15:27:17 GMT
server
cloudflare
etag
W/"b9a4916a6b843628a6f3b898c022790a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5owgBXy5iw3XghvNUgYLJWKLa02erkSa7q3loG9F5t5Q%2FTNhBbfhugGrL1WfCUjn4bad%2BvOPNvHVIArQldPyiDTce5v2v7wD9UOS4vJBxP4z3%2ByJSiD4migxtO%2F4NF2mqmry6JH%2F173GgvW19pxFoV%2BL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=31556926
cf-ray
80191e4148a2366f-FRA
50a90.js
ndnation.com/wp-content/cache/minify/
135 KB
43 KB
Script
General
Full URL
https://ndnation.com/wp-content/cache/minify/50a90.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
b4651cd328cf2ec500baedbd8445a9ea15470aaa1780ea7648b0b2e6f7f0a73b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
43932
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 15:27:18 GMT
server
nginx
etag
"ab9c-64f202d6-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
js
www.googletagmanager.com/gtag/
180 KB
65 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-10350809-6
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3a4e039af161ffcf744c99e826478d73d70db9b065df3bfbffdf57574026fd43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66621
x-xss-protection
0
last-modified
Mon, 04 Sep 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 04 Sep 2023 20:52:47 GMT
didna_config.js
storage.googleapis.com/didna_hb/husker/ndnation/
28 KB
28 KB
Script
General
Full URL
https://storage.googleapis.com/didna_hb/husker/ndnation/didna_config.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
6ccf36bcad83237ad8b6fccd63a044039693b4a936ae7c4e7e83aefbc12c7e9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
x-guploader-uploadid
ADPycdtaOmAGwZqzf09Ueq05ITMpcIZxfFOJzhJecWK5McOzTty19k1IHgZUbW-Gq1ou9MIhjiIau4PjrqbgcEJfZLsjGQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28432
last-modified
Thu, 31 Aug 2023 21:37:41 GMT
server
UploadServer
etag
"eff1ddaccb40b6d2982d696a02bc1f60"
x-goog-generation
1693517861430113
content-type
text/javascript
x-goog-hash
crc32c=uQEqmA==, md5=7/HdrMtAttKYLWlqArwfYA==
cache-control
no-store
x-goog-stored-content-length
28432
accept-ranges
bytes
expires
Tue, 03 Sep 2024 20:52:47 GMT
ws-JKR5EHXC.js
wfpscripts.webspectator.com/bootstrap/
1 KB
935 B
Script
General
Full URL
https://wfpscripts.webspectator.com/bootstrap/ws-JKR5EHXC.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9767754fa9a8a8353a0558b66bdad4b770ba31d939edbe2c942110c8b1c53270

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
gzip
last-modified
Thu, 24 Nov 2016 19:14:06 GMT
server
nginx/1.10.3 (Ubuntu)
etag
W/"a12c9b19eba74d13153fb9a842431908"
x-cache-status
HIT
content-type
application/x-javascript
cache-control
max-age=31536000
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
145 KB
50 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
602f0b0ddd86fd394ba24cbd86a53463393f1f9e5ad7d2ab6208abc3b6b8ad3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51125
x-xss-protection
0
server
cafe
etag
7490065384549212498
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 04 Sep 2023 20:52:47 GMT
ndnation-logo-smaller.png
ndnation.com/wp-content/uploads/2018/05/
10 KB
10 KB
Image
General
Full URL
https://ndnation.com/wp-content/uploads/2018/05/ndnation-logo-smaller.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
ea72f3069858dd5799972a81559d163f0cffc15449b48b9fd80b2fb4dba88a6d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
MISS
content-length
10185
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 13 Jun 2018 12:35:40 GMT
server
nginx
etag
"27c9-5b210f9c-0;;;"
x-frame-options
SAMEORIGIN
vary
User-Agent
content-type
image/png
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
spt
tg1.aniview.com/api/adserver/
32 KB
8 KB
Script
General
Full URL
https://tg1.aniview.com/api/adserver/spt?AV_TAGID=6256fe729c5a4736b15c6a6a&AV_PUBLISHERID=624e25402d2a7c268c34f1d8
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
6a345c424a210d4d389f8cffe521b482222e640f0b82f8396f7a06e2eb04f7fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
gzip
vary
origin
x-hw
1693860767.dop243.fr8.t,1693860767.cds341.fr8.hn,1693860767.cds290.fr8.p
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
8419
bootstrapper
tags.qortex.ai/
23 KB
5 KB
Script
General
Full URL
https://tags.qortex.ai/bootstrapper?group-id=0iPA09EvEyqtQ2MrYjDfA&video-container=AV6256fe729c5a4736b15c6a6a
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ae3d6a826507ad9a5c17cb73e82e9d3437f9b9564649f6a9f59d4c703e8506cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Thu, 31 Aug 2023 18:54:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"112"
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BupfYUcnc%2FRCvIhuVcGGNGbHkMpQgZ1D3%2BHWDfvtIyHwxangAny2Ec8uqOHkv3hVumXYWATvnm6W1mnxc4xnP4UB0uWip6%2BqnicOBQyQ7T%2BTciwgSRso9KFwQmbwFdfUMmHNI1MGxI%2FucujD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
80191e43cab98fe8-FRA
64f3c01ac6a81.image.jpg
bloximages.chicago2.vip.townnews.com/heraldbulletin.com/content/tncms/assets/v3/editorial/f/a7/fa74ce8b-fa3b-56a4-8cd5-c006759a1cde/
68 KB
69 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/heraldbulletin.com/content/tncms/assets/v3/editorial/f/a7/fa74ce8b-fa3b-56a4-8cd5-c006759a1cde/64f3c01ac6a81.image.jpg?resize=750%2C500
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c78105e6ee45cf59ad74e02a3f256a20af8ec575d47075e84840de57d7e91963
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
strict-transport-security
max-age=604800
cf-cache-status
HIT
cf-polished
origSize=70281, status=webp_bigger
cross-origin-resource-policy
cross-origin
cf-bgj
imgq:85,h2pri
last-modified
Sat, 02 Sep 2023 23:07:12 GMT
server
cloudflare
x-vcache
MISS
etag
"938cedf80efe937a0cd8644e5b0ea9e4"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-robots-tag
noarchive
cf-ray
80191e4198275caa-FRA
expires
Sun, 01 Sep 2024 23:51:04 GMT
70753769007-usatsi-21332773.jpg
www.southbendtribune.com/gcdn/authoring/authoring-images/2023/09/02/NSBT/
31 KB
32 KB
Image
General
Full URL
https://www.southbendtribune.com/gcdn/authoring/authoring-images/2023/09/02/NSBT/70753769007-usatsi-21332773.jpg?crop=6103,3448,x0,y0&width=660&height=372&format=pjpg&auto=webp
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.62 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a7cb0aab4eb9ea05a22065c39ee48cfa65fb4b414f0d1b73f1300bb8fca3adc3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000;includeSubDomains;preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-security-policy
upgrade-insecure-requests
strict-transport-security
max-age=63072000;includeSubDomains;preload
nel
{"report_to":"default","max_age":31557600,"include_subdomains":true,"success_fraction":0.005}
age
169196
x-cache
HIT, MISS, MISS
fastly-stats
io=1
content-length
31862
etag
"nsfDKrvbEbLhhLOf+XSzuhL8jwcGOf90JLuh/osegfc"
vary
Accept
report-to
{"max_age":31557600,"include_subdomains":true,"endpoints":[{"url":"https://reporting-api.gannettinnovation.com"}]}
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-checksum-crc32c
8Sco8Q==
accept-ranges
bytes
timing-allow-origin
*
8ecd2e8a-b866-ac0c-276b-5e9ab4fac484.js
bucket1.mm-syringe.com/prod/configs/
5 KB
3 KB
Script
General
Full URL
https://bucket1.mm-syringe.com/prod/configs/8ecd2e8a-b866-ac0c-276b-5e9ab4fac484.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2395:6000:3:64bd:d2c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
75be366d3e7a2fbda9ec37cb8c0cb5fa265a65d233d7bb5cb1f6165d09489e3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 20 Aug 2023 19:15:24 GMT
x-amz-version-id
CWwVe9gL9vLD9LrEBe0fRxv2mMi.dD8Z
content-encoding
br
via
1.1 930c2e58be2ae5a0faf6f308189d2776.cloudfront.net (CloudFront)
x-amz-cf-pop
ARN56-P2
age
1301844
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 01 Jun 2022 18:19:45 GMT
server
CloudFront
etag
W/"57c336c4807fca577d95c30a6d0148f2"
vary
Accept-Encoding, Origin
content-type
application/javascript
x-amz-meta-edge-cache-tag
injectionssrv|sports-publisher-group,injectionssrv|8ecd2e8a-b866-ac0c-276b-5e9ab4fac484
cache-control
private, max-age=1800
x-amz-cf-id
yjTpe9aRGvTCIQd93irSV0ESrigSS-D9Byv6B0tej2dVu7lmLiYU-g==
injector.1.5.3.js
bucket1.mm-syringe.com/prod/injector/
16 KB
5 KB
Script
General
Full URL
https://bucket1.mm-syringe.com/prod/injector/injector.1.5.3.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2395:6000:3:64bd:d2c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
3c2bb1edc83db7e01b582f07603b904542b02338f03433c0fd7e907d7fef1369

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 15 May 2023 12:48:19 GMT
x-amz-version-id
KHVG.I1nmJrWxnRtJSl2y4iWEUR5wRHc
content-encoding
gzip
last-modified
Sun, 24 Nov 2019 14:18:34 GMT
server
CloudFront
via
1.1 930c2e58be2ae5a0faf6f308189d2776.cloudfront.net (CloudFront)
x-amz-cf-pop
ARN56-P2
etag
W/"3a91217800ebe0708f39c65080ffed30"
age
9705869
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
private, max-age=1800
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
5OKYaMybJAHChjXw3Q8A_MxG7uVGlAwESukRv8E3siYsOxnutn0FMg==
b486f.js
ndnation.com/wp-content/cache/minify/
40 KB
13 KB
Script
General
Full URL
https://ndnation.com/wp-content/cache/minify/b486f.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
1acd56cfd9c6750c54bf83815cbfa1b969b5a05825325204871fb914dee965fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
12908
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 16:05:28 GMT
server
nginx
etag
"326c-64f20bc8-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
b308b.js
ndnation.com/wp-content/cache/minify/
24 KB
6 KB
Script
General
Full URL
https://ndnation.com/wp-content/cache/minify/b308b.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
c6c2661872ccca2848cf122cc6abcb60afc2fa5b96b7d5d6349464485fd8aafd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
6009
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 15:27:18 GMT
server
nginx
etag
"1779-64f202d6-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
6fd8b.js
ndnation.com/wp-content/cache/minify/
20 KB
4 KB
Script
General
Full URL
https://ndnation.com/wp-content/cache/minify/6fd8b.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
c7de7fd184dac3fd591f012faa4cb3dc726aa5e48ee516a32627e90873b4194f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
gzip
x-sucuri-cache
HIT
content-length
3886
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 01 Sep 2023 15:27:18 GMT
server
nginx
etag
"f2e-64f202d6-0;gz"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
61804920-f77f-4447-905d-0c3681bf5328
https://ndnation.com/
1 KB
0
Other
General
Full URL
blob:https://ndnation.com/61804920-f77f-4447-905d-0c3681bf5328
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Length
1245
Content-Type
text/javascript
gpt.js
www.googletagservices.com/tag/js/
101 KB
29 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
425949af6ff33e2ae8e92a5ee3fc23f97b7c5d7dc8b27a5493cf55ec9cb0094c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29626
x-xss-protection
0
server
cafe
etag
633 / 19604 / 31077538 / config-hash: 15830000896466728742
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 04 Sep 2023 20:52:47 GMT
init
webservices.webspectator.com/
42 B
410 B
Script
General
Full URL
https://webservices.webspectator.com/init?appId=JKR5EHXC&h=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&t=1693860767233
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/bootstrap/ws-JKR5EHXC.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.228.251.145 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-251-145.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
b4d587cecda63acc6a4c5574619791f557d0b59e0676453fbba7b347e0bc4bd4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:47 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
application/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
beacon.js
sb.scorecardresearch.com/
4 KB
2 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/bootstrap/ws-JKR5EHXC.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-37.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 04:04:12 GMT
content-encoding
gzip
via
1.1 cb0a9b0d01a1b0cc9278d9875ce23c92.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jul 2023 22:21:17 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
60516
x-amz-server-side-encryption
AES256
etag
W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
kMyUOu986yGB4bGhILVsKUOZ25rf5LdsH-IHPv9-7x6aYaeUXp96gA==
quant.js
secure.quantserve.com/
22 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/bootstrap/ws-JKR5EHXC.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
gzip
etag
"sLp6xTjO7svFVaOemhLWUQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 11 Sep 2023 20:52:47 GMT
stadium-dark.jpg
ndnation.com/wp-content/themes/ndnation/images/
107 KB
108 KB
Image
General
Full URL
https://ndnation.com/wp-content/themes/ndnation/images/stadium-dark.jpg
Requested by
Host: ndnation.com
URL: https://ndnation.com/wp-content/cache/minify/aa8d2.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
3701020e23555843f31cbddefb0fcbd66b05ceef5f24597f1d2c8911305e1104
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/wp-content/cache/minify/aa8d2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
MISS
content-length
109762
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 14 Jul 2022 16:13:18 GMT
server
nginx
etag
"1acc2-62d0409e-0;;;"
x-frame-options
SAMEORIGIN
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
connatix.playspace.js
cd.connatix.com/ Frame 9AC5
8 KB
4 KB
Script
General
Full URL
https://cd.connatix.com/connatix.playspace.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.146.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93369813037f5d99f0ad1afa3df545bb86828ed5f07e7a578cebeee47f9a4320

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-ray
80191e43d81e9b3d-FRA
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400
embed.js
wise.space/
0
0

gtm.js
www.googletagmanager.com/
315 KB
86 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PL4PD49
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cd5fbc42123065c6410094446b6da10c80eb61a3cd3f9fdd8ee3142ef0773542
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88263
x-xss-protection
0
last-modified
Mon, 04 Sep 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 04 Sep 2023 20:52:47 GMT
ns.html
www.googletagmanager.com/ Frame 724C
268 B
275 B
Document
General
Full URL
https://www.googletagmanager.com/ns.html?id=GTM-PL4PD49
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d818a014761cd9516d1b3e296946e960d91f4c917bf42a808e67323a8b062da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-length
92
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:47 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
vary
*
x-xss-protection
0
BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v25/
34 KB
34 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotoslab/v25/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CRoboto+Slab%3A400%2C700&ver=6.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
20b588b86dac6a605b4baefd6a9d46f2c1ac84dd78a230dfb4b962c3155096f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ndnation.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Fri, 01 Sep 2023 20:42:50 GMT
x-content-type-options
nosniff
age
259797
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34432
x-xss-protection
0
last-modified
Tue, 02 May 2023 17:01:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 31 Aug 2024 20:42:50 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.0.12/webfonts/
44 KB
45 KB
Font
General
Full URL
https://use.fontawesome.com/releases/v5.0.12/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.0.12/css/all.css?ver=6.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:670b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d349f9e08a50336b6f398554e817e6921dd390ef9d8cacf3074a24d4379bd10

Request headers

Referer
https://use.fontawesome.com/releases/v5.0.12/css/all.css?ver=6.3.1
Origin
https://ndnation.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
2RM6QZQN465Z5EJ4
age
685805
alt-svc
h3=":443"; ma=86400
content-length
45132
x-amz-id-2
E/tDhYlpIXhE8EcU3iFqFyVk5RJhTd9hpBNKGKssUOg/EPcEEvzF0SuLYtiV/hSUV842km1iGTY=
last-modified
Wed, 30 Jun 2021 15:27:31 GMT
server
cloudflare
etag
"62e224193aeed0b428e83d1cccfd6d91"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9i4ib%2Fdw0GV1m34zjmfADEnm0X21KsIL3vLC9mxWGu8Y%2FeERhV2IVaInaxRgU9Gz9nSSHeYDAtDnFJ4tugR3r5G4Rze3L72a5oVaiLfRB757b4Vq6FGnrssTRsroAeO7nikKhuJIJDnuFhu8%2FRzb%2Fciw"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
80191e43ef84bbc8-FRA
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C400i%2C700%7CRoboto+Slab%3A400%2C700&ver=6.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ndnation.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sat, 02 Sep 2023 00:05:03 GMT
x-content-type-options
nosniff
age
247664
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48412
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:08:53 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 01 Sep 2024 00:05:03 GMT
fa-brands-400.woff2
use.fontawesome.com/releases/v5.0.12/webfonts/
60 KB
60 KB
Font
General
Full URL
https://use.fontawesome.com/releases/v5.0.12/webfonts/fa-brands-400.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.0.12/css/all.css?ver=6.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:670b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cbab83578df331197295ca15e20b683d0248ba6ce26c8973d421b329e9ce56f

Request headers

Referer
https://use.fontawesome.com/releases/v5.0.12/css/all.css?ver=6.3.1
Origin
https://ndnation.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
K2AAFEQQZ8XPD70B
age
724366
alt-svc
h3=":443"; ma=86400
content-length
61336
x-amz-id-2
AK6LbIjvT1xuxMBzu8x+H4bAR8LheEt39B3buVJYFANqWgyJOA+tLsCmYhBXKhIa8/ljnVSjOe8=
last-modified
Wed, 30 Jun 2021 15:27:31 GMT
server
cloudflare
etag
"5ac8c4fec34fe5e740ab560e4a90240b"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I05sjjzVxelef6VfVSRlXepyar91fmHbUm%2FFIc7nEZslhkYqDUsQsEHNZmxJgQdfxcZM%2BxuNLEhG2C05NGMMANpfSFEYY1T9u3CZd%2B5kmnEbnda7vgRJnUB%2BuvMwvHLjkwlJ0f614HJVmiGzfWg7LGVN"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
80191e43ef85bbc8-FRA
truncated
/
31 KB
31 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin
https://ndnation.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
js
www.googletagmanager.com/gtag/
218 KB
77 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CF0WLTLXZR&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-10350809-6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
602e9d96de0404ae962de70665f8f1cfe966e24b3b3ff9bf13bf47f8d3b2068b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79024
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 04 Sep 2023 20:52:47 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-10350809-6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 04 Sep 2023 19:44:23 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4104
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 04 Sep 2023 21:44:23 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/
403 KB
127 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
667d77669d19714ac96c979a077c8c1ddeb43e5d9b425bf78da585cb92935dad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 21:23:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
84555
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
129791
x-xss-protection
0
server
cafe
etag
6482524881801658577
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Mon, 02 Sep 2024 21:23:32 GMT
apstag.js
c.amazon-adsystem.com/aax2/
248 KB
61 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna_hb/husker/ndnation/didna_config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.202.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-202-223.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9e08da8f03bfc136e84f23144e1d9c6837ebed60f4c61b6c8cafc8215f77585

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 19:59:14 GMT
content-encoding
gzip
via
1.1 142ded88048f806cc40a5a225130cc8a.cloudfront.net (CloudFront), 1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
last-modified
Thu, 24 Aug 2023 18:15:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, MXP63-P1
age
3214
x-amz-server-side-encryption
AES256
etag
W/"bfd42dc650471371e7b049251fcaca58"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
z2-nGQQVcxnrOX3VpbDqdbA2zJlTn57-9nOKk5nRWpDtcsxo-CZGDg==
hindsightipads.min.js
static.solutionshindsight.net/hindsightipads/
99 KB
30 KB
Script
General
Full URL
https://static.solutionshindsight.net/hindsightipads/hindsightipads.min.js
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna_hb/husker/ndnation/didna_config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-8.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1931c5d0b9638554f43310a5d4c9e9652f92c7dd31da981f4ff7fcbd3945babf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
via
1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
last-modified
Fri, 18 Aug 2023 19:15:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
etag
"0644e505bc657e667f421b9ea7fb35bc"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
no-cache
accept-ranges
bytes
content-length
30244
x-amz-cf-id
JAEwZMpyKem6kZhmvQrIm5VVRG92E7EjeWXcKqH3epkXfJRWhriTkA==
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/
384 KB
130 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-0187116050987673&plah=ndnation.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
81a6feeba42461c950063868909af3692c6809b4a45cd9d890a0c967acad4cfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
133327
x-xss-protection
0
server
cafe
etag
10275122674932150588
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 04 Sep 2023 20:52:47 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230830/r20190131/ Frame F9E0
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230830/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
14571
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4437
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 16:49:56 GMT
etag
9878862242593084568
expires
Mon, 18 Sep 2023 16:49:56 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
b
sb.scorecardresearch.com/
0
224 B
Image
General
Full URL
https://sb.scorecardresearch.com/b?c1=7&c2=22153319&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1693860767593&ns_c=UTF-8&c7=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&c8=All%20Smiles%20in%20Irish%20Romp%20-%20NDNation&c9=
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-37.fra60.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
via
1.1 cb0a9b0d01a1b0cc9278d9875ce23c92.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
-GEOHgL_lm77GvYLCsKNxIGcYPR2rM2w8AecNQi29epyy1vI4qVIzg==
x-cache
Miss from cloudfront
c5387ac9-c22a-43d2-82ba-9671ad99b48a
https://ndnation.com/
594 B
0
Other
General
Full URL
blob:https://ndnation.com/c5387ac9-c22a-43d2-82ba-9671ad99b48a
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c7bf6fd89eb097c1f7cf0a33ba3ff0b9edc9ef69a2e496fa332c688841a8841

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Length
594
Content-Type
text/javascript
rules-p-HGAVM7nQJ_sep.js
rules.quantcount.com/
160 B
633 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-HGAVM7nQJ_sep.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:d600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
73db2a2a4d0933294f7188230306bea80ad011455f5f3a34127d33cbb43eb1c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:47:52 GMT
via
1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
296
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Thu, 13 Oct 2022 15:29:48 GMT
server
AmazonS3
etag
"afb90b4e3022c802397d34b9f457500e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
SeB83HqcKeEjwU0pZTNgp05ItUj_MBnfyTf25QVFB94PPKeVmKy0Dg==
playlist
09nfgyvbtl.execute-api.us-east-1.amazonaws.com/prod/
2 KB
2 KB
XHR
General
Full URL
https://09nfgyvbtl.execute-api.us-east-1.amazonaws.com/prod/playlist?playlistId=1646131728
Requested by
Host: tg1.aniview.com
URL: https://tg1.aniview.com/api/adserver/spt?AV_TAGID=6256fe729c5a4736b15c6a6a&AV_PUBLISHERID=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.212.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-212-116.compute-1.amazonaws.com
Software
/
Resource Hash
cfdddb1aac562e56fd8d6766f97484a9f25d8960601c4e80cd5b3ab446506d9f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
x-amzn-requestid
0db89ebb-7362-468a-94c6-451d2c5d23d4
x-amzn-trace-id
Root=1-64f6439f-3bd00c7f3559878f13595d35;Sampled=0;lineage=642d9336:0
access-control-allow-methods
OPTIONS,POST,GET
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
Kv-BCHx5IAMEN2w=
content-length
2073
access-control-allow-headers
Content-Type
avcplayer.js
player.avplayer.com/script/8.3/v/
808 KB
209 KB
Script
General
Full URL
https://player.avplayer.com/script/8.3/v/avcplayer.js
Requested by
Host: tg1.aniview.com
URL: https://tg1.aniview.com/api/adserver/spt?AV_TAGID=6256fe729c5a4736b15c6a6a&AV_PUBLISHERID=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
dff9e6963ff933a9b0f9065f574ad95a904784f9405ca20a0f3feeea4d213f3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
gzip
last-modified
Mon, 04 Sep 2023 20:18:07 GMT
etag
"1693858687"
x-hw
1693860767.dop243.fr8.t,1693860767.cds140.fr8.hn,1693860767.cds108.fr8.c
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
213489
track
track1.aniview.com/
0
98 B
Image
General
Full URL
https://track1.aniview.com/track?pid=624e25402d2a7c268c34f1d8&cid=625594b02e0ef2773933f2d1&cb=1693860767611&r=ndnation.com&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&d35=&d65=&d66=8&d74=&e=playerLoaded&str=autostart
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.239.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-239-161.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
collect
www.google-analytics.com/j/
1 B
203 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1379078175&t=pageview&_s=1&dl=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&ul=en-us&de=UTF-8&dt=All%20Smiles%20in%20Irish%20Romp%20-%20NDNation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1109707991&gjid=2106381530&cid=750641541.1693860768&tid=UA-10350809-6&_gid=1901554401.1693860768&_r=1&gtm=457e38u0&jsscut=1&z=795206313
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
251 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-CF0WLTLXZR&gtm=45je38u0&_p=1379078175&cid=750641541.1693860768&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1693860767&sct=1&seg=0&dl=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&dt=All%20Smiles%20in%20Irish%20Romp%20-%20NDNation&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CF0WLTLXZR&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:47 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
player-event
events.qortex.ai/api/v1/
0
0
Fetch
General
Full URL
https://events.qortex.ai/api/v1/player-event
Requested by
Host: tags.qortex.ai
URL: https://tags.qortex.ai/bootstrapper?group-id=0iPA09EvEyqtQ2MrYjDfA&video-container=AV6256fe729c5a4736b15c6a6a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:49b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LwhhN19k4X79F8jZnUqRKGSa%2FksLQ1987WySTNT3xLAVJv0ZLKhHqMdgruvI2OkzAEP%2B%2Bs19pm%2Fl1Qt6RnGwDx5FA5YKXzxIpj8novSn4TLngNVOznUG1mXFMVEyBNWc4Nf8EyKxgPhU9sz21Hs%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
80191e468be95b98-FRA
content-length
0
cx-bootstrapper-init
tags.qortex.ai/cxo/
48 KB
9 KB
Script
General
Full URL
https://tags.qortex.ai/cxo/cx-bootstrapper-init
Requested by
Host: tags.qortex.ai
URL: https://tags.qortex.ai/bootstrapper?group-id=0iPA09EvEyqtQ2MrYjDfA&video-container=AV6256fe729c5a4736b15c6a6a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0d562b2abab83afe4f50944f86768d8a1eca6f09b8d49bcd1b232e7303bed3bd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 31 Aug 2023 18:58:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
120
etag
W/"112"
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mOMkdh%2F7QcGyDO0nHtyyddlUdqyfPxeiifoAz5MqX8buIX3kouiGVi0ZWZmp2OSLS%2BhLcFQ9pNGNUlQaiVlVPgXUNdiC%2FahaiSLYHF4CkZJNmjk1xUnPXHyqOFNciKomjsG3FofPyD%2FHdWZD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
80191e461d518fe8-FRA
wp-emoji-release.min.js
ndnation.com/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://ndnation.com/wp-includes/js/wp-emoji-release.min.js?ver=6.3.1
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.105 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10105.sucuri.net
Software
nginx /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
MISS
content-length
4651
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 30 Mar 2023 11:24:19 GMT
server
nginx
etag
"4904-64257163-0;br"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding,User-Agent
content-type
application/x-javascript
cache-control
max-age=315360000
x-sucuri-id
15005
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
config
c.amazon-adsystem.com/cdn/prod/
914 B
1 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fndnation.com&pubid=64abda41-57ff-4c58-84f8-8c2c7ab4be23
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.202.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-202-223.mxp63.r.cloudfront.net
Software
Server /
Resource Hash
2e8ea0960ecbfbceb315e0e8b8e2ad6ab04d6eec8de422cef2e5f58cb0f70c1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:46 GMT
via
1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
MXP63-P1
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://ndnation.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
914
x-amz-cf-id
I8HKeVbkVrhJzTsRDmac9P4aTVOIx6JgeURqIJlxEf1zyN-UYC2LNw==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.202.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-202-223.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 5dc1bff22b40f5004224ef547b1a9a7c.cloudfront.net (CloudFront)
date
Mon, 04 Sep 2023 10:40:54 GMT
x-amz-cf-pop
MXP63-P1
age
36714
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
pS5Ies5p5nFRV8tZbdaMs6nop3_-sKV4p3y9Az5qc1Zzvuzqre-KXw==
021befc1-af47-4b17-9adc-6906b86dc342
https://ndnation.com/
154 KB
0
Script
General
Full URL
blob:https://ndnation.com/021befc1-af47-4b17-9adc-6906b86dc342
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna_hb/husker/ndnation/didna_config.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3042ad48ca06efa581001902610542545985cd9f256101a49f8d47ecec3d2375

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Length
157499
Content-Type
text/javascript
cookie.js
partner.googleadservices.com/gampad/
391 B
601 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=ndnation.com&callback=_gfp_s_&client=ca-pub-0187116050987673
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-0187116050987673&plah=ndnation.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea158645980a559a14b1e96c1a073c931f9241c96711163f93f3d21263e12548
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
250
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame A6A4
0
188 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0187116050987673&output=html&adk=1812271804&adf=3025194257&lmt=1693853137&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693860767526&bpp=3&bdt=662&idt=272&shv=r20230830&mjsv=m202308290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1732077810434&frm=20&pv=2&ga_vid=750641541.1693860768&ga_sid=1693860768&ga_hid=1379078175&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31077327%2C31077330%2C31077527%2C44801484%2C44800659%2C20222283&oid=2&pvsid=1818314250748677&tmod=218581307&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=306
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-0187116050987673&plah=ndnation.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:48 GMT
expires
Mon, 04 Sep 2023 20:52:48 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
pixel;r=1050070834;rf=0;a=p-HGAVM7nQJ_sep;url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F;uht=2;fpan=1;fpa=P0-1230796650-1693860767606;pbc=;ns=0;ce=1;qjs=1;qv=c818c8ec-20230509111053;c...
pixel.quantserve.com/
35 B
372 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1050070834;rf=0;a=p-HGAVM7nQJ_sep;url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F;uht=2;fpan=1;fpa=P0-1230796650-1693860767606;pbc=;ns=0;ce=1;qjs=1;qv=c818c8ec-20230509111053;cm=;gdpr=0;ref=;d=ndnation.com;dst=1;et=1693860767836;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.All%20Smiles%20in%20Irish%20Romp%2Cdescription.Notre%20Dame%20shook%20off%20a%20sluggish%20start%20and%20proceeded%20to%20showcase%20its%20talent%20and%20d%2Curl.https%3A%2F%2Fndnation%252Ecom%2Fall-smiles-in-irish-romp%2F%2Csite_name.NDNation%2Cimage.https%3A%2F%2Fbloximages%252Echicago2%252Evip%252Etownnews%252Ecom%2Fheraldbulletin%252Ecom%2Fcontent%2Ftncms%2Fas;ses=8be114c5-880d-44f4-9f7c-3c951550fb69;mdl=
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:47 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
https://ndnation.com/
606 KB
0
Script
General
Full URL
blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna_hb/husker/ndnation/didna_config.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
82d99de88bf7ac91f8e2efe936fb429d4fb86ed97a64d681ebfb12cbc6d590ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Length
620056
Content-Type
text/javascript
config.js
cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/
139 KB
29 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/config.js
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/021befc1-af47-4b17-9adc-6906b86dc342
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d170a76df54fe40dcae82e4fac5c72727f113a4cc6229b383a47916f515479

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 04 Sep 2023 19:09:15 GMT
server
cloudflare
x-amz-request-id
2D28R4FSBQXK2T4V
age
871
etag
W/"84239eac22b457a8760789273a4f56b5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
80191e481b989b8e-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
zJNc4xHQyxWKyZXb+mPeM39OTfcH1SbL5hWnRAXWkRle/Br2c47tydwjifp9tvdSrL2IRpSQzOw=
didna-pix.gif
didna.b-cdn.net/
807 B
1 KB
Image
General
Full URL
https://didna.b-cdn.net/didna-pix.gif?ref_id=29
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
48c0c0652213b10729997c6c43dcbce4f18f36d011c0ed2dbfd4006808e80569

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
cdn-edgestorageid
1080
cdn-storageserver
DE-664
cdn-cachedat
09/04/2023 20:52:48
cdn-pullzone
1025274
content-length
807
last-modified
Fri, 06 Jan 2023 17:03:07 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
528
cdn-requestpullcode
206
cdn-proxyver
1.04
content-type
image/gif
cdn-cache
BYPASS
cdn-uid
296f49c8-4088-4b56-b4a4-a6b6d3fc5d40
cache-control
public, max-age=0
cdn-requestid
60c700602af8cd0b744342534f522cb9
accept-ranges
bytes
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
publishertag.ids.js
static.criteo.net/js/ld/
43 KB
14 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 02 Jan 1970 00:00:00 GMT
server
nginx
etag
W/"15180-ab99"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 05 Sep 2023 20:52:48 GMT
esp.js
oa.openxcdn.net/
24 KB
8 KB
Script
General
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 27 Aug 2023 02:29:26 GMT
content-encoding
gzip
age
757402
x-guploader-uploadid
ADPycduOKtZ-jYI708NlmmpGXaU-NamfOkJWG4viTvwKHJcmSy94qlD08CPlfYu_2RHuf9tKSr4DZ6TG98ZrmcQ41lZhQQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Mon, 26 Aug 2024 02:29:26 GMT
ob.js
cdn-ima.33across.com/
40 KB
9 KB
Script
General
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.35.167 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41fd4ed5ad93e39cd84d043e905e66e3bbb9dbb50cf2d7bbf68bfeef79f3d3cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 04 Aug 2023 18:38:49 GMT
server
cloudflare
age
361095
etag
W/"64cd45b9-a13f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
80191e485e6658e4-TXL
expires
Thu, 07 Sep 2023 20:52:48 GMT
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/
732 B
1 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
9163
x-jsd-version
master
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230042-FRA, cache-jnb7027-JNB
x-jsd-version-type
branch
server
cloudflare
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrSPID2%2Be0Q5%2BIAMR0lMaE3EjM6QilQEiVsK65y9dwvT8oloXH%2FlFS3f777aBMy6TnHXhb1mqPxrWxsfyIMxflgnUm3LgaRXb0wISI5BGEc6VBbts%2Bz5AeUjiiF2ac%2BXcGPCc0a%2FTR3dEWpXOiw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
80191e483df79a30-FRA
sync.min.js
tags.crwdcntrl.net/lt/c/16589/
38 KB
12 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-88.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2cf68b0f96497a6c432653e7b0ab42cb383f804f6bff63ecc7e38b2244b18d7b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 15:55:10 GMT
content-encoding
gzip
via
1.1 44b457512f742b4e48fc7f0c87d8ed92.cloudfront.net (CloudFront)
last-modified
Tue, 22 Aug 2023 15:52:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
17858
x-amz-server-side-encryption
AES256
etag
W/"abaee4c7a9cdd5e5098ecb24384e9e09"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=86400
x-amz-cf-id
i0Xe2AfEEbVcdKPiosCr4VNhBU1Hgu1_3BclD-I1vlSdla3GiY0Wrg==
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/
1 KB
1 KB
Script
General
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
via
1.1 google, 1.1 google
last-modified
Thu, 03 Aug 2023 03:28:51 GMT
server
Google Frontend
etag
fc4e6bfe266081c4873c6f08c8298e5c
content-type
text/javascript; charset=utf-8
x-cloud-trace-context
f0bbb86ab84bc62dade9cd4cdf96091c
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1207
esp.js
cdn.id5-sync.com/api/1.0/
119 KB
26 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1168c8abfe02845289bb55fd1091f344ddc7b63f7d4c5e95c895b72b4bca982d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 21 Aug 2023 10:48:56 GMT
server
cloudflare
x-amz-request-id
4CPGG2PB19G6Y493
age
2053
etag
W/"e6744398f78bbd5138fa1a9e34f686e4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
80191e483a6b1e10-FRA
x-amz-id-2
pzeoRmaYqzxVPX/QWSecMhRQj0dlPfga3bg0/mAfT+rpR9SjPu4gc7A0cWd8tueqvYbdgP4fTuVEesK+7zuJ8g==
uid2SecureSignal.js
cdn.prod.uidapi.com/
2 KB
2 KB
Script
General
Full URL
https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:fe00:a:e047:753:6381 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id
null
Date
Mon, 04 Sep 2023 05:08:19 GMT
Via
1.1 f884e2c0a4bd6c75faee34aade3f091e.cloudfront.net (CloudFront)
Last-Modified
Thu, 04 May 2023 00:14:06 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P2
Age
56670
x-amz-server-side-encryption
AES256
ETag
"4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1858
X-Amz-Cf-Id
Fjcz2TTBxcNqUsEtUMGUkZ2HxRWWPI18eZ1CZpe_YS-csSP_GPEalA==
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/
54 KB
17 KB
Script
General
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.20.217.188 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-217-188.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
last-modified
Mon, 23 Jan 2023 19:40:17 GMT
server
Apache
etag
"d734-5f2f3919e751f-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17407
expires
Mon, 04 Sep 2023 21:07:48 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/
118 KB
26 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d68e1b3634db2da8c394ef1754ae0bb9e0fe14e550643e0b913464ce66ba6ac
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 21 Aug 2023 10:48:56 GMT
server
cloudflare
x-amz-request-id
2QBKQ4QA32SP9CMW
age
3490
etag
W/"7799d2904b6b2427a4713f4da8b71602"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
80191e485a821e10-FRA
x-amz-id-2
hAO4vpEQ8oqUmikiIdl6fb/V8IFLCXiSJ7HFuklOuHrKgCYv5p8B5/3DBpnMUqzB5t8cMcUUJL/IXzqIJmno6A==
bid
aax.amazon-adsystem.com/e/dtb/
23 B
460 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&pid=F2MXg1ASW9fFE&cb=0&ws=1600x1200&v=23.821.1806&t=2000&slots=%5B%7B%22sd%22%3A%22leaderboard_wide%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F2054844%2Fndnation.com%2Fleaderboard_wide%22%7D%5D&pubid=64abda41-57ff-4c58-84f8-8c2c7ab4be23&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.253.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-253-136.fra60.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P3
x-amz-rid
3VHTGAQQ1S9HAFJXWYYN
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
Sqyvwohml9cy8oxf23MODWRvf_Fsb66yEindhiVgbUdc-jw8vDyvkA==
localstore.js
script.4dex.io/
4 KB
2 KB
Script
General
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94dc330d7ff3d82152b1ceaa92a712469c9eae969fa025972b1090bfcd9cfb3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Content-Encoding
br
CF-Cache-Status
HIT
Last-Modified
Thu, 31 Aug 2023 12:44:55 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Age
374487
ETag
W/"f8af1a4095b4bc54b208ebf4d4dca750"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a4AKerU1Hq9hIVo92JBcnUFE6a9VEXZHsUeo1vZmbEHZBSK0%2Fy5WGRqZKp%2Bi67nNIVOPJ%2FLZOCAq5Dj784YYrL%2B3EQuTOV3TaAj5ZwShubHDTr5itg5DRS04Ku9rm9Ki%2FxCf1nMoAp0K80h%2B"}],"group":"cf-nel","max_age":604800}
Cache-Control
public, max-age=1800
Connection
keep-alive
CF-RAY
80191e48b9289256-FRA
hb-mm-multi
hb.minutemedia-prebid.com/
105 B
448 B
XHR
General
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
52.210.102.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-102-126.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
5c4d87a0564a5ce563dd7de56df1a22a9fd372d2d50ece713d8ba8973c5f1215

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://ndnation.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
/
colossusssp.com/
2 B
243 B
XHR
General
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
172.240.155.108 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://ndnation.com
Date
Mon, 04 Sep 2023 20:52:48 GMT
Access-Control-Allow-Credentials
true
Server
openresty
Connection
keep-alive
Content-Length
2
Content-Type
application/json
hb
ssc.33across.com/api/v1/
87 B
348 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=dVaqIEv0Cr66eeaKj0P0Le
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
fa548a9ded41d155003ed19ae60beb51bec151a1216a55c695b5ec0c2cc6c159

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
v1
btlr.sharethrough.com/universal/
0
155 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.125.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-125-22.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/
0
154 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.125.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-125-22.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
bid
ap.lijit.com/rtb/
24 B
399 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.51.0
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
c80918a6d8ab176b0bf3c2d6981d8011aad5ab891f83c503b1629dda79287e19

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://ndnation.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
prebidjs
rtb.openx.net/openrtbb/
53 B
138 B
XHR
General
Full URL
https://rtb.openx.net/openrtbb/prebidjs
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
8894e077cc0d1a47e73bd40004d99c8bd2c65f484e31afb5f095a299a47aabc4

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
via
1.1 google
vary
Origin
content-type
text/plain
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
fastlane.json
fastlane.rubiconproject.com/a/api/
442 B
953 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20100&site_id=238880&zone_id=1178348&size_id=2&alt_size_ids=55&rp_schain=1.0,1!,,1,,,&eid_pubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6%5E1&rf=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&tg_i.domain=ndnation.com&tg_i.page=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&tg_i.name=ndnation-com&tg_i.pbadslot=%2F2054844%2Fndnation.com%2Fleaderboard_wide%23leaderboard_wide&tk_flint=pbjs_lite_v7.51.0&x_source.tid=02d99763-9fcd-475e-9c96-3c4309cf27de&l_pb_bid_id=160731295d55ad9&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=02d99763-9fcd-475e-9c96-3c4309cf27de&rp_hard_floor=0.05&rp_maxbids=1&p_gpid=%2F2054844%2Fndnation.com%2Fleaderboard_wide%23leaderboard_wide&slots=1&rand=0.42811024659335506
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::43 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
a22337a5c35611c75cf66852aa64bb0f4174fb3be7175097ea89ad3d55929934

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
442
expires
Wed, 17 Sep 1975 21:32:10 GMT
cdb
bidder.criteo.com/
0
191 B
XHR
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.51.0&cb=2927256799&lsavail=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:47 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
auction
pbs.nextmillmedia.com/openrtb2/
0
343 B
XHR
General
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
x-prebid
pbs-go/41.36.0
vary
Origin
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
/
ads.resetsrv.com/
0
378 B
XHR
General
Full URL
https://ads.resetsrv.com/
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.55.50 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-methods
GET, POST
content-type
text/html
bidRequest
c2shb.ssp.yahoo.com/
62 B
503 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d45d4400f1&cmd=bid&eidpubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6&secure=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
54ac334268e7ad9593fe872a6c75537befc9fb0441e4ee880df02501e362e1c7

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
server
ATS/9.1.10.75
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
content-length
80
bidRequest
c2shb.ssp.yahoo.com/
62 B
280 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d7077300fa&cmd=bid&eidpubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6&secure=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
8795f620c348e90d62914cf11e2a48828041d64798b04b68fb040a447dc0aa51

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
server
ATS/9.1.10.75
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
content-length
80
prebid
ib.adnxs.com/ut/v3/
139 B
699 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
caa68c1070ab324fa8dcc95a26126279ee83b87725ca829957874312067d248e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
an-x-request-uuid
43837fc4-5354-4168-ad47-e237e4c74f5e
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ndnation.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.21; 217.114.218.21; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
139
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/
0
54 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bid
aax.amazon-adsystem.com/e/dtb/
23 B
459 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&pid=F2MXg1ASW9fFE&cb=1&ws=1600x1200&v=23.821.1806&t=2000&slots=%5B%7B%22sd%22%3A%22rectangle_1%22%2C%22s%22%3A%5B%22336x280%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F2054844%2Fndnation.com%2Frectangle_1%22%7D%5D&pubid=64abda41-57ff-4c58-84f8-8c2c7ab4be23&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.253.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-253-136.fra60.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P3
x-amz-rid
1KB3D4AEFE9C9YN46QW1
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
3vIMUEI5BcYF6sYa3aCV-X-2Q-uyvWMQn4cHeQ0YblBMdqYwP5zS8Q==
prebidjs
rtb.openx.net/openrtbb/
53 B
255 B
XHR
General
Full URL
https://rtb.openx.net/openrtbb/prebidjs
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
b2a153bb98bb5d63554426b87b23f534a7ffadc16d8ad37067b14bf2ab85b9d5

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
via
1.1 google
vary
Origin
content-type
text/plain
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
translator
hbopenbid.pubmatic.com/
0
110 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bid
ap.lijit.com/rtb/
24 B
399 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.51.0
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
f5ef8edb4b86aa28a037814c4e01f595132692bd47ec423d2e649bf7b4f66482

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://ndnation.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
v1
btlr.sharethrough.com/universal/
0
154 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.125.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-125-22.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
hb
ssc.33across.com/api/v1/
87 B
179 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=dVaqIEv0Cr66eeaKj0P0Le
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
ce2deb722ce9015a476ef64c5ef252fd51867152ddbf448fcd7f6573675e0d23

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fastlane.json
fastlane.rubiconproject.com/a/api/
433 B
772 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20100&site_id=238880&zone_id=1178348&size_id=15&alt_size_ids=16&rp_schain=1.0,1!,,1,,,&eid_pubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6%5E1&rf=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&tg_i.domain=ndnation.com&tg_i.page=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&tg_i.name=ndnation-com&tg_i.pbadslot=%2F2054844%2Fndnation.com%2Frectangle_1%23rectangle_1&tk_flint=pbjs_lite_v7.51.0&x_source.tid=d018899c-a878-4a83-b33c-28f69c8e6be9&l_pb_bid_id=45711e62f43f6a7&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=d018899c-a878-4a83-b33c-28f69c8e6be9&rp_hard_floor=0.05&rp_maxbids=1&p_gpid=%2F2054844%2Fndnation.com%2Frectangle_1%23rectangle_1&slots=1&rand=0.3740210933134709
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::43 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
d1a6932151d11bdbb00e2d7189ef2b3db4937b93b74bd3ad6605850658bcfd05

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
433
expires
Wed, 17 Sep 1975 21:32:10 GMT
auction
pbs.nextmillmedia.com/openrtb2/
0
344 B
XHR
General
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
x-prebid
pbs-go/41.36.0
vary
Origin
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
auction
pbs.nextmillmedia.com/openrtb2/
0
343 B
XHR
General
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
x-prebid
pbs-go/41.36.0
vary
Origin
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
bidRequest
c2shb.ssp.yahoo.com/
62 B
280 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d5637f00f4&cmd=bid&eidpubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6&secure=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
71b35500ef491761085d165aaa1c0c914da9475a3a6cf25c05f77d19b293044d

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
server
ATS/9.1.10.75
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
content-length
80
prebid
ib.adnxs.com/ut/v3/
19 B
579 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
an-x-request-uuid
1f568ab3-761b-44c5-9ea1-d56a0ea11e6f
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ndnation.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.21; 217.114.218.21; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
19
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
hb-mm-multi
hb.minutemedia-prebid.com/
105 B
449 B
XHR
General
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
52.210.102.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-102-126.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
43f09d7dca1beaba1a69fa07303d7142b7929a7245b60878b5846d26b48a8c63

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://ndnation.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
cdb
bidder.criteo.com/
0
190 B
XHR
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.51.0&cb=19604791939&lsavail=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:47 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
/
colossusssp.com/
2 B
243 B
XHR
General
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
172.240.155.108 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://ndnation.com
Date
Mon, 04 Sep 2023 20:52:48 GMT
Access-Control-Allow-Credentials
true
Server
openresty
Connection
keep-alive
Content-Length
2
Content-Type
application/json
/
ads.resetsrv.com/
0
378 B
XHR
General
Full URL
https://ads.resetsrv.com/
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.55.50 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-methods
GET, POST
content-type
text/html
metric
report2.hb.brainlyads.com/statistics/
463 B
751 B
Image
General
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&placements=21048
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/
463 B
751 B
Image
General
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&placements=21052;21046
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
hls.min.js
player.avplayer.com/script/8.3/v/libs/
410 KB
114 KB
Script
General
Full URL
https://player.avplayer.com/script/8.3/v/libs/hls.min.js
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/avcplayer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
a4aa36a874d3524a75f284babac118ad88966a7c21bc12c8cd102498e168989b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
last-modified
Mon, 04 Sep 2023 20:18:08 GMT
etag
"1693858688"
x-hw
1693860768.dop243.fr8.t,1693860768.cds140.fr8.hn,1693860768.cds256.fr8.c
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
116577
94a3e17081df4321a066b00e06fb1d8a.0000001.jpg
d1w6a77c28m7kb.cloudfront.net/VideoElephant/94a3e17081df4321a066b00e06fb1d8a/assets/7cf4fd07-534c-409b-acf0-4e06c7320916/Thumbnails/
112 KB
112 KB
Image
General
Full URL
https://d1w6a77c28m7kb.cloudfront.net/VideoElephant/94a3e17081df4321a066b00e06fb1d8a/assets/7cf4fd07-534c-409b-acf0-4e06c7320916/Thumbnails/94a3e17081df4321a066b00e06fb1d8a.0000001.jpg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:c000:1a:aa67:f2c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f7d124a9ca61097c6e62d74e580a802b36e4a1f70ad8356d3d11e9333057d927

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 22:02:43 GMT
via
1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
last-modified
Sun, 03 Sep 2023 21:54:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
82206
etag
"7651ccbb1c4a4f437750a94344da76c2"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
114451
x-amz-cf-id
VSYdOkbDKLIpGXn7YpepkROW7y7EDEdLTT1x1Zxu_vaYSS-Q5jFFuQ==
31d54a4b841c0e438f13.woff
player.avplayer.com/script/8.3/v/assets/
34 KB
35 KB
Font
General
Full URL
https://player.avplayer.com/script/8.3/v/assets/31d54a4b841c0e438f13.woff
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
hwcdn.net
Software
/
Resource Hash
9f2ef335c07566f0d4f273a4b72bcb3ad2b02f0c6232da6129952ee60bd07ba8

Request headers

Referer
https://ndnation.com/
Origin
https://ndnation.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
last-modified
Mon, 04 Sep 2023 20:18:08 GMT
etag
"1693858688"
x-hw
1693860768.dop212.fr8.t,1693860768.cds217.fr8.hn,1693860768.cds157.fr8.c
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
content-length
35197
AVmanager.js
player.aniview.com/script/6.1/ Frame A83B
476 KB
128 KB
Script
General
Full URL
https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/avcplayer.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:7100:998::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
08a2fbf551787398b8b831d56201b2f9595ae2819df8149acd5fe50a592428f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
x-guploader-uploadid
ADPycdshkp2NxraIB1dX42RMY_z6FMZa2mw_WkGlI2VHTytN_DMx5JUVURBXbDX9PKk1UKPM2UM3ngR6qNcA9t6GMw5yjA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
130516
last-modified
Sun, 03 Sep 2023 06:24:16 GMT
server
UploadServer
etag
"cf6e07b0fe9b65875d84898a04bedbb3"
vary
Accept-Encoding
x-goog-generation
1693722256381290
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-goog-hash
crc32c=8kqKHQ==, md5=z24HsP6bZYddhImKBL7bsw==
access-control-expose-headers
Content-Type
cache-control
public, max-age=600
x-goog-stored-content-length
130516
accept-ranges
bytes
expires
Mon, 04 Sep 2023 21:02:48 GMT
logo.svg
playlist.cloudmcplayer.com/
2 KB
1 KB
Image
General
Full URL
https://playlist.cloudmcplayer.com/logo.svg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.194.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-194-62.mxp53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fd6829e1e7540954f29938c16c1afac26c7deac1e32e4d04a32885c753a66f7f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id
eVamNIfEEb_.drTkRL7ZeKwutVDle8zc
content-encoding
gzip
via
1.1 d1e0c032095aed37076f757ebca1f51a.cloudfront.net (CloudFront)
date
Mon, 04 Sep 2023 10:38:15 GMT
last-modified
Wed, 16 Mar 2022 09:25:22 GMT
server
AmazonS3
x-amz-cf-pop
MXP53-P2
age
36874
x-amz-server-side-encryption
AES256
etag
W/"1b0a75cf5496e75b6822c97d753157ec"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-id
9pCqsx2ehNVTmvGCVmf1tcYYdK5fZOxIoL9hjvFkPfNMtYkxp7_zOg==
1f92a.svg
s.w.org/images/core/emoji/14.0.0/svg/
1 KB
912 B
Image
General
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f92a.svg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
fae89768b8f292558aa096c58cd9995c2601df28a88de775586f26859a155b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:53:44 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
2764.svg
s.w.org/images/core/emoji/14.0.0/svg/
368 B
432 B
Image
General
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/2764.svg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 04 Sep 2023 20:52:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:47:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, HEAD
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
368
expires
Thu, 31 Dec 2037 23:55:55 GMT
2618.svg
s.w.org/images/core/emoji/14.0.0/svg/
633 B
396 B
Image
General
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/2618.svg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
8d3ac7ed2a5c8565c0e76c1f90c0add97104041e93b04ab520ef73818c3d9515
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:53:44 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f3a5.svg
s.w.org/images/core/emoji/14.0.0/svg/
771 B
448 B
Image
General
Full URL
https://s.w.org/images/core/emoji/14.0.0/svg/1f3a5.svg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
a6841d2c4a12ed948dd6c51720e62a032135ccd7f50cc17b7d8d37b20f43c2cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 12 Apr 2022 03:50:59 GMT
server
nginx
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&rid=esp
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&rid=esp&cc=1
85 B
203 B
Fetch
General
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&rid=esp&cc=1
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Server
34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
143.107.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
7268f95929f28a0bc33e701fd3e2445ab3dc1eccbf35485488cc393180a5182c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-0nBfNxCp8H+F4JWBEhI7QILx6t8"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Mon, 04 Sep 2023 20:52:48 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://ndnation.com
location
/esp?url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
encrypt
esp.rtbhouse.com/
241 B
513 B
Fetch
General
Full URL
https://esp.rtbhouse.com/encrypt
Requested by
Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
ee32eb1ca4915f3c4e70e785f8a5fc2533de2cda73dba8857e63c9007d64f51b

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
via
1.1 google, 1.1 google
server
Google Frontend
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
*
x-cloud-trace-context
4a2e0c1ed7c1f1139a3052510f9cac4a
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With
content-length
241
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
increment
id5-sync.com/api/esp/
0
321 B
XHR
General
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202307190925/
251 KB
77 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e922a199c0736d84f1cb215cb5950484e8cf7c04011a35ccf28fd755aa5e7133

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 19 Jul 2023 13:26:13 GMT
server
cloudflare
x-amz-request-id
9AY6JQRYVSXJZZYY
age
4074681
etag
W/"6c476793b39193c54a91ff561ef3a8e4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
80191e4a8f419b8e-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
MuAYpCv+/mO7XW4XZMTsGwom5MpmAlbBDHKToSOFuwt1aLwcxKO5QzVYpDkoZ9s0Yk5EbaesxK8=
syncframe
gum.criteo.com/ Frame 4405
15 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=ndnation.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:47 GMT
server
Kestrel
server-processing-duration-in-ticks
292971
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
script.js
cadmus.script.ac/dahhc4ozyvjm6/
3 B
437 B
Script
General
Full URL
https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
last-modified
Mon, 01 Jan 2018 00:00:00 GMT
server
cloudflare
age
0
etag
W/"601055f6a0c6408859f97b5f0a84bdb88441a80e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=259200,stale-while-revalidate=86400,stale-if-error=259200
cf-ray
80191e4b287990fb-FRA
content-length
3
adagio.js
script.4dex.io/
75 KB
24 KB
Fetch
General
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
958622e2ce103c663883a5e931b64fe435a4f6cb60e151242416727ea8529448

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Content-Encoding
br
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
365828
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Thu, 31 Aug 2023 12:44:55 GMT
Server
cloudflare
ETag
W/"69d6e69258e345d4df1e72d8a9065e99"
Vary
Origin, Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=crOOtLqytUQUDwd8JvJc0%2FTZRc%2Fn9nl6smOTY%2BCwl0hTgGCDsJ7YCeII55JW3eGnMYkmFqaHhpF71MJ1swCv9Dg63n2P3c3pT1eMe7mPd%2FoFzaPMfrwYcjbHp6x7ezRL5abfao3zIFtpk%2BAD"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
public, max-age=1800
CF-RAY
80191e4b0d7b30f9-FRA
map
bcp.crwdcntrl.net/6/
60 B
332 B
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.64.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-64-186.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
731aeb9f616448637ee26d66fe25e22f1f06300ba656b53163f7bea4f9ef25ab

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://ndnation.com
cache-control
no-cache
x-server
10.45.12.148
access-control-allow-credentials
true
content-length
60
expires
0
v1
lb.eu-1-id5-sync.com/lb/
33 B
399 B
XHR
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
270651f698624e69c4230a72509275056c033a67951dd2cdebd1b56d09f3383b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
envelope
lexicon.33across.com/v1/
0
0

truncated
/
384 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8030594b4999eca38901464b09383ca988c454a4f7ab6b963be75e6c42da011d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/svg+xml
/
go1.aniview.com/api/adserver/tag/
42 KB
6 KB
XHR
General
Full URL
https://go1.aniview.com/api/adserver/tag/?AV_TAGID=6256fe729c5a4736b15c6a6a&AV_PUBLISHERID=624e25402d2a7c268c34f1d8&AV_VIDEOURL=https%3A%2F%2Fcmcsports.cloudmcapp.com%2Fcc2d77f5b1f74dfdbf6c2ec581b0848e%2Fc2a42c131b054fb780c8ecdbad173eff%2Fc9695f62561c4c3fb4cdb81d22913845%2Findex.m3u8&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&AV_CHANNELID=625594b02e0ef2773933f2d1&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&TRACK_URL=track1.aniview.com&pce=1&npx=1&AV_DETDOMAIN=ndnation.com&AV_DADPOS=1&AV_OPLACEMENT=1&AV_TAG=6256fe729c5a4736b15c6a6a&AV_TEMPLATE=6256d6aef30d6040c750fbd7&AV_GPID=/624e25402d2a7c268c34f1d8/6256fe729c5a4736b15c6a6a/ndnation.com&d36=6.2.123&responsive=1&sver=4&avtoken=768587&omv=1.0.1&AV_D66=8.3.19&clsid=092e2fd1-49d5-4fa2-9937-0463a901e9d1&rando=42&AV_WIDTH=740&AV_HEIGHT=416&AV_DNT=0&cb=1693860768590&wfc=1
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.152.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-152-207.compute-1.amazonaws.com
Software
/
Resource Hash
af30e89c051a0f051d3ef7650337d975bb5641d379aaa420bd3ecb95f655fa0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
x-bamboo-c-skst
1
content-encoding
gzip
x-bamboo-c-skfe
1
x-bamboo-c-s
BYPASS
access-control-max-age
1728000
vary
Accept-Encoding
access-control-allow-methods
GET, POST, DELETE, PUT, OPTIONS, INDEX
access-control-allow-origin
https://ndnation.com
content-type
application/json
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Bamboo-Token,Event-Id,X-Requested-With
expires
Thu, 24 Aug 2023 07:06:09 GMT
track
track1.aniview.com/
0
97 B
Image
General
Full URL
https://track1.aniview.com/track?r=ndnation.com&sn=&ic=0&tgt=0&app=&wi=740&he=416&test=&d36=6.2.123&apppkg=&fv=1&proto=https&d66=8.3.19&clsid=092e2fd1-49d5-4fa2-9937-0463a901e9d1&rando=42&pid=624e25402d2a7c268c34f1d8&cid=625594b02e0ef2773933f2d1&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&e=inventory&vi=100&cb=1693860768589
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.239.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-239-161.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
v2
id5-sync.com/gm/
276 B
683 B
XHR
General
Full URL
https://id5-sync.com/gm/v2
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
a54341497c66b8b98dbc4e61f4729490843936dfaeb65549f75d3bef964b0d84
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
sid
mug.criteo.com/ Frame 4405
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=ndnation.com&sn=ChromeSyncframe&so=0&topUrl=ndnation.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=cJhbgnx4ZEN1ZmQ3dXF3WTZLSWNDbmg5Y3JtNVNrOWVYTUJldk40bk5PeWJYNmZhUVl1QWtaMERhTHlqdDZjYVZHK2I0WXQ3bTY4Zjgwc1Nsbk5LZm42bXU1ekdUMWhDK3VkU3M3U1g0U0o1dlFZZEJJUjhnb0o4YnBnSF...
441 B
659 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=cJhbgnx4ZEN1ZmQ3dXF3WTZLSWNDbmg5Y3JtNVNrOWVYTUJldk40bk5PeWJYNmZhUVl1QWtaMERhTHlqdDZjYVZHK2I0WXQ3bTY4Zjgwc1Nsbk5LZm42bXU1ekdUMWhDK3VkU3M3U1g0U0o1dlFZZEJJUjhnb0o4YnBnSFlkOUlIZWpMeHNaS0k2ZEZQR0Zzam0wdE5wd0l6YXUzN293Q3phZkM2YURmNUEwaG9aNm05SEZNQlRJNGFqdCtaT01Ycm5pUlpSeHhnVFZWbEhVUHJycUFPS1JKWmI3YXlYTU9UbkJUUzdTSWVkYzBLMDFqMUxYYi9LdmM5ay8wMXJpc2lRbjAvZFEzNEpyQnZ4YmhqM0JCak9EdGJodz09fA&cppv=2
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H2
Server
178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
587c0bd26306cf6f187074a9885bcf66c4d479dc7dd70cfa62c7a78026b07ea4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1145543
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=cJhbgnx4ZEN1ZmQ3dXF3WTZLSWNDbmg5Y3JtNVNrOWVYTUJldk40bk5PeWJYNmZhUVl1QWtaMERhTHlqdDZjYVZHK2I0WXQ3bTY4Zjgwc1Nsbk5LZm42bXU1ekdUMWhDK3VkU3M3U1g0U0o1dlFZZEJJUjhnb0o4YnBnSFlkOUlIZWpMeHNaS0k2ZEZQR0Zzam0wdE5wd0l6YXUzN293Q3phZkM2YURmNUEwaG9aNm05SEZNQlRJNGFqdCtaT01Ycm5pUlpSeHhnVFZWbEhVUHJycUFPS1JKWmI3YXlYTU9UbkJUUzdTSWVkYzBLMDFqMUxYYi9LdmM5ay8wMXJpc2lRbjAvZFEzNEpyQnZ4YmhqM0JCak9EdGJodz09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
324969
content-length
0
expires
0
index.m3u8
cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/c9695f62561c4c3fb4cdb81d22913845/
678 B
1 KB
XHR
General
Full URL
https://cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/c9695f62561c4c3fb4cdb81d22913845/index.m3u8
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/libs/hls.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-33.mxp63.r.cloudfront.net
Software
AWS Elemental MediaPackage /
Resource Hash
bcd0bd92c4d3a64d32241e49e420d84a92be87656e150f976bc2ea008d936c6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
via
1.1 0775da0a2f9756772faa2f4ff573da68.cloudfront.net (CloudFront)
server
AWS Elemental MediaPackage
x-amz-cf-pop
MXP63-P1
vary
Origin
x-cache
Miss from cloudfront
content-type
application/x-mpegURL
access-control-allow-origin
https://ndnation.com
cache-control
max-age=60
access-control-allow-credentials
true
content-length
678
x-mediapackage-request-id
Root=1-64f643a1-525ce8925004d32b5f8a1163
x-amz-cf-id
dOdrQ4-HgbOekL15BgZpHkLdOjrV2ji62uvYUtoXuZTF85QtBpJ56A==
metric
report2.hb.brainlyads.com/statistics/
463 B
751 B
Image
General
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&placements=21052
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/
463 B
751 B
Image
General
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&placements=21046
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/
463 B
751 B
Image
General
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&placements=21048
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:48 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
pd
google-bidout-d.openx.net/w/1.0/ Frame DB43
0
176 B
Document
General
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 04 Sep 2023 20:52:48 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
sodar
pagead2.googlesyndication.com/getconfig/
15 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230830&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-0187116050987673&plah=ndnation.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a0459255511f0e730976e7c0e0fd641b896435400b019c7a0edd652535f553a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11907
x-xss-protection
0
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c953247aa1084d9b0776174e20b795a235c93f9dcf7c9d34fded56de81146509

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
bid
aax.amazon-adsystem.com/e/dtb/
23 B
459 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&pid=F2MXg1ASW9fFE&cb=2&ws=1600x1200&v=23.821.1806&t=2000&slots=%5B%7B%22sd%22%3A%22didhesion%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F2054844%2Fndnation.com%2FdiDNA_Adhesion%22%7D%5D&pubid=64abda41-57ff-4c58-84f8-8c2c7ab4be23&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.253.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-253-136.fra60.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P3
x-amz-rid
91SC4EJ2QSSYE5KERSFS
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
SNbZ24JG1QUytgtuILKR9JHN-R8r8rgUA2jXoy8itL8ykJJLscjMUg==
prebid
ib.adnxs.com/ut/v3/
139 B
699 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
c207703a2894751109413bdf32ccc44e5bbf365c8be8afc939c6fe2ef4e3ce3a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
an-x-request-uuid
2747f800-2f34-42aa-864a-8211900b58a6
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ndnation.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.21; 217.114.218.21; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
139
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/
62 B
115 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d45d4400f1&cmd=bid&eidpubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6&secure=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
fde4eef3ca0bafeaa74e25a52a10204e6c2737a991108a6417bb3b793e14ee4d

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
server
ATS/9.1.10.75
age
2
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
content-length
80
bidRequest
c2shb.ssp.yahoo.com/
62 B
114 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d7077300fa&cmd=bid&eidpubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6&secure=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
377e78a989a862e9162471b6941a3b2bca501e11ceb25d229ed9d16f8e07a113

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
server
ATS/9.1.10.75
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
content-length
78
prebidjs
rtb.openx.net/openrtbb/
53 B
138 B
XHR
General
Full URL
https://rtb.openx.net/openrtbb/prebidjs
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
c6675a204f25fd959bb07825feee6adae34120708f12930ce7e7f22dfdca0b3e

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-encoding
gzip
via
1.1 google
vary
Origin
content-type
text/plain
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
bid
ap.lijit.com/rtb/
22 B
397 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.51.0
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
728716e1ff565db78fda48bc7f35e649711dc4be5e862d21693cbd566e8c0dea

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 04 Sep 2023 20:52:49 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://ndnation.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap6ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
22
metric
report2.hb.brainlyads.com/statistics/
463 B
751 B
Image
General
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&placements=21048
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:49 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
auction
pbs.nextmillmedia.com/openrtb2/
0
257 B
XHR
General
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
x-prebid
pbs-go/41.36.0
vary
Origin
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
0
translator
hbopenbid.pubmatic.com/
0
54 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:47 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
colossusssp.com/
2 B
243 B
XHR
General
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
172.240.155.108 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://ndnation.com
Date
Mon, 04 Sep 2023 20:52:49 GMT
Access-Control-Allow-Credentials
true
Server
openresty
Connection
keep-alive
Content-Length
2
Content-Type
application/json
v1
btlr.sharethrough.com/universal/
0
154 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.125.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-125-22.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/
0
154 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.125.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-125-22.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
hb
ssc.33across.com/api/v1/
87 B
179 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=dVaqIEv0Cr66eeaKj0P0Le
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
0b4143d104391949ba1b8ffaa5e342add95a9a246fb2aa46f604f010bd297315

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb-mm-multi
hb.minutemedia-prebid.com/
105 B
448 B
XHR
General
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
52.210.102.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-102-126.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
f12519de9c711802995ba7f9ff657e29d583bdfbecd2ecc03033bda827d30c9d

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://ndnation.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
105
fastlane.json
fastlane.rubiconproject.com/a/api/
433 B
490 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20100&site_id=238880&zone_id=1178348&size_id=2&alt_size_ids=55&rp_schain=1.0,1!,,1,,,&eid_pubcid.org=a2d8d1f1-88d8-40bd-80d8-65205f1600b6%5E1&rf=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&tg_i.domain=ndnation.com&tg_i.page=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&tg_i.name=ndnation-com&tg_i.pbadslot=%2F2054844%2Fndnation.com%2FdiDNA_Adhesion%23didhesion&tk_flint=pbjs_lite_v7.51.0&x_source.tid=8e1fe163-e3fb-4d65-bb2a-697397522a2c&l_pb_bid_id=93b7d5ae219aac4&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=8e1fe163-e3fb-4d65-bb2a-697397522a2c&rp_hard_floor=0.05&rp_maxbids=1&p_gpid=%2F2054844%2Fndnation.com%2FdiDNA_Adhesion%23didhesion&slots=1&rand=0.40072775226141166
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::43 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
a64d200d42cc0ccbc8b1dd1046f5578c0d3c4db957c5098dc3a608502027e2db

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
433
expires
Wed, 17 Sep 1975 21:32:10 GMT
/
ads.resetsrv.com/
0
378 B
XHR
General
Full URL
https://ads.resetsrv.com/
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.55.50 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-methods
GET, POST
content-type
text/html
cdb
bidder.criteo.com/
0
190 B
XHR
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.51.0&cb=37559150555&lsavail=1&bundle=ZTkOWF92aUhWNlBmaXc4cVNnbTJ1ODZmdTklMkZzdzl0YUxBZ2dobzdPNGhiWk9hZyUyQkFwc2x2cVBSQjBjSzlRcHh6ZlVpJTJGeHkzT1ZsJTJGV1ZvbzRKQUR1JTJCUEtqQkVqTERKeXJvdSUyRk1VOXB3QldZdSUyRjl2eXN1M0wlMkJCTjlCc1ZNb01iZDNjNUpoOEl6WWRMemNxbnJwSHIxRzl3Y2pBJTNEJTNE
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:48 GMT
strict-transport-security
max-age=31536000; preload;
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Kestrel
vary
Origin
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-0187116050987673&plah=ndnation.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 04 Sep 2023 20:52:49 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 248D
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
6278
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 19:08:11 GMT
expires
Tue, 03 Sep 2024 19:08:11 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 0791
829 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
4503ee6bbde79608a0acbcde753e969d71b416bee1f7f4483fb5c5f5abf9423c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-0HIA2N6A_FOvgbNfl4E-jA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
537
content-security-policy
script-src 'report-sample' 'nonce-0HIA2N6A_FOvgbNfl4E-jA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
Mon, 04 Sep 2023 20:52:49 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
index_1.m3u8
cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/c9695f62561c4c3fb4cdb81d22913845/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/
1 KB
650 B
XHR
General
Full URL
https://cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/c9695f62561c4c3fb4cdb81d22913845/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/index_1.m3u8
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/libs/hls.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-33.mxp63.r.cloudfront.net
Software
AWS Elemental MediaPackage /
Resource Hash
f52e5c72ddd7d48dbd5709673b058d862a00f1eb5c055db7223156e6875bb7f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 16:46:00 GMT
content-encoding
gzip
via
1.1 0775da0a2f9756772faa2f4ff573da68.cloudfront.net (CloudFront)
server
AWS Elemental MediaPackage
x-amz-cf-pop
MXP63-P1
age
14809
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/x-mpegURL
access-control-allow-origin
https://ndnation.com
cache-control
max-age=21600
access-control-allow-credentials
true
x-mediapackage-request-id
Root=1-64f609c8-04f05c6e3e47479b26160dc0
x-amz-cf-id
xoJ-lvvuX3k5AB7BfyFVia53Cq4k44vtahC_pixEgwH-TNVwa8TMtQ==
45TQ4WJNUFNsi_RKEccy4FYYQq63aBzPbRMjDYcMLJU.js
pagead2.googlesyndication.com/bg/ Frame 248D
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/45TQ4WJNUFNsi_RKEccy4FYYQq63aBzPbRMjDYcMLJU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e394d0e1624d50536c8bf44a11c732e0561842aeb7681ccf6d13230d870c2c95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 21:18:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
84853
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14879
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 02 Sep 2024 21:18:36 GMT
index_1_0.ts
cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/
638 KB
639 KB
XHR
General
Full URL
https://cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/index_1_0.ts
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/libs/hls.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-33.mxp63.r.cloudfront.net
Software
AWS Elemental MediaPackage /
Resource Hash
0679ace3655e4b9202a5a4f8d8777b8c6faddf1f9e4b3b6a205e0731e1050bf1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 22:36:31 GMT
via
1.1 0775da0a2f9756772faa2f4ff573da68.cloudfront.net (CloudFront)
server
AWS Elemental MediaPackage
x-amz-cf-pop
MXP63-P1
age
80178
vary
Origin
x-cache
Hit from cloudfront
content-type
video/MP2T
access-control-allow-origin
https://ndnation.com
cache-control
max-age=31536000
access-control-allow-credentials
true
content-length
653112
x-mediapackage-request-id
Root=1-64f50a6f-4a3e7cf95d6aa5e06b5ed790
x-amz-cf-id
1R77ZyQFkFzUMhb87DgRkFJURpobIJGYkZE5hVhBIADS3Gsy3UhWgg==
sodar
pagead2.googlesyndication.com/pagead/ Frame 0791
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230830&jk=1818314250748677&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

metric
report2.hb.brainlyads.com/statistics/
463 B
751 B
Image
General
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&placements=21048
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:49 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
generate_204
tpc.googlesyndication.com/ Frame 248D
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?2YfTOA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ads
securepubads.g.doubleclick.net/gampad/
37 KB
16 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1818314250748677&correlator=3328351959238025&eid=31076475%2C31077366%2C31077538%2C20222283&output=ldjh&gdfp_req=1&vrg=202308300101&ptt=17&impl=fifs&iu_parts=2054844%2Cndnation.com%2Cleaderboard_wide&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90%7C728x90&ifi=2&didk=3258797748&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Dbb595f3c5c80e227-229624b1c3e7002c%3AT%3D1693860767%3ART%3D1693860767%3AS%3DALNI_MaRJDQob25jFnjXaxQhbhAVNAbPeA&gpic=UID%3D00000c6f0e50edf8%3AT%3D1693860767%3ART%3D1693860767%3AS%3DALNI_MbZCxt4_Q2Rg_ada7sxPSAwSQUCfA&abxe=1&dt=1693860769371&lmt=1693853137&adxs=315&adys=135&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&vis=1&psz=1600x0&msz=1600x0&fws=0&ohw=0&ga_vid=750641541.1693860768&ga_sid=1693860768&ga_hid=1379078175&ga_fc=true&dlt=1693860766864&idt=803&prev_scp=auid%3Dleaderboard_wide%26adLocation%3Datf%26amznbid%3D2%26amznp%3D2%26didna_vis%3Dtrue%26didna_refr%3Dfalse%26refresh-iteration%3D0&cust_params=pub%3Dndnation.com%26path%3D%252Fall-smiles-in-irish-romp%252F&adks=718374510&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
76b88dcf40530dccabe878037537ed914d9b582564fd8a9c45d1524f01400256
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16000
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 26EC
6 KB
3 KB
Document
General
Full URL
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
Tue, 03 Sep 2024 20:52:49 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index_2.m3u8
cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/c9695f62561c4c3fb4cdb81d22913845/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/
1 KB
650 B
XHR
General
Full URL
https://cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/c9695f62561c4c3fb4cdb81d22913845/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/index_2.m3u8
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/libs/hls.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-33.mxp63.r.cloudfront.net
Software
AWS Elemental MediaPackage /
Resource Hash
c668093037a7f6b6bca163b2089b30f28814af187512e1e37ac1dd07d42e5ca8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 18:00:55 GMT
content-encoding
gzip
via
1.1 0775da0a2f9756772faa2f4ff573da68.cloudfront.net (CloudFront)
server
AWS Elemental MediaPackage
x-amz-cf-pop
MXP63-P1
age
10314
vary
Accept-Encoding,Origin
x-cache
Hit from cloudfront
content-type
application/x-mpegURL
access-control-allow-origin
https://ndnation.com
cache-control
max-age=21600
access-control-allow-credentials
true
x-mediapackage-request-id
Root=1-64f61b57-61846636485777d9630505bc
x-amz-cf-id
dhNWnhOWF8JAgKNV3EBus47664jo0Omu2vbjzjTIoJit2nNdHmXN-w==
index_2_0.ts
cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/
898 KB
899 KB
XHR
General
Full URL
https://cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/index_2_0.ts
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/libs/hls.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-33.mxp63.r.cloudfront.net
Software
AWS Elemental MediaPackage /
Resource Hash
b875d5818b3be8d7a5972e22ab1477b38d4284fd9c427785e8efd3e84e7520c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 23:09:32 GMT
via
1.1 0775da0a2f9756772faa2f4ff573da68.cloudfront.net (CloudFront)
server
AWS Elemental MediaPackage
x-amz-cf-pop
MXP63-P1
age
78197
vary
Origin
x-cache
Hit from cloudfront
content-type
video/MP2T
access-control-allow-origin
https://ndnation.com
cache-control
max-age=31536000
access-control-allow-credentials
true
content-length
919508
x-mediapackage-request-id
Root=1-64f5122c-21f75899076bb0f71d4737d2
x-amz-cf-id
O3EkVb5TcXqjVlnnaaMIBYuy9go8sZ-VbnWNc0lkVKuPwxFqcKz_xg==
pwt.js
ads.pubmatic.com/AdServer/js/pwt/161901/7454/ Frame A83B
250 KB
76 KB
Script
General
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/161901/7454/pwt.js
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.244.232 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1086d0ec98811004a382fdb91879aed16738578932118ca79c52bd79d7140b08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
content-encoding
gzip
last-modified
Sat, 29 Apr 2023 00:56:16 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=111124
accept-ranges
bytes
content-length
77846
expires
Wed, 06 Sep 2023 03:44:53 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E6C3
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=161901&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D1%26key%3D
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.244.232 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=132659
content-encoding
gzip
content-length
5606
content-type
text/html
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
Wed, 06 Sep 2023 09:43:48 GMT
last-modified
Fri, 01 Sep 2023 11:18:33 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
sync
ssbsync.smartadserver.com/api/ Frame 3F93
0
75 B
Document
General
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=33&gdpr=1&gdpr_consent=&rdir=
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.154 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 04 Sep 2023 20:52:48 GMT
match
dm.hybrid.ai/ Frame 3658
0
0
Document
General
Full URL
https://dm.hybrid.ai/match?id=407&vid=1693860768965-959104183839-001170-006-006430&gdpr=1&gdpr_consent=&burl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D166%26pid%3D5e7b9048180bd02ded4b0937%26key%3D%24%7BVID%7D
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.18.16.22 , Russian Federation, ASN205675 (HYBRID-AS, DE),
Reverse DNS
Software
Hybrid Web Server /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
-1
p3p
CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
pragma
no-cache
server
Hybrid Web Server
x-mode
127
x-xss-protection
1; mode=block
sync
ups.analytics.yahoo.com/ups/58815/ Frame 086E
0
0
Document
General
Full URL
https://ups.analytics.yahoo.com/ups/58815/sync?redir=true&gdpr=1&gdpr_consent=
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Mon, 04 Sep 2023 20:52:49 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.75
strict-transport-security
max-age=31536000
cookiesyncendpoint
sync.aniview.com/ Frame FF93
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=aniview&gdpr=1&gdpr_pd=0&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26bid...
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=200&key=OPTOUT
0
38 B
Document
General
Full URL
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=200&key=OPTOUT
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.227.115.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-227-115-35.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Mon, 04 Sep 2023 20:52:49 GMT
etag
OPTOUT
expires
0
location
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=200&key=OPTOUT
pragma
no-cache
cookiesyncendpoint
sync.aniview.com/ Frame 32AA
Redirect Chain
  • https://ssp.disqus.com/redirectuser/?partner=aniview&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D52%26key%3DBUYERUID
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=52&key=ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
0
243 B
Document
General
Full URL
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=52&key=ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.227.115.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-227-115-35.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT

Redirect headers

cache-control
no-store
content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
0
location
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=52&key=ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
pragma
no-cache
cookiesyncendpoint
sync.aniview.com/ Frame 63B6
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D10%2...
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=10&pid=59c9148628a0612da3689288&key=oPzVxR0iTvt3&ev=1&us_privacy=1---&pid=562704
0
206 B
Document
General
Full URL
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=10&pid=59c9148628a0612da3689288&key=oPzVxR0iTvt3&ev=1&us_privacy=1---&pid=562704
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.227.115.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-227-115-35.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
cw-server
bh-deployment-cdb79dd64-gzdsl
expires
-1
location
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=10&pid=59c9148628a0612da3689288&key=oPzVxR0iTvt3&ev=1&us_privacy=1---&pid=562704
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
usync.html
eus.rubiconproject.com/ Frame 0E7C
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=aniview&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Sep 2023 20:52:49 GMT
ETag
"40010-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT
location
https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
server
AkamaiGHost
pixel
ap.lijit.com/ Frame BE89
0
0
Document
General
Full URL
https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D18%26key%3D%24UID
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Mon, 04 Sep 2023 20:52:49 GMT
X-Sovrn-Pod
ad_ap6ams1
cookiesyncendpoint
sync.aniview.com/ Frame 5101
Redirect Chain
  • https://csync.loopme.me/?pubid=11455&gdpr=1&gdpr_consent=&redirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D56%26pid%...
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=56&pid=59c9148628a0612da3689288&key=4e21b2dd-3734-4854-97e1-4b89738b2912&gdpr_consent=null&g...
0
240 B
Document
General
Full URL
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=56&pid=59c9148628a0612da3689288&key=4e21b2dd-3734-4854-97e1-4b89738b2912&gdpr_consent=null&gdpr=1
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.227.115.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-227-115-35.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT

Redirect headers

content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT
location
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=56&pid=59c9148628a0612da3689288&key=4e21b2dd-3734-4854-97e1-4b89738b2912&gdpr_consent=null&gdpr=1
server
_
cookiesyncendpoint
sync.aniview.com/ Frame 5F5D
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=1&gdpr_consent=&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D105%26pid%3D59c9148...
  • https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=105&pid=59c9148628a0612da3689288&key=&gdpr=1
0
189 B
Document
General
Full URL
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=105&pid=59c9148628a0612da3689288&key=&gdpr=1
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.227.115.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-227-115-35.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 04 Sep 2023 20:52:49 GMT

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Mon, 04 Sep 2023 20:52:48 GMT
location
https://sync.aniview.com/cookiesyncendpoint?auid=1693860768965-959104183839-001170-006-006430&biddername=105&pid=59c9148628a0612da3689288&key=&gdpr=1
server
envoy
x-envoy-upstream-service-time
0
cm
u.openx.net/w/1.0/ Frame E3A0
43 B
211 B
Document
General
Full URL
https://u.openx.net/w/1.0/cm?id=ec4c2ec9-18b8-454e-98be-3ee1e6bfea65&gdpr=1&gdpr_consent=&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D23%26key%3D
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-length
56
content-type
text/html
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
apstag.js
c.amazon-adsystem.com/aax2/ Frame B1C0
248 KB
61 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.202.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-202-223.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9e08da8f03bfc136e84f23144e1d9c6837ebed60f4c61b6c8cafc8215f77585

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 19:59:14 GMT
content-encoding
gzip
via
1.1 142ded88048f806cc40a5a225130cc8a.cloudfront.net (CloudFront), 1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
last-modified
Thu, 24 Aug 2023 18:15:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, MXP63-P1
age
3216
x-amz-server-side-encryption
AES256
etag
W/"bfd42dc650471371e7b049251fcaca58"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
AOyLrT1w6xvidE9B_eRoPsH1cgNp2kSWXCcZ8TrwmA1miz4hTRq0vw==
/
demo-wls-ssp-node.smartyads.com/
65 B
280 B
Fetch
General
Full URL
https://demo-wls-ssp-node.smartyads.com/?c=v&m=api&res=xml&placementId=17&domain=ndnation.com&page=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&ip=217.114.218.21&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.5845.140%20Safari%2F537.36&wPlayer=740&hPlayer=416&schain=1.0,1!cloudmcapp.com,1029,1,,,&cbb=3860769465
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
8.2.108.251 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software
/
Resource Hash
a9179676206755fbdcaf25d2c0958cf0ef14c8a787f38c966b9dbd8013b919f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://ndnation.com
Date
Mon, 04 Sep 2023 20:52:49 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
65
Content-Type
text/xml
track
track1.aniview.com/
0
97 B
Image
General
Full URL
https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=ndnation.com&rs=ndnation.com&sid=99143&t=1693860768&cip=217.114.218.21&sn=&tgt=0&osv=10&bv=116.0&brn=Chrome&wi=740&he=416&app=&AV_PUBLISHERID=624e25402d2a7c268c34f1d8&test=&d64=22505880afd7154c1116d8762c6c2fda&d63=22505880afd7154c1116d8762c6c2fda&aafaid=&proto=https&uid=1693860768965-959104183839-001170-006-006430&cha=0.7&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&d35=&d36=6.2.123&cb=56028372160&d39=&d65=&d66=8.3.19&d74=&d56=&apppkg=&d9=1000&d37=realtime&pt=2&d66=8.3.19&d74=&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&cvid=&cpid=&str=autostart&AV_WIDTH=740&AV_HEIGHT=416&nid=624e25402d2a7c268c34f1d8&ncid=625594b02e0ef2773933f2d1&e=request&cb=1693860769468&asid=649afdc79de54df7d80190f5%2C64c826064828af1cdf0b34b9%2C63ef7a46ac474ffe8c0f7486%2C6424867dcc54e233b90e2c14&ofpr=%2C%2C%2C&fpo=%2C%2C%2C&ri=1%2C1%2C1%2C1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.239.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-239-161.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
track
track1.aniview.com/
0
97 B
Image
General
Full URL
https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=ndnation.com&rs=ndnation.com&sid=99143&t=1693860768&cip=217.114.218.21&sn=&tgt=0&osv=10&bv=116.0&brn=Chrome&wi=740&he=416&app=&AV_PUBLISHERID=624e25402d2a7c268c34f1d8&test=&d64=22505880afd7154c1116d8762c6c2fda&d63=22505880afd7154c1116d8762c6c2fda&aafaid=&proto=https&uid=1693860768965-959104183839-001170-006-006430&cha=0.7&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&d35=&d36=6.2.123&cb=56028372160&d39=&d65=&d66=8.3.19&d74=&d56=&apppkg=&d9=1000&d37=realtime&pt=2&d66=8.3.19&d74=&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&cvid=&cpid=&str=autostart&AV_WIDTH=740&AV_HEIGHT=416&&copid=624e25402d2a7c268c34f1d8&nid=5e7b9048180bd02ded4b0937&cocid=625594b02e0ef2773933f2d1&ncid=63ac343a7c43ae62ab0cbcf7&coasid=63ac3b2968dcea55a30d26a5&e=request&cb=1693860769468&asid=63ac33bbb1e40243a30b0834%2C63ac331fdde9bd007a0ceb54%2C63caab22b4432b86970fb574%2C641efcd011041eb6e6070b87%2C63ac33f98dcb343bef0d6d26%2C64895452aa6bbf175108243b%2C63bbc90786f72f8115055bf9&ofpr=%2C%2C%2C%2C%2C%2C&fpo=%2C%2C%2C%2C%2C%2C&ri=1%2C1%2C1%2C1%2C1%2C1%2C1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.239.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-239-161.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
c24e4f92-bdbf-46b2-9c2a-c299fca5369b
https://ndnation.com/
94 KB
0
Other
General
Full URL
blob:https://ndnation.com/c24e4f92-bdbf-46b2-9c2a-c299fca5369b
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bd2df0fff950bce978c27cee54ed6e14e5e90d9e7f1829ab56da3fb21025ec48

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Length
96496
Content-Type
text/javascript
ads
securepubads.g.doubleclick.net/gampad/
129 KB
19 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1818314250748677&correlator=850512488099245&eid=31076475%2C31077366%2C31077538%2C20222283&output=ldjh&gdfp_req=1&vrg=202308300101&ptt=17&impl=fifs&iu_parts=2054844%2Cndnation.com%2Crectangle_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=336x280%7C300x250&ifi=3&didk=3701212228&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Dbb595f3c5c80e227-229624b1c3e7002c%3AT%3D1693860767%3ART%3D1693860767%3AS%3DALNI_MaRJDQob25jFnjXaxQhbhAVNAbPeA&gpic=UID%3D00000c6f0e50edf8%3AT%3D1693860767%3ART%3D1693860767%3AS%3DALNI_MbZCxt4_Q2Rg_ada7sxPSAwSQUCfA&abxe=1&dt=1693860769537&lmt=1693853137&adxs=1047&adys=135&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&vis=1&psz=339x0&msz=339x0&fws=0&ohw=0&ga_vid=750641541.1693860768&ga_sid=1693860768&ga_hid=1379078175&ga_fc=true&dlt=1693860766864&idt=803&prev_scp=auid%3Drectangle_1%26adLocation%3Datf%26amznbid%3D2%26amznp%3D2%26didna_vis%3Dtrue%26didna_refr%3Dfalse%26refresh-iteration%3D0&cust_params=pub%3Dndnation.com%26path%3D%252Fall-smiles-in-irish-romp%252F&adks=4203878243&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
30bcf6ecd423191be7d3e78594b4980a37eacdb8e433be66d59cbc2f4c2ba2e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19614
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://ndnation.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame B1C0
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.202.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-202-223.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 5dc1bff22b40f5004224ef547b1a9a7c.cloudfront.net (CloudFront)
date
Mon, 04 Sep 2023 10:40:54 GMT
x-amz-cf-pop
MXP63-P1
age
36716
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
DOixeDbYFxtqoxiNXensQ_BY0mGIiZQOVef5VRYB7QjAUHRRciSroQ==
config
c.amazon-adsystem.com/cdn/prod/ Frame B1C0
0
298 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fndnation.com&pubid=5d8ed25e-57cc-441a-b62a-127b34faae4e
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.202.223 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-202-223.mxp63.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
via
1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
MXP63-P1
x-cache
Miss from cloudfront
access-control-allow-origin
https://ndnation.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
bR2osDnev2NoNC0QU-xCInxxUndgrFejjuM5rC0xWWl5rr6jyouVjg==
bid
aax.amazon-adsystem.com/e/dtb/ Frame B1C0
23 B
459 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&pid=JJrmMgzwPPmka&cb=0&ws=1600x1200&v=23.821.1806&t=8000&slots=%5B%7B%22id%22%3A%22PS_Video_Instream_640x480_Web%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!cloudmcapp.com%2C1029%2C1%2C%2C%2C!playstream.media%2C624e25402d2a7c268c34f1d8%2C1%2C%2C%2C!playstream.media%2C5d8ed25e-57cc-441a-b62a-127b34faae4e%2C1%2C%2C%2C&pubid=5d8ed25e-57cc-441a-b62a-127b34faae4e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.253.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-253-136.fra60.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P3
x-amz-rid
YRDM8TKXSNVCX1KB7FE5
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
IJmbfe9KztuhlQ2ob9DzGtEyd7qCms_xJctzgl8tM6qvOQ_SLg2CrQ==
bid
aax.amazon-adsystem.com/e/dtb/ Frame B1C0
23 B
459 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&pid=JJrmMgzwPPmka&cb=1&ws=1600x1200&v=23.821.1806&t=8000&slots=%5B%7B%22id%22%3A%22PS_Video_Instream_400x300_Web%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!cloudmcapp.com%2C1029%2C1%2C%2C%2C!playstream.media%2C624e25402d2a7c268c34f1d8%2C1%2C%2C%2C!playstream.media%2C5d8ed25e-57cc-441a-b62a-127b34faae4e%2C1%2C%2C%2C&pubid=5d8ed25e-57cc-441a-b62a-127b34faae4e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.253.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-253-136.fra60.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P3
x-amz-rid
4PZ0KXEEFGFSN630ENE5
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
7uxvvlkqSHo-dQWiPiZgApn87DSxtUIQOSn3RpiMeYo1KH5T1MpghA==
bid
aax.amazon-adsystem.com/e/dtb/ Frame B1C0
23 B
459 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&pid=JJrmMgzwPPmka&cb=2&ws=1600x1200&v=23.821.1806&t=8000&slots=%5B%7B%22id%22%3A%22PS_Video_Instream_400x225_Web%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!cloudmcapp.com%2C1029%2C1%2C%2C%2C!playstream.media%2C624e25402d2a7c268c34f1d8%2C1%2C%2C%2C!playstream.media%2C5d8ed25e-57cc-441a-b62a-127b34faae4e%2C1%2C%2C%2C&pubid=5d8ed25e-57cc-441a-b62a-127b34faae4e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.253.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-253-136.fra60.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P3
x-amz-rid
HAJN99T3TA2JBJGQFKHT
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://ndnation.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
SmquvZ8tRFzhleBmzHaoHKj0sibV9ZbVmbLv3hXrFj64bAYsOFXY_Q==
PugMaster
image6.pubmatic.com/AdServer/ Frame E6C3
0
42 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=15621955&p=161901&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=161901&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1693860768965-959104183839-001170-006-006430%26biddername%3D1%26key%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:48 GMT
content-length
0
/
beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/ Frame
0
0
Preflight
General
Full URL
https://beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.177.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-177-59.mxp53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
PUT
Origin
https://ndnation.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
OPTIONS,PUT
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Mon, 04 Sep 2023 20:52:49 GMT
via
1.1 0ad2d33f6ff79860fbe5108c38207a82.cloudfront.net (CloudFront)
x-amz-apigw-id
Kv-BWHZBIAMEjTg=
x-amz-cf-id
57iAwmN1g-WhtqFVPTo2l4kYN5DOg_Z2Q-JFw4vkMAr0JjDph3aixw==
x-amz-cf-pop
MXP53-P1
x-amzn-requestid
220ada32-79b7-48d5-953b-12c290fba69f
x-cache
Miss from cloudfront
/
beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/
110 B
471 B
XHR
General
Full URL
https://beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/
Requested by
Host: tg1.aniview.com
URL: https://tg1.aniview.com/api/adserver/spt?AV_TAGID=6256fe729c5a4736b15c6a6a&AV_PUBLISHERID=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.177.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-177-59.mxp53.r.cloudfront.net
Software
/
Resource Hash
a7450247a55c744121d5d46d74ce3962dc5d927e8001d21816ceb4c59a37b40f

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
via
1.1 0ad2d33f6ff79860fbe5108c38207a82.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP53-P1
x-amzn-trace-id
Root=1-64f643a2-52f36980060a6d7e694e1ca8
x-amzn-requestid
64832ac1-c961-4f24-afc9-64ec540457a3
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
Kv-BYGwqIAMEcnQ=
content-length
110
x-amz-cf-id
89OdnY6tVwxj3furNpYNkDjdJJicmCqmmeDLM061wQaXhJk2d7enyg==
usync.js
eus.rubiconproject.com/ Frame 0E7C
34 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
645c990f39dbf24c282b2e62297b3cf0f8a06f732309c682843f019d4df02eba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Sep 2023 01:29:29 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=16541
Connection
keep-alive
Content-Length
10123
Expires
Tue, 05 Sep 2023 01:28:30 GMT
container.html
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 24E7
6 KB
3 KB
Document
General
Full URL
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
Tue, 03 Sep 2024 20:52:49 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 0E7C
0
239 B
Image
General
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=aniview&khaos=LM5CYTG7-H-HWAA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
574abe46412f7df61ec8713ff1a5b646
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
dr
as.ad4m.at/ad/ Frame 25B4
2 KB
3 KB
Document
General
Full URL
https://as.ad4m.at/ad/dr?ed=1h9e7dy7s9g0d7bhxmpnfbt71by8npemgmdwfc815aaap9cvxzsbba1hpwjt4nt1ts0kjktakja5sppybq276k6p04gncv2swrv1xqz03pw0jjhhsrvnpydw6n12rfx7g9nf56yeq8vvner2nhnqc34p89nq43hgwderj7gxyr34kjeg89wcahf88hc9mz87kzvp7ctycps98e90yjv4jftnhz33crkmxs6vabpv143a662kyamem049qb8280q22mpzw0b4g3qxctvm0sf14vy54bvmggfmcpd2ddf83qkrm346vnwnj24zted85ftyn9e2kkd94766myw5xjf6eheaej4rrp8v935ngs9kngkedy95md5ggnev4a58mqzqgmpg4925kwfk4qdvf314gfpb2v5z5ms2fdshb03jm7f9kn74&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%26client%3Dca-pub-7172845042955446%26adurl%3D
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a90f6e348d34d8ff2d408f207d47ce955c133c6d250e2e4936121df79bf088b
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
80191e537b1e3803-FRA
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
0
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy
accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma
no-cache
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 24E7
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 12:07:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
31526
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 12:07:23 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 7E04
1 KB
643 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
34730
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 11:13:59 GMT
etag
48472445140208031
expires
Tue, 05 Sep 2023 11:13:59 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 24E7
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
25116
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8273
x-xss-protection
0
server
cafe
etag
16365778639179992903
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
l
www.google.com/ads/measurement/ Frame 24E7
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTUeCr_a2xxSpBTaPnMoGrvKuAI_al6mIqoO5WnMF8okYfGp1f5_x6Q8WbTmiT6m6G1ItEyCgWRsX-O3Bt3dHaOGx4X7Q
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 24E7
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Thu, 31 Aug 2023 14:21:12 GMT
content-encoding
br
x-content-type-options
nosniff
age
369097
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 30 Aug 2024 14:21:12 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 24E7
181 KB
57 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 04 Sep 2023 20:52:49 GMT
ads
securepubads.g.doubleclick.net/gampad/
37 KB
15 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1818314250748677&correlator=2990156396364300&eid=31076475%2C31077366%2C31077538%2C20222283&output=ldjh&gdfp_req=1&vrg=202308300101&ptt=17&impl=fifs&iu_parts=2054844%2Cndnation.com%2CdiDNA_Adhesion&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90%7C728x90&ifi=4&didk=404927827&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Dbb595f3c5c80e227-229624b1c3e7002c%3AT%3D1693860767%3ART%3D1693860767%3AS%3DALNI_MaRJDQob25jFnjXaxQhbhAVNAbPeA&gpic=UID%3D00000c6f0e50edf8%3AT%3D1693860767%3ART%3D1693860767%3AS%3DALNI_MbZCxt4_Q2Rg_ada7sxPSAwSQUCfA&abxe=1&dt=1693860769804&lmt=1693853137&adxs=294&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&bz=1&url=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F&vis=1&psz=1600x-1&msz=1558x-1&fws=512&ohw=0&ga_vid=750641541.1693860768&ga_sid=1693860768&ga_hid=1379078175&ga_fc=true&dlt=1693860766864&idt=803&prev_scp=didna_prod%3Dadhesion%26adLocation%3Datf%26amznbid%3D2%26amznp%3D2%26didna_vis%3Dtrue%26didna_refr%3Dfalse%26refresh-iteration%3D0&cust_params=pub%3Dndnation.com%26path%3D%252Fall-smiles-in-irish-romp%252F&adks=3939276862&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308300101/pubads_impl.js?cb=31077538
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6feafb96bbf1af2086ecdd5f1f0f9d60fedfb444b77bc4540ed5febfc9043b4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15837
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
i.match
s.tribalfusion.com/z/ Frame 7E04
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEBah4Qs_m7RWVJtZDUtzrLk&google_cver=1&google_push=AXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XT...
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBah4Qs_m7RWVJtZDUtzrLk&google_cver=1&google_push=AXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8...
43 B
428 B
Image
General
Full URL
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBah4Qs_m7RWVJtZDUtzrLk&google_cver=1&google_push=AXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
DYNAMIC
x-function
302
server
cloudflare
content-type
image/gif; charset=utf-8
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
80191e550d3092a2-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
DYNAMIC
x-function
206
server
cloudflare
x-reuse-index
97
content-type
text/html
location
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBah4Qs_m7RWVJtZDUtzrLk&google_cver=1&google_push=AXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ0KwlhIfiCwtsJy9QHbazE8HUEpzO1rI_JJq5iDePB1JEPV6tQ11qZR0vBKM89EV1c1mjc_wxLiInYGoYEiHzFBnb3Ty8XTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
80191e53cc5992a2-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7E04
Redirect Chain
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEIQLNTvA8C-WLp5GNP0rzZg&google_cver=1&google_push=AXcoOmT15z8o7i4rT3QklcH30uOhZvqW6F4DWQ9dL35J4zypjtyi229UpJRpsqpxxjn3Xp4kGQMJyKpVfDk...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT15z8o7i4rT3QklcH30uOhZvqW6F4DWQ9dL35J4zypjtyi229UpJRpsqpxxjn3Xp4kGQMJyKpVfDkZDmlDLNpQG3I6NAxU0w&google_hm=fBlI9W5pSK60AeBfT5...
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT15z8o7i4rT3QklcH30uOhZvqW6F4DWQ9dL35J4zypjtyi229UpJRpsqpxxjn3Xp4kGQMJyKpVfDkZDmlDLNpQG3I6NAxU0w&google_hm=fBlI9W5pSK60AeBfT5MMPBU
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
via
1.1 google
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CUR OUR NOR"
status
302
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT15z8o7i4rT3QklcH30uOhZvqW6F4DWQ9dL35J4zypjtyi229UpJRpsqpxxjn3Xp4kGQMJyKpVfDkZDmlDLNpQG3I6NAxU0w&google_hm=fBlI9W5pSK60AeBfT5MMPBU
content-type
text/html;charset=UTF-8
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7E04
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJh_X00qVnvBatJetXqs4T0&google_cver=1&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJa92Uk...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJh_X00qVnvBatJetXqs4T0&google_cver=1&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJ...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJa92...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJa92UkAnBEwtGL-28-CeJuWO5hvA
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmTYFqc4HJlGxnykJrcXwFZHU9WJNCsi0wnw3_AcU3xD3G62_WxLPCkydO0W9BCrLSLWrxJa92UkAnBEwtGL-28-CeJuWO5hvA
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame 7E04
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEP...
  • https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA&redir=https%3A%2F%2Fcm.g.dou...
  • https://sync.targeting.unrulymedia.com/csync/RX-b4dac8b3-51a0-4a17-9fa5-0a509a57e558-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmTAlIZ5V6YrAq-6Dajl6...
  • https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA&google_hm=A7TayLNRoEoXn6UKUJpX5Vg
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA&google_hm=A7TayLNRoEoXn6UKUJpX5Vg
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmTAlIZ5V6YrAq-6Dajl65GyCWDTuwTJtjbFV-Y0HRWr72H7GCeOOhm4WbyJ82SKf8uscEE6YBIDeY29MvhvJsVtWi7Aiy1sVA&google_hm=A7TayLNRoEoXn6UKUJpX5Vg
date
Mon, 04 Sep 2023 20:52:49 GMT
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXb4dac8b351a04a179fa50a509a57e558003
content-type
text/html
pixel
cm.g.doubleclick.net/ Frame 7E04
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEBE2FT1OXV347Zdb-8rtDtE&google_cver=1&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2PiqIMgZnNZXBzEcjpDOIrf72_JZC5GatIaVjxN79eF_N
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2PiqIMgZnNZXBzEcjpDOIrf72_JZC5GatIaVjxN79eF_...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjA2OTk2NTUyNTYxMDcwMTUxNDI3OQ%3D%3D&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2...
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjA2OTk2NTUyNTYxMDcwMTUxNDI3OQ%3D%3D&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2PiqIMgZnNZXBzEcjpDOIrf72_JZC5GatIaVjxN79eF_N
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjA2OTk2NTUyNTYxMDcwMTUxNDI3OQ%3D%3D&google_push=AXcoOmRL6kARTbArZtBoLDRZSY-jmDOJg7_tLAbdFHe3ARwhbwKSeqt2PiqIMgZnNZXBzEcjpDOIrf72_JZC5GatIaVjxN79eF_N
date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
onetag-sys.com/match/ Frame 7E04
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEm0O26pikp0Q-dbCvPhsfI&google_cver=1&google_push=AXcoOmQH-oTqAtU0n7I8hAs241wyVVxfFZj9pvKtc8ZkYlgzhd-q9rPZCK9yI8SpVDGeGvT_rHS7gYYB53v...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQH-oTqAtU0n7I8hAs241wyVVxfFZj9pvKtc8ZkYlgzhd-q9rPZCK9yI8SpVDGeGvT_rHS7gYYB53vfSjtI3upTZv-40KdvOk4
  • https://onetag-sys.com/match/?int_id=19&google_error=5
0
151 B
Image
General
Full URL
https://onetag-sys.com/match/?int_id=19&google_error=5
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
255
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25
x.bidswitch.net/check_uuid/ Frame 7E04
43 B
146 B
Image
General
Full URL
https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEJeqUTWIo-rE5XcAYmglsyg&google_cver=1&google_push=AXcoOmQl91ixrOcYcJnGvY5zcXfcQXrAazkNaVnZpnWmUqvY9w5zS4IRy6MM0zZ4ZZvi4i4LVXI_CThrUgN20w_bWJVfiRUPVDuoOw
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.83.223 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-83-223.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
attr
cm.g.doubleclick.net/pixel/ Frame 7E04
0
139 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J9aoC1To90I1CzKkpLVTXqig6RrYeTBH_N-qtWm7zw7vKhpa33R8pJBdwdaXTggJFR76fa8Jo
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
sync.php
pixel.rubiconproject.com/exchange/ Frame 0E7C
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=a9us
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 0E7C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMoDFRDKDc27kxelKLGvsDc&google_cver=1
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMoDFRDKDc27kxelKLGvsDc&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMoDFRDKDc27kxelKLGvsDc&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 0E7C
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/-IbFJZBL9H9pr9kpCAyBfg?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-By9OqPNE2oIg2bpspYXJ6WUljjkb1FvOVTLjeQ--~A
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-By9OqPNE2oIg2bpspYXJ6WUljjkb1FvOVTLjeQ--~A
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Mon, 04 Sep 2023 20:52:50 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-By9OqPNE2oIg2bpspYXJ6WUljjkb1FvOVTLjeQ--~A
content-length
0
rubicon
match.adsrvr.org/track/cmf/ Frame 0E7C
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
setuid
px.ads.linkedin.com/ Frame 0E7C
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LM5CYTG7-H-HWAA
0
647 B
Image
General
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LM5CYTG7-H-HWAA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 189A7087E58B45A8AB55C7776795E44B Ref B: FRAEDGE1115 Ref C: 2023-09-04T20:52:49Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYEjrF/v5nhycGACD0/Qg==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LM5CYTG7-H-HWAA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
66ef90d06496cfd000aab8206f2b6221
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 0E7C
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2U3MzQ4MTNiYjY5NzU1YTdlNmFmNzlmMDQ3ODU5NDA4NWQ3YmM0NQ
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2U3MzQ4MTNiYjY5NzU1YTdlNmFmNzlmMDQ3ODU5NDA4NWQ3YmM0NQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
H2
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=M2U3MzQ4MTNiYjY5NzU1YTdlNmFmNzlmMDQ3ODU5NDA4NWQ3YmM0NQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame 0E7C
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=p81HlcLVQpuGMuPYpwX5BQ&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p81HlcLVQpuGMuPYpwX5BQ
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p81HlcLVQpuGMuPYpwX5BQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:50 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
FKKF4V9QDCVCWED79XAZ
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=p81HlcLVQpuGMuPYpwX5BQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 0E7C
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE01Q1lURzctSC1IV0FB
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMSWf6Vst0cv5ngC7beN7SA&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE01Q1lURzctSC1IV0FB&google_push=
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE01Q1lURzctSC1IV0FB&google_push=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=aniview&endpoint=us-east
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE01Q1lURzctSC1IV0FB&google_push=
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Expires
0
truncated
/ Frame 24E7
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a8d46b6f31d146102db0e8db9dedb26abe1050a1e10c58ef365b54ccf2f21b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame 25B4
114 KB
14 KB
Stylesheet
General
Full URL
https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1h9e7dy7s9g0d7bhxmpnfbt71by8npemgmdwfc815aaap9cvxzsbba1hpwjt4nt1ts0kjktakja5sppybq276k6p04gncv2swrv1xqz03pw0jjhhsrvnpydw6n12rfx7g9nf56yeq8vvner2nhnqc34p89nq43hgwderj7gxyr34kjeg89wcahf88hc9mz87kzvp7ctycps98e90yjv4jftnhz33crkmxs6vabpv143a662kyamem049qb8280q22mpzw0b4g3qxctvm0sf14vy54bvmggfmcpd2ddf83qkrm346vnwnj24zted85ftyn9e2kkd94766myw5xjf6eheaej4rrp8v935ngs9kngkedy95md5ggnev4a58mqzqgmpg4925kwfk4qdvf314gfpb2v5z5ms2fdshb03jm7f9kn74&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%26client%3Dca-pub-7172845042955446%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/dr?ed=1h9e7dy7s9g0d7bhxmpnfbt71by8npemgmdwfc815aaap9cvxzsbba1hpwjt4nt1ts0kjktakja5sppybq276k6p04gncv2swrv1xqz03pw0jjhhsrvnpydw6n12rfx7g9nf56yeq8vvner2nhnqc34p89nq43hgwderj7gxyr34kjeg89wcahf88hc9mz87kzvp7ctycps98e90yjv4jftnhz33crkmxs6vabpv143a662kyamem049qb8280q22mpzw0b4g3qxctvm0sf14vy54bvmggfmcpd2ddf83qkrm346vnwnj24zted85ftyn9e2kkd94766myw5xjf6eheaej4rrp8v935ngs9kngkedy95md5ggnev4a58mqzqgmpg4925kwfk4qdvf314gfpb2v5z5ms2fdshb03jm7f9kn74&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%26client%3Dca-pub-7172845042955446%26adurl%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1687950287
age
1071579
cf-polished
origSize=117335
x-guploader-uploadid
ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 28 Jun 2023 11:05:15 GMT
server
cloudflare
etag
W/"5d49535c2a84a9762127b3d9e77d7e02"
vary
Accept-Encoding
x-goog-generation
1687950315098833
content-type
text/css
x-goog-hash
crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control
public, max-age=3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RVymplUJ66p7SmKJzTpS9htoHMVr%2Bm5Iio6LXdNquFFCOgEdfZaSeajGMYYnhKdHVsxsi5C8a9RJnryC6rgN5d05IQH64ypjbE%2FX0i7VBgF%2Fqc2YI%2BB%2FuaI0u5QCSjAbLyGn4FnWNQM%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
117335
cf-ray
80191e53db883803-FRA
expires
Mon, 04 Sep 2023 21:52:49 GMT
r62eglto.js
ad4m.at/ Frame 25B4
25 KB
10 KB
Script
General
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1h9e7dy7s9g0d7bhxmpnfbt71by8npemgmdwfc815aaap9cvxzsbba1hpwjt4nt1ts0kjktakja5sppybq276k6p04gncv2swrv1xqz03pw0jjhhsrvnpydw6n12rfx7g9nf56yeq8vvner2nhnqc34p89nq43hgwderj7gxyr34kjeg89wcahf88hc9mz87kzvp7ctycps98e90yjv4jftnhz33crkmxs6vabpv143a662kyamem049qb8280q22mpzw0b4g3qxctvm0sf14vy54bvmggfmcpd2ddf83qkrm346vnwnj24zted85ftyn9e2kkd94766myw5xjf6eheaej4rrp8v935ngs9kngkedy95md5ggnev4a58mqzqgmpg4925kwfk4qdvf314gfpb2v5z5ms2fdshb03jm7f9kn74&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%26client%3Dca-pub-7172845042955446%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:49 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 11 Jul 2023 16:29:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
534140
etag
W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hk1q%2FzfzSjN06B20sok2nH4HIc6v6aox%2FJBlQUrYvfs2SCg4A%2BXJ8tCU%2BU8OuJPfxcaCxNDHjUYmyrhJ20PDwSvVTlL6GLVsRFU5ss8w3wH0gvyKSbcd6nicOul0qMiENBXhC4Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray
80191e53fbb13803-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 16:30:19 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230830&jk=1818314250748677&bg=!CAulC0TNAAYHwnCgJ8I7ADQBe5WfODpNHZQptX2gachIvQ_s5eFEqVzCMM81wzbx6-vgeto-Ba60LtcwI0J64e5Cwvo4AgAAAG1SAAAACWgBBwoAk1wj6sChHy_kXmQJCcwV1PUxya49cy6nDOVSPbyTtK3m2KkHfWgUrGkPGplcaFHNhjfe6rHVomqgSwiiFUQTxq-yGRMAQCmixTTKOwVI9dQBnpoi6j5wd-yFxa5pQyuyG6JvhnVhvyvk6F6kxUI49Ux2Z5PAggkFW4sYYhgKOSanFVE-qDq9zwQ8g7JPBNU_sT6oJ5kCvu8w-pkvLRjYYM2H2h-7KwULyfNJUHGWPBA4ZkWdwY_deA0ZOOdx3zbGsMnZeLpda-WB01B5nll1bNImSitl9B2sAJpW5UgoAgO-Wp-B5RCVB62SaSg0m4DmeMY_X2y4MmeGLebwi-lKIXIcsxWj62zQcZnKx1vl82H6_3VOQ9wbr8P0U2E-GMWeCiPwtVPJXi30XUWrcH9UqQUUYDTybab-KQ_w3P9TuWJxlA1vXxYVgBvix6t7DjLEKDRKfbWuie6Ud0f0H9o20_Q1foW6xENEQCtUCiVMxubMMyd1pQBQQm_cgCjgWj7PWmekm0DcnRx2H4njzrNGfJ0MPPct_lKMxPmOdtZG-ahBO7eHL98ExGaAVWga2HoJiZ-8dasah3LUga3wXMXC-bX3i9PkxuGEbs7bkME5wWrWBZpMW0hAi_WXerOjCmXWxiGfkpbrzmNbuMojZIUeQCsSd9FmSzGKNAXPm3IFKa7iFd0OONERMtHKbdm2U-hE8HUCdhN5OO7rOT2b8lBwQS1IHLgbzYaMlR5EUb4vKY-XXVkZekH0NNnEwkfhBN9ruA8z8FkiA2O-RX6sCLg29fYfSPsBiEUESIwsH0Uql5g84gs1UORn9YHBMAqh-TW5pCuuJzecPuhrfthXCAAtmqHayiEGfMuYaPV75bRmrgq9N2-uRiJ9gMh2Oda8X3ffvPdl3J5hjnTjAnVLtGKwqrfXWcMAJQJZXWfGj65omquyRZIQkC0wkjjldx9nJ0ZQQrxlL7Mlr-6lvYoKgbkqIjWiv2yYr7mbNNGmnCst8wK_yhKEUw1_m1_sEsl2Levt9maCVmYbFdBJ-SsmZUWfJuw8bIQ-bkwBO-qU28X5vcBxZoZpe8mxxMEi8XT-v84ywyyqtY_TCX8l2U-cq4OhaFVy1jmwXxF9EygGQYtYwOWMReHnwA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 25B4
3 KB
4 KB
Image
General
Full URL
https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
535
x-guploader-uploadid
ADPycdsbbnt5NrGD8XWC9mz7OThy64CUbvokcgdlXT8JWFSQN4ce5RerNBbtgxA17hV5xErngQFpZk-j06mXgsBB8zaIBw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
3262
last-modified
Tue, 21 Jun 2022 12:31:17 GMT
server
cloudflare
etag
"794c84d30e213ec6a144d64215f07551"
vary
Accept-Encoding
x-goog-generation
1655814677405990
content-type
image/png
content-language
en
x-goog-hash
crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control
public, max-age=7200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Xmati0AdZA%2FyhZ%2BaJWoopNDaRxiuYKtraMukx5hKfr%2Bwjt%2Fzb2gAesyEpwo%2BF4Za%2FjDVRAmK1VP5%2BTnVeqaB4q4lIFmtuQ5eOdBmPxOs8XbQiUTRbQxx4GeiSh8fQXA0bHBjj58Xh8FJaY97AjZ8T7N"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
3262
accept-ranges
bytes
cf-ray
80191e54aaea2bf7-FRA
expires
Mon, 04 Sep 2023 21:01:48 GMT
frame.html
ad4m.at/ Frame 5CEC
2 KB
1 KB
Document
General
Full URL
https://ad4m.at/frame.html
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
546654
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=3600
cf-cache-status
HIT
cf-ray
80191e544b57199e-FRA
content-encoding
br
content-language
en
content-type
text/html; charset=utf-8
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
Wed, 09 Aug 2023 01:00:19 GMT
last-modified
Thu, 25 Aug 2022 14:12:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iaIIeU1pQ47vgrD%2Blpue%2FgYCXL9E0%2BsfjynJurws89m7uogFKHC58gRYyhgq4S6noE8albD8bxKXCMl7ndnbRV9mOZNCFFqtFBxoG9P5TQ4XoYcEXeXvj2A00D83Dppvt9fQSao%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
publishertag.prebid.135.js
static.criteo.net/js/ld/
89 KB
29 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.135.js
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 24 Feb 2023 07:57:32 GMT
server
nginx
etag
W/"63f86dec-16386"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 05 Sep 2023 20:52:50 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 24E7
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CKaMgoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEhgJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAX8toSwxuw_oAkYwzSQDNXJn8VqEaLjVDkL34AXkhpMuzitJOXoB4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzE3Mjg0NTA0Mjk1NTQ0Nhjiwgw&sigh=JH-ruHbiIWw&uach_m=[UACH]&cid=CAQSPABpAlJW3iG4r6-JIhM8zfPbTNCGC_VcAyLByWUnLg2ZAnq6E4La1luup165cj1-T7fYSpOTwZDV9EGnqxgB&cbvp=2&vis=1
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

winResponse
prod-rtb.ad4mat.net/ Frame 24E7
0
103 B
Image
General
Full URL
https://prod-rtb.ad4mat.net/winResponse?a=1k4g5gd9nfqmktt382y6f6qv27ncq691cen3dnb73mj3ns08s0n51zzy3yb7cvsvjp728gm84b47q5hgx71bbpjwvfavyfmwv4w2vq72hs0x3xjagfv4janv5ffkhhv5wdresatfadj7sajh7mvtxrzb6hmkedcxyktcng1j8864wbp5z8wb84qg6nr2prvs4pgyvwqxmczx722nr2t1efabpqfxk9x0pjtxa7tyjkzsnf7rwmgrwvg5qqch0aajqgc7n3y7fxsx97qdnpbb2nhft10kszf88k4ddsxx7e2vh9st4wwbhc1522cajfm0qm8a8yb4k00nbzxyq4myp6hf94j309g7e73pd97b72tna7y8a6hpxjdan80acsykxvrq50znar&b=ZPZDoQAGb_ICJ7tMAAZK8HbZFehEU5ZCmc4S-Q&cbvp=2
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Sep 2023 20:52:50 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
image/gif
rs
ad4m.at/ Frame
0
0
Preflight
General
Full URL
https://ad4m.at/rs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://as.ad4m.at
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin
https://as.ad4m.at
access-control-max-age
1800
allow
HEAD,POST,GET,OPTIONS
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
80191e552e6b35f3-FRA
content-length
24
content-type
text/plain
date
Mon, 04 Sep 2023 20:52:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jACRnJ9FPYBuo9Numr39hbFxyEdASJfqHi0lZz8OJRhxOBDwvhVQPii1AdEaTZSHHVdcXgvPF6SIHzE4oJpTsaaFQxwrmZFsI8wDPDjCCQJanC6JpNqevo35zLEUXEO96vyDRT8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google
x-backend-server
aa-reachservice-group-europe-west1-5ggx
rs
ad4m.at/ Frame 25B4
2 KB
2 KB
XHR
General
Full URL
https://ad4m.at/rs
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5816cb49cb2408b2f7055731cf37ceb0e903acef960f08f3fc4b63bdee795f6c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
via
1.1 google
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDrPPNfZQ%2FyW94OPWawg4wEA53Vvugei79GqDEs1nLXTPr2DkL3cf8YVdTZDrNgMRv2Rzz0HQr434vigrTAp2JVfkMV8ZbRDN5cNffp%2BSPbi%2B7sU%2FNq5vbepNkJehEo70FZHaTI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://as.ad4m.at
access-control-allow-credentials
true
cf-ray
80191e556ee435f3-FRA
x-backend-server
aa-reachservice-group-europe-west1-5ggx
alt-svc
h3=":443"; ma=86400
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012307272333000/ Frame 43D4
222 KB
62 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012307272333000/amp4ads-v0.mjs
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 19:22:21 GMT
age
523829
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62092
x-xss-protection
0
server
sffe
etag
"72571316e23440c4"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 19:22:21 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 43D4
15 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012307272333000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 30 Aug 2023 10:00:11 GMT
age
471159
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5267
x-xss-protection
0
server
sffe
etag
"85c6144a0af9a6d8"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 29 Aug 2024 10:00:11 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 43D4
94 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012307272333000/v0/amp-analytics-0.1.mjs
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 05:50:45 GMT
age
572525
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29055
x-xss-protection
0
server
sffe
etag
"34be4077024c0aa5"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 05:50:45 GMT
amp-animation-0.1.mjs
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 43D4
72 KB
16 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012307272333000/v0/amp-animation-0.1.mjs
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
059b802d3419127f62482543f14c2fee4412686ca9eb86c6908b964354c225a5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 04 Sep 2023 16:22:04 GMT
age
16246
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16721
x-xss-protection
0
server
sffe
etag
"25ccd52f40c06dbd"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 03 Sep 2024 16:22:04 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 43D4
5 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012307272333000/v0/amp-fit-text-0.1.mjs
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 16:22:50 GMT
age
534600
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1908
x-xss-protection
0
server
sffe
etag
"a56399b21b8bf15b"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 16:22:50 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012307272333000/v0/ Frame 43D4
40 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012307272333000/v0/amp-form-0.1.mjs
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 29 Aug 2023 10:05:13 GMT
age
557257
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13018
x-xss-protection
0
server
sffe
etag
"62ea6ad255afcfa9"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 28 Aug 2024 10:05:13 GMT
truncated
/ Frame 43D4
217 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
53b5cef704fd055c65011a6ba2f7dbe63c4e7ef1e3eec984b5859f6cf8e06e66

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
img1.jpg
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
46 KB
46 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/img1.jpg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a24f95be875bbe0bda61851c383abc65e8e967a44556d99b6a2e48bcb97388d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47500
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
img2.jpg
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
16 KB
16 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/img2.jpg
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c625fbad47aab81fc9724322d554eb71b7fdad06f8f8c740b6ebac7a68ae78f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16532
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
logo.png
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/logo.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4452bc4d16309455982365fbe44c9294333c29dc89a7d69d6e7ac9ea92ffafb8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2215
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
txt1.png
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
1 KB
1 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/txt1.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
07314fbdf27444ca6389219142312c3b65b810d23fdff91ef39e60c819e8163b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1279
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
txt2.png
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
4 KB
4 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/txt2.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8652647ec167a325a95cc28390329bf191aaa866a274de47e40149bb09b20dac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3645
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
txt3.png
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
7 KB
7 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/txt3.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f666cb519dd4c35cc655c7e7ecc8a437ea52cf14738a21cf6b1a0ff90e844dbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6888
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
abspann.png
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
5 KB
5 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/abspann.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1db2a90e6e3782834b6f20c298acd4ea7bac24eafe07b457c0f58e2130f442ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5305
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
cta.png
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
1 KB
1 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/cta.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a17e3e49769a59949190c3e07af534cf5f508cf7ceafa6ea4e83a6c608d6573a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1166
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
claim.png
tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/ Frame 43D4
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/sadbundle/16359637977989630573/Vaillant-DE-B2B-BesserImTeam-App-300x250-DCM/img/claim.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2b99e0ac804013dc7370410a8653c4f42082e990c1000809eb9a9aea52d2c97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 10:28:03 GMT
x-content-type-options
nosniff
age
37487
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1718
x-xss-protection
0
last-modified
Mon, 28 Aug 2023 08:58:09 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 03 Sep 2024 10:28:03 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 43D4
2 KB
2 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 21:26:59 GMT
x-content-type-options
nosniff
server
cafe
age
84351
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Mon, 04 Sep 2023 21:26:59 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 43D4
295 B
319 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 21:40:34 GMT
x-content-type-options
nosniff
server
cafe
age
83536
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Mon, 04 Sep 2023 21:40:34 GMT
l
www.google.com/ads/measurement/ Frame 43D4
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQsauGod4zzdYMRDs1ELIgc1p8c-xj-Wmx6lR6T06dMwZPgdxuUoKKaa1VU758mhI3p0P10CYjFQ4toyUsr-od4OQ6RNw
Requested by
Host: ndnation.com
URL: https://ndnation.com/all-smiles-in-irish-romp/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

syncframe
gum.criteo.com/ Frame A037
15 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=ndnation.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:49 GMT
server
Kestrel
server-processing-duration-in-ticks
890857
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
publishertag.prebid.js
static.criteo.net/js/ld/
95 KB
31 KB
XHR
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
82a82b0d01609a866a65587cb8bea49710d570151f8a8e53232124dccf8a4676
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 02 Jan 1970 00:00:00 GMT
server
nginx
etag
W/"15180-17d52"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 05 Sep 2023 20:52:50 GMT
container.html
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 11AC
6 KB
3 KB
Document
General
Full URL
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202307190925/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:49 GMT
expires
Tue, 03 Sep 2024 20:52:49 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
rar
as.ad4m.at/ad/ Frame D0F8
9 KB
4 KB
Document
General
Full URL
https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93f3e27094d9df6c24961ced094670fb3dba859016ee1580276f7602fc8f3ff8
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://as.ad4m.at/ad/dr?ed=1h9e7dy7s9g0d7bhxmpnfbt71by8npemgmdwfc815aaap9cvxzsbba1hpwjt4nt1ts0kjktakja5sppybq276k6p04gncv2swrv1xqz03pw0jjhhsrvnpydw6n12rfx7g9nf56yeq8vvner2nhnqc34p89nq43hgwderj7gxyr34kjeg89wcahf88hc9mz87kzvp7ctycps98e90yjv4jftnhz33crkmxs6vabpv143a662kyamem049qb8280q22mpzw0b4g3qxctvm0sf14vy54bvmggfmcpd2ddf83qkrm346vnwnj24zted85ftyn9e2kkd94766myw5xjf6eheaej4rrp8v935ngs9kngkedy95md5ggnev4a58mqzqgmpg4925kwfk4qdvf314gfpb2v5z5ms2fdshb03jm7f9kn74&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%26client%3Dca-pub-7172845042955446%26adurl%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
80191e57b839199e-FRA
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:50 GMT
expires
0
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy
accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma
no-cache
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
dr
as.ad4m.at/ad/ Frame 5D4E
2 KB
3 KB
Document
General
Full URL
https://as.ad4m.at/ad/dr?ed=1jf2dhcgnjnbhjs7rpxd1hrnb7ew5nz6pykgv0m02mfygx761chnqc6sv88y32dsg3dwe7tw84hc07m7m3wsbs8772jw0pwmh20j12r5fyaba0e2cv4tbjkpfn38e53vf3redhstyxf0cnh1z93cy2hb0v6njn44gxjb6ahg4r7qmqjmqsmsjn6ftsrqj3cddjdntc2tysg1ws0193m23kx7rhrmza1tvwmqskx6vxv31bazxzxa2matmk3ek3nk7t2d8jje65e27207xn6z8b5bvvy3bwpe10h0s6rt3etfpagfpk0hpmhvene0yn5gzhhqr12rgrhfm6hj5751ssqxjpx1jd2yd13crr37w9cs5vs7dhmg7adcz2rrk1p0b710smaznw8qbqhge8q1yxf6bqhyrn01d0tq56ce37nyv2af&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%26client%3Dca-pub-0187116050987673%26adurl%3D
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34649e79dfd8a771d86985fd98a6809b8362ad9e09c69617a3a5da829b297992
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
80191e5818dc199e-FRA
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:50 GMT
expires
0
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy
accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma
no-cache
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 11AC
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/window_focus_fy2021.js
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 12:07:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
31527
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 12:07:23 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 4ECD
1 KB
643 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
34731
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 11:13:59 GMT
etag
48472445140208031
expires
Tue, 05 Sep 2023 11:13:59 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/ Frame 11AC
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230830/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 13:54:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
25117
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8273
x-xss-protection
0
server
cafe
etag
16365778639179992903
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 18 Sep 2023 13:54:13 GMT
l
www.google.com/ads/measurement/ Frame 11AC
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTibrlCQjMDIQeb40ufZo73wcy9adIMNuE7Z1IvJ2g_6G_p2W2gCobEaXjCnU8gwdLdUHteF89RTbJeZrXMhemgf_YhXQ
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 11AC
24 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Thu, 31 Aug 2023 14:21:12 GMT
content-encoding
br
x-content-type-options
nosniff
age
369098
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 30 Aug 2024 14:21:12 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 11AC
181 KB
56 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57780
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1693394992224923"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 04 Sep 2023 20:52:50 GMT
default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame D0F8
114 KB
14 KB
Stylesheet
General
Full URL
https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1687950287
age
1071580
cf-polished
origSize=117335
x-guploader-uploadid
ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 28 Jun 2023 11:05:15 GMT
server
cloudflare
etag
W/"5d49535c2a84a9762127b3d9e77d7e02"
vary
Accept-Encoding
x-goog-generation
1687950315098833
content-type
text/css
x-goog-hash
crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control
public, max-age=3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ikuM%2F8j7MrBab7hAJDphXUxmQjdEbhb0ea2P9iwkJVZGYdcyEsWrchtYw8qbcHrsGDwNeHQ%2BhWHcXKIKSwIIam9Dg3x3y40sLoMsRNHmn8x08MpZBez92CDI01PbDMngwaTDGdjQxs4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
117335
cf-ray
80191e583929199e-FRA
expires
Mon, 04 Sep 2023 21:52:50 GMT
762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
assets.ad4m.at/logo/ Frame D0F8
44 KB
44 KB
Image
General
Full URL
https://assets.ad4m.at/logo/762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1553954
cf-polished
origFmt=png, origSize=65187
alt-svc
h3=":443"; ma=86400
content-length
44710
cf-bgj
imgq:85,h2pri
last-modified
Tue, 17 Jan 2023 14:45:52 GMT
server
cloudflare
etag
"99941d3864a6d6ef01023c96e0475815"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c7c9z%2BTjCLsC7cfRbTI2DLfzCtqD0Z%2B9%2BAsbTw3Ki6BqRlzpo%2B8wvTBYNMxR5iPSm3NhcJlDlgljLNihykv76UJc0GuqffDkVMUHyMDvHvsWuULe27rsQ%2FgACs5p5GkcQkl2I7ORhTEp0PFt"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e585a343803-FRA
expires
Tue, 05 Sep 2023 20:52:50 GMT
809A17869665BC2442C85C79071F874D279E10AD5A86AE0D4E9E4675B3B2990B582EB8C5DC232E59854D169A2BAE7D6FD3BFE1D9A66864681803B10449FB6A8A
assets.ad4m.at/ Frame D0F8
699 KB
701 KB
Image
General
Full URL
https://assets.ad4m.at/809A17869665BC2442C85C79071F874D279E10AD5A86AE0D4E9E4675B3B2990B582EB8C5DC232E59854D169A2BAE7D6FD3BFE1D9A66864681803B10449FB6A8A
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4b8cd0d6d8c57ef39e1bb5cff8557261b3b2f640656680a72e421471032d841

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
777491
cf-polished
origFmt=png, origSize=1123807
alt-svc
h3=":443"; ma=86400
content-length
716228
cf-bgj
imgq:85,h2pri
last-modified
Wed, 26 Jul 2023 14:19:55 GMT
server
cloudflare
etag
"5f84457cb2289c51e589af098eed3611"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOTtMYRGxXm2rQiCOXoZwV7RdUacrF6NxkyEhSM3wB8zTy03eNYRD2M46%2BhohKln3Kb83lVqY%2BVs7vznKghh8ZSMGICjL3w6haAXmQoQ5l2bogMqrYUayWPdiHACfrrZFD1rhE5f0kpLJ3gn"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e585a3b3803-FRA
expires
Tue, 05 Sep 2023 20:52:50 GMT
ztpv.php
www.conrad.de/ Frame D0F8
Redirect Chain
  • https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneid8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzDoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://www.conrad.de/ztpv.php?awc=11354_412871_1693860770_02ed4bb0-4b65-11ee-b98b-2233369fc7ee&insert=AW&&gdpr=0&gdpr_consent=
0
492 B
Image
General
Full URL
https://www.conrad.de/ztpv.php?awc=11354_412871_1693860770_02ed4bb0-4b65-11ee-b98b-2233369fc7ee&insert=AW&&gdpr=0&gdpr_consent=
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Server
2606:4700::6813:afbe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
strict-transport-security
max-age=15552000
cf-ccp-worker
HTLPHandler-v1
server
cloudflare
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-cache
cf-ray
80191e5a6da5bbc1-FRA
content-length
0
expires
-1

Redirect headers

Date
Mon, 04 Sep 2023 20:52:50 GMT
Strict-Transport-Security
max-age=86400
Node
Helix
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location
https://www.conrad.de/ztpv.php?awc=11354_412871_1693860770_02ed4bb0-4b65-11ee-b98b-2233369fc7ee&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set
default
Connection
keep-alive
Content-Length
0
D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame D0F8
74 KB
74 KB
Image
General
Full URL
https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e949f7c00fb28395839347af2832e00b0b17fa659b9107b1fe97e033cffa957

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
546199
cf-polished
origSize=115129, status=vary_header_present
alt-svc
h3=":443"; ma=86400
content-length
75430
cf-bgj
imgq:85,h2pri
last-modified
Tue, 09 Feb 2021 15:11:24 GMT
server
cloudflare
etag
"0a277d59efca0369a6983645e273659e"
vary
X-Goog-Allowed-Resources, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mf36QNESauCeWY8IH%2BTQsFBh6SeRC9%2BD7xtWdhvn9tB%2Bo1cB%2BiQbdeKmp5h43VLoajdmdrdLN0LPACYAOltVXLlzqTNuUgjGwokAUnQGSCuXgCfHFiDTwJ%2FHLeJFCSoW0zBkBTGWyXgAKNpX"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e585a3c3803-FRA
expires
Tue, 05 Sep 2023 20:52:50 GMT
AC141A5CBB54977B2534F8C53AC3663BEDFA436FAE3ACD4988B6899C9BB97ACFAD4B76B4BA1B0B0E1691596C153E31B849811DF48CAC56F53701C63564F90B6A
assets.ad4m.at/product_image/ Frame D0F8
33 KB
34 KB
Image
General
Full URL
https://assets.ad4m.at/product_image/AC141A5CBB54977B2534F8C53AC3663BEDFA436FAE3ACD4988B6899C9BB97ACFAD4B76B4BA1B0B0E1691596C153E31B849811DF48CAC56F53701C63564F90B6A
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e71afd53d34b1a32c15ee776f34aa51869e45820afcc130ee01477b7e9e275e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2568387
cf-polished
qual=85, origFmt=jpeg, origSize=156576
alt-svc
h3=":443"; ma=86400
content-length
34068
cf-bgj
imgq:85,h2pri
last-modified
Tue, 19 Oct 2021 12:48:35 GMT
server
cloudflare
etag
"451fa9b02ae7953b9311aefac697be7e"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2n0gx1Regp%2BoEwQyGkINfa4zLgk8hQLf6CocORaOaWapkWCwWXa%2BkCsqoZEZue2h%2B7Z8pyNNYanMFEhO9bB1VOEeLBnD2gxOVyZ65swGNhLstPCRmbl%2BjUQPTlFVUIRRf7uOQ2yyqk8Qbw%2BH"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e585a3d3803-FRA
expires
Tue, 05 Sep 2023 20:52:50 GMT
/
partner.o2online.de/a/ Frame D0F8
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
  • https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CKmHpIzrkYEDFbmJgwcdl_YGzw;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
  • https://www.telefonica-partner.de/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://www.lead-alliance.net/tpv.php?t=117683V1226132702M&subid=viewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_N...
49 B
1 KB
Image
General
Full URL
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
HTTP/1.1
Server
167.233.13.224 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.224.13.233.167.clients.your-server.de
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:51 GMT
X-NODEIP
46.4.41.145
Server
nginx/1.14.0 (Ubuntu)
RM-PrivacyPolicy
https://www.nonstoppartner.net/
Content-Type
image/gif
P3P
policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection
keep-alive
Keep-Alive
timeout=10
Content-Length
49

Redirect headers

location
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117683&s_id=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&cons=0&spid=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&partnerid=12218
date
Mon, 04 Sep 2023 20:52:51 GMT
x-content-type-options
nosniff
server
nginx
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame D0F8
10 KB
10 KB
Image
General
Full URL
https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2066462
cf-polished
qual=85, origFmt=jpeg, origSize=58124
alt-svc
h3=":443"; ma=86400
content-length
9782
cf-bgj
imgq:85,h2pri
last-modified
Fri, 08 Jul 2022 10:19:52 GMT
server
cloudflare
etag
"b4342e277c43aad9c5020a04564bfd1e"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yamWNxw0FvS1p%2FCQCriN2ReodZnQHMGZo%2BTz2bOFFmaWaR3cO3jHYcoDkmsr7W033Q31iG0rKCCw0uFon6zGVDxggbQZK%2B0rw8q1uda3PpljTNoV947tPQ63WPm%2BaRTnRPH%2FL8uU5euCbsAa"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e585a3e3803-FRA
expires
Tue, 05 Sep 2023 20:52:50 GMT
279BCE6B9568D9AE2B8C70E08B2EFB9090E70FAF0A57016F1FF1164C3FD10E76FA99D7B60FDBA51FCD5C0021F8A6AF19B45972E81F9CF2D592514708334D146B
assets.ad4m.at/ Frame D0F8
48 KB
48 KB
Image
General
Full URL
https://assets.ad4m.at/279BCE6B9568D9AE2B8C70E08B2EFB9090E70FAF0A57016F1FF1164C3FD10E76FA99D7B60FDBA51FCD5C0021F8A6AF19B45972E81F9CF2D592514708334D146B
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b34452c32ec1393e9f2ae9d849683de6302ffad75c1ea07b272b2612a3e4608

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1071993
cf-polished
qual=85, origFmt=jpeg, origSize=118462
alt-svc
h3=":443"; ma=86400
content-length
48886
cf-bgj
imgq:85,h2pri
last-modified
Mon, 22 May 2023 10:37:58 GMT
server
cloudflare
etag
"e187204ef9c8be7cf929e4efd6627a4d"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDcY0VH29V4qqmVuuJ3ajSz6u%2F4EmvAEwo1%2FMN0OtzUFFo6%2Bf9OX9n5n2JYw9Bmy8lxxhJcG0M58r1tBYc230JFAf8S64JLBFdYc%2BHKQKOH6q4EyUM3YPeXEbvuDdCekgrXWuhzV2WAgCD8J"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e585a3f3803-FRA
expires
Tue, 05 Sep 2023 20:52:50 GMT
2aed39855b5f46b777481d90b61d111f
pv.medialead.de/trck/epv/ Frame D0F8
0
466 B
Image
General
Full URL
https://pv.medialead.de/trck/epv/2aed39855b5f46b777481d90b61d111f?t=htlp&subid=oneid13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=537178%2C13957%2C59372&b=8RZUDf8fZQ3phgHJHEtxtkbjfGSwT8J9TzD%2CYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQ%2C13ZsbfKfD47Xt9HdH9tAtb9rC2SKT7Mjf9b&f=ZxJfwfBf8rjdtmHDHDtDCJW8T6SXTx3qa27%2Cq4VSmfWfbPBuZHgHDtRCXXxaeSgTA2japQ%2CwA3SdfjfDQ58tEHRH2tEC867tzSATDzRTXj&c=970&d=90&e=&g=86d08d5580488c6be8a6c117b6f87c73%2F18030715308213989357&i=21596%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860770172&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jzx3efzfbhcvfvphpbbeqg4newym9mpvprg05qx846z3akx2v9qygk2x9vr899gkspcq81pf0cd8fw7xgpy977nmvxyyv310jfj7zxf725xcmkz4b142g8de2shwep22nyvjh7htceg9rncr22pmqqs4261dw3kpngnmxkdxkwnmngtwhp9waeb3trnj984qtewbkff946tsmhcgktxbn5d2dkxhnd5rhhff5xwyxszj078t89qhenzeay6qzbmn8e1hkphzwth6chnyyzg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCkOVPoUP2ZPLfGcz2nsEP8JWZmAGQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi03MTcyODQ1MDQyOTU1NDQ2yAEJqQLM01qRMR6yPuACAKgDAcgDAqoEiQJP0M_Blu82EHwm81MVtgC-BIssf7wsBmVAF7j-JcRrGz5j47d9haFNrEBcz_TBF1Uwzrgc9Abhb_UuBEEHDmnFAR0cNamcnhmZ_mwzGRjNWXkLPkdtFwwx5pgPYo8FpyT6Vu1D3hvJNFQi6e1c9jrxEnGJQ1cWIW8gcVH_dxEGWH9OjKkARyX8Sqrwm1rkagESLi1VtCMnRMgUnAqRPAaqj7vJP9DHPvJ_ifDaI7tWTxojbbexSryzNkFOwxdxNOXYtux1z5zLuxqcwlz1BOQeBubSfmhPVr0wal6fhEvBAT0vgL7mQoioysF4W_5Kp4Be5VApYpbN08I1qZccEo0C1v6VpjrJINqf4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1f3_WkQgcJ4jfwKhhQInwu6ODyZg%2526client%253Dca-pub-7172845042955446%2526adurl%253D&y=1&s=&z=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.193.130 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:51 GMT
Strict-Transport-Security
max-age=15768000
Server
nginx
Host
pv.medialead.de
X-IPLB-Request-ID
D972DA15:968C_91EFC182:01BB_64F643A2_CBFC4AE:22023
X-IPLB-Instance
40027
Vary
Origin
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Allow-Credentials
true
Content-Length
0
Proxy-Host
pv.medialead.de
sid
mug.criteo.com/ Frame A037
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=ndnation.com&sn=ChromeSyncframe&so=3&topUrl=ndnation.com&bundle=ZTkOWF92aUhWNlBmaXc4cVNnbTJ1ODZmdTklMkZzdzl0YUxBZ2dobzdPNGhiWk9hZyUyQkFwc2...
  • https://mug.criteo.com/sid?cpp=MSoHq3wrQWx5eGVneDVBeHdScFAwSlVlL2lNSU5sSndESkFORnl3UjNwTXZYbXJKV0xiRUc5T1kybjliVWNOcVVjS0RWcFZNTTQ4S3laN1d1b1kveXRKVDNHL055ZjZueDlLWEtWMUhYTGd1RmsvVEV3cGwrMTEwSm5DQk...
422 B
652 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=MSoHq3wrQWx5eGVneDVBeHdScFAwSlVlL2lNSU5sSndESkFORnl3UjNwTXZYbXJKV0xiRUc5T1kybjliVWNOcVVjS0RWcFZNTTQ4S3laN1d1b1kveXRKVDNHL055ZjZueDlLWEtWMUhYTGd1RmsvVEV3cGwrMTEwSm5DQkFqa2JGYWRGNmxOTndVN3FuQWpMZDIvL0NSTXprMUdJYU1XOXFIOEcyZDUyeGdLeldGd3hGeVhNRmtWVVZwbjg2RmhQTUh3TU0vYm5KTDRWMjg0OGgvQ2E2aU5IMS82VTljQ05VQWppTjVqVzF1ajFtQzJKQXU0YTA2cjNIVm55bHJPYXg3YmdDSDBCUnQxWmZPTkNuOHZQa1FRbGZwbTlCTUpsMVM0Vnp4My9JNzl4UmRMQT18&cppv=2
Protocol
H2
Server
178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
110e70d5b15665674c9a662a68059aafe3b0712da45e2c27eaedc100c289d45f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
823657
expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:49 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=MSoHq3wrQWx5eGVneDVBeHdScFAwSlVlL2lNSU5sSndESkFORnl3UjNwTXZYbXJKV0xiRUc5T1kybjliVWNOcVVjS0RWcFZNTTQ4S3laN1d1b1kveXRKVDNHL055ZjZueDlLWEtWMUhYTGd1RmsvVEV3cGwrMTEwSm5DQkFqa2JGYWRGNmxOTndVN3FuQWpMZDIvL0NSTXprMUdJYU1XOXFIOEcyZDUyeGdLeldGd3hGeVhNRmtWVVZwbjg2RmhQTUh3TU0vYm5KTDRWMjg0OGgvQ2E2aU5IMS82VTljQ05VQWppTjVqVzF1ajFtQzJKQXU0YTA2cjNIVm55bHJPYXg3YmdDSDBCUnQxWmZPTkNuOHZQa1FRbGZwbTlCTUpsMVM0Vnp4My9JNzl4UmRMQT18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
307789
content-length
0
expires
0
default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame 5D4E
114 KB
14 KB
Stylesheet
General
Full URL
https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jf2dhcgnjnbhjs7rpxd1hrnb7ew5nz6pykgv0m02mfygx761chnqc6sv88y32dsg3dwe7tw84hc07m7m3wsbs8772jw0pwmh20j12r5fyaba0e2cv4tbjkpfn38e53vf3redhstyxf0cnh1z93cy2hb0v6njn44gxjb6ahg4r7qmqjmqsmsjn6ftsrqj3cddjdntc2tysg1ws0193m23kx7rhrmza1tvwmqskx6vxv31bazxzxa2matmk3ek3nk7t2d8jje65e27207xn6z8b5bvvy3bwpe10h0s6rt3etfpagfpk0hpmhvene0yn5gzhhqr12rgrhfm6hj5751ssqxjpx1jd2yd13crr37w9cs5vs7dhmg7adcz2rrk1p0b710smaznw8qbqhge8q1yxf6bqhyrn01d0tq56ce37nyv2af&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%26client%3Dca-pub-0187116050987673%26adurl%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/dr?ed=1jf2dhcgnjnbhjs7rpxd1hrnb7ew5nz6pykgv0m02mfygx761chnqc6sv88y32dsg3dwe7tw84hc07m7m3wsbs8772jw0pwmh20j12r5fyaba0e2cv4tbjkpfn38e53vf3redhstyxf0cnh1z93cy2hb0v6njn44gxjb6ahg4r7qmqjmqsmsjn6ftsrqj3cddjdntc2tysg1ws0193m23kx7rhrmza1tvwmqskx6vxv31bazxzxa2matmk3ek3nk7t2d8jje65e27207xn6z8b5bvvy3bwpe10h0s6rt3etfpagfpk0hpmhvene0yn5gzhhqr12rgrhfm6hj5751ssqxjpx1jd2yd13crr37w9cs5vs7dhmg7adcz2rrk1p0b710smaznw8qbqhge8q1yxf6bqhyrn01d0tq56ce37nyv2af&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%26client%3Dca-pub-0187116050987673%26adurl%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1687950287
age
1071580
cf-polished
origSize=117335
x-guploader-uploadid
ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 28 Jun 2023 11:05:15 GMT
server
cloudflare
etag
W/"5d49535c2a84a9762127b3d9e77d7e02"
vary
Accept-Encoding
x-goog-generation
1687950315098833
content-type
text/css
x-goog-hash
crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control
public, max-age=3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22X6e0lD2htErPGQ5mhKndKWZkSdWHkjCgsTSfQQu4KeO1hvk%2BobaHmxoVMkcRXIrzw2gwwNiI%2B6DjYMAGtJBY%2FBqpiJr4LoJvZOTFy7%2FKufUvsX5Kbk72mJ8uu4uv93rg6bS6ulPjc%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
117335
cf-ray
80191e5899be199e-FRA
expires
Mon, 04 Sep 2023 21:52:50 GMT
r62eglto.js
ad4m.at/ Frame 5D4E
25 KB
10 KB
Script
General
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jf2dhcgnjnbhjs7rpxd1hrnb7ew5nz6pykgv0m02mfygx761chnqc6sv88y32dsg3dwe7tw84hc07m7m3wsbs8772jw0pwmh20j12r5fyaba0e2cv4tbjkpfn38e53vf3redhstyxf0cnh1z93cy2hb0v6njn44gxjb6ahg4r7qmqjmqsmsjn6ftsrqj3cddjdntc2tysg1ws0193m23kx7rhrmza1tvwmqskx6vxv31bazxzxa2matmk3ek3nk7t2d8jje65e27207xn6z8b5bvvy3bwpe10h0s6rt3etfpagfpk0hpmhvene0yn5gzhhqr12rgrhfm6hj5751ssqxjpx1jd2yd13crr37w9cs5vs7dhmg7adcz2rrk1p0b710smaznw8qbqhge8q1yxf6bqhyrn01d0tq56ce37nyv2af&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%26client%3Dca-pub-0187116050987673%26adurl%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 11 Jul 2023 16:29:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
534141
etag
W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ccdgDfVOVjqyVfi4qeLXvYu7hbrG8%2FORjQr4CLFcGik5kerTUd15YGJF3zmp5FLvDAv9q%2BYNx809Sd71TXhQ07R9aG2OZIhHD2yF2ic4a4qAhvuKM%2FZJ0zombSLmYG7njLK%2Frk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray
80191e5899c0199e-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 29 Aug 2023 16:30:19 GMT
truncated
/ Frame 11AC
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c25520d256fae2b4cab704a9a089f685cc95eb00cc8477e731a2e539dd726150

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/png
current
dclk-match.dotomi.com/match/bounce/ Frame 4ECD
0
104 B
Image
General
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEO9vVVCFhWTephLqq0HKils&google_cver=1&google_push=AXcoOmRxR99cQaCdjNcBCiVfrVfqEJHCzJsShFfMUHDGjLJIDTwbrNJG4VQ67hRc5xYu1OTngGy00sofgq36shWokU8Wo14pp9Y8wzwBg8bK0MKPJ-9ghGCLgmbIv3lSb6vFwrH9n7XUghwsKHc
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
google
match.adsrvr.org/track/cmf/ Frame 4ECD
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEOJ3esvqrWPevYEI32Mym7E&google_cver=1&google_push=AXcoOmQIxJGec1_6dKpCKp_WF8TwvmFlyhxVdgJhPDpjtTH37pCu5fUPwfq2XYD3O5yGUd250VmQCg6L3cymZ9CkbG6OPBJ89CkdJXKUN4BVake7fLVYWTji6Q0yOvM1expWim3pfhRZTueDF2s
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 4ECD
Redirect Chain
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEIQLNTvA8C-WLp5GNP0rzZg&google_cver=1&google_push=AXcoOmQILo9S3svNNg6bdiowMEwtLuHBtSC_BifSka4EVauKRwcCPzOWBum6hgFZUmwQ3KtaQVFhXGspBYu...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQILo9S3svNNg6bdiowMEwtLuHBtSC_BifSka4EVauKRwcCPzOWBum6hgFZUmwQ3KtaQVFhXGspBYuI9LS3SxK_ZTYv3NTyjez56nSYYq1K1gEJ95wZN6083927XeC...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQILo9S3svNNg6bdiowMEwtLuHBtSC_BifSka4EVauKRwcCPzOWBum6hgFZUmwQ3KtaQVFhXGspBYuI9LS3SxK_ZTYv3NTyjez56nSYYq1K1gEJ95wZN6083927XeC7oYz8R-VeuMu3KTE&google_hm=fBlI9W5pSK60AeBfT5MMPBU
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
via
1.1 google
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CUR OUR NOR"
status
302
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmQILo9S3svNNg6bdiowMEwtLuHBtSC_BifSka4EVauKRwcCPzOWBum6hgFZUmwQ3KtaQVFhXGspBYuI9LS3SxK_ZTYv3NTyjez56nSYYq1K1gEJ95wZN6083927XeC7oYz8R-VeuMu3KTE&google_hm=fBlI9W5pSK60AeBfT5MMPBU
content-type
text/html;charset=UTF-8
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4ECD
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPqeR4ZtdZnGurEEil-qMqQ&google_cver=1&google_push=AXcoOmQwhIus08YwkaX5GiWMDxN5UnuK73thOYTOj1-M_stF5wD2l3l-FW8h2NKhSbfb_tjB1RL6FLtJvLtm0x...
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTA3NjYxMTE0OTM5NjExNQ%3D%3D&google_push=AXcoOmQwhIus08YwkaX5GiWMDxN5UnuK73thOYTOj1-M_stF5wD2l3l-FW8h2NKhSbfb_tjB1RL6FLtJvLtm0xFlTU...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTA3NjYxMTE0OTM5NjExNQ%3D%3D&google_push=AXcoOmQwhIus08YwkaX5GiWMDxN5UnuK73thOYTOj1-M_stF5wD2l3l-FW8h2NKhSbfb_tjB1RL6FLtJvLtm0xFlTU9OMZdOR_smUIB2zbvnkLKqvDwWWD6ycvgGcMCNS8hh0xsX6ukFrQXUFCw
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3NTA3NjYxMTE0OTM5NjExNQ%3D%3D&google_push=AXcoOmQwhIus08YwkaX5GiWMDxN5UnuK73thOYTOj1-M_stF5wD2l3l-FW8h2NKhSbfb_tjB1RL6FLtJvLtm0xFlTU9OMZdOR_smUIB2zbvnkLKqvDwWWD6ycvgGcMCNS8hh0xsX6ukFrQXUFCw
Date
Mon, 04 Sep 2023 20:52:50 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
sync
x.bidswitch.net/ Frame 4ECD
43 B
145 B
Image
General
Full URL
https://x.bidswitch.net/sync?ssp=google&google_gid=CAESENufU7qZypIL_EJfZKwEGKA&google_cver=1&google_push=AXcoOmQ-uhJoUO6ydV2kPIfwaHwkOOQVGPv7sH1k9a_4C8t60oUzX-RNYKQcKc48WdFpGeNp119JE47uv6JXwRMbsuEIbaBUgg3ksEUkNtIEPmUj-cRc15TltKmKODkoMxlJdH5OYiCXZVmGVw
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.158.83.223 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-83-223.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
pixel
cm.g.doubleclick.net/ Frame 4ECD
Redirect Chain
  • https://d5p.de17a.com/cookies/google?google_gid=CAESEBc_srK-FNq2jf-qV3HOLtw&google_cver=1&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKXXx...
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESEBc_srK-FNq2jf-qV3HOLtw&google_cver=1&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKX...
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKXXxM4TlGbGd...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKXXxM4TlGbGd-WwFmF0NhcRDOreVUn4xZCcMFBizFRg6Qx-d9vLQ6rA
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR-N85piJE5SNYvBX_LFKzobEj3cFg2Rgd_SDiiX5CB8aULJfktup0PgxnRPar7uq83lFZnGrhUaE42IbCQbQcKXXxM4TlGbGd-WwFmF0NhcRDOreVUn4xZCcMFBizFRg6Qx-d9vLQ6rA
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame 4ECD
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJh_X00qVnvBatJetXqs4T0&google_cver=1&google_push=AXcoOmROf1T0y-5XMahVx5wkB3eSi6UPAqtxUQlkvwJix9Oadvr59g2b2HvQ5qfoDHTMsmZE-Pi3y3m2...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmROf1T0y-5XMahVx5wkB3eSi6UPAqtxUQlkvwJix9Oadvr59g2b2HvQ5qfoDHTMsmZE-Pi3y3...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmROf1T0y-5XMahVx5wkB3eSi6UPAqtxUQlkvwJix9Oadvr59g2b2HvQ5qfoDHTMsmZE-Pi3y3m2JJc7Ge_4iI2R1zsRY4GsGAPRKVbTv54czBKOGPZum0SLOWI1IuIi68snnw4hbKl7toQ
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjUzMDI2NDQ5NzYwODkxMzI2Ng&google_push=AXcoOmROf1T0y-5XMahVx5wkB3eSi6UPAqtxUQlkvwJix9Oadvr59g2b2HvQ5qfoDHTMsmZE-Pi3y3m2JJc7Ge_4iI2R1zsRY4GsGAPRKVbTv54czBKOGPZum0SLOWI1IuIi68snnw4hbKl7toQ
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
attr
cm.g.doubleclick.net/pixel/ Frame 4ECD
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KkXgLOH8bFm3GXmSoaJ_jBVA6Xxiq4tfNBrZk8DNautFofQRG_xHBJ_QQgIsiXmFR-6XsJ
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 5D4E
3 KB
3 KB
Image
General
Full URL
https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:50 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
535
x-guploader-uploadid
ADPycdsbbnt5NrGD8XWC9mz7OThy64CUbvokcgdlXT8JWFSQN4ce5RerNBbtgxA17hV5xErngQFpZk-j06mXgsBB8zaIBw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
content-length
3262
last-modified
Tue, 21 Jun 2022 12:31:17 GMT
server
cloudflare
etag
"794c84d30e213ec6a144d64215f07551"
vary
Accept-Encoding
x-goog-generation
1655814677405990
content-type
image/png
content-language
en
x-goog-hash
crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control
public, max-age=7200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpAYWZzGpKOLusC03Igj1U%2BxYwm9JWXfvLV3ENF1wrl01YH8prSLCNOwhNr2yUhRwX5B6lfsSZH%2Fvcp3eF%2BYA1unSj3MN2GTL1a%2Fp6GwMeA7UtyGO%2BO17PDYAzo1soJN0QwC99YavN%2FOKs7dpxCyjhNW"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
3262
accept-ranges
bytes
cf-ray
80191e59ea212bf7-FRA
expires
Mon, 04 Sep 2023 21:01:48 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 43D4
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C3aMgoUP2ZNj8I-eykdUP98mL4AvrufDlcomN4JfoEcDayIenPxABILrXpRVglYKAgLAHoAHOw7L-A8gBCakCXUrA9bAXsj7gAgCoAwHIAwiqBPYBT9BicqtJElyNFseDf_BLXGy026qaDin1D30tMm3ELUTqc1NIX2BDG7iD-pEnxQfF3X4FCmf9iklLP8ScAuBQv5xr2XCGKbzhCFeGNaud0WFWiTctbyWFEJzU2jwtHJdekSUsyJRvQmLKwBzI4YU6f1sswC2cq-v8H5ty-mtNP1VqA1m2GIZo5sf3MRQes6m6-LQQr25jM7Oo4YwIDIjjMnuvqSnAoaIlX_AlidpbsiSuj9OWL_emOuW-92_2k-Uh2IHIrTjxzql6bzho7MYzmc47U0JdV7JJjEi2Sxkye2yF04aOLKeM3JyYzi5wEt2rOmISKSjcwASV5vSDtwTgBAGIBdn1uqNMoAYugAeavM0BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ_JkD0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOpoJP2h0dHA6Ly93d3cudmFpbGxhbnQuZGUvZmFjaHBhcnRuZXJuZXQvdW50ZXJzdHVldHp1bmctbWl0LXRvb2xzL4AKAcgLAdgTA4gUAdAVAZgWAYAXAbIXHgocCAASFHB1Yi0wMTg3MTE2MDUwOTg3NjczGOLCDA&sigh=utTPznnZ6eg&uach_m=[]&ase=2&cid=CAQSPABpAlJWQactB7M_RCdDexzQCG1k7cW5rTtOQN04IKgj5vl3Z6H4ejpK7VmUWU5_D1q9kNwmEeLWWg876xgB&template_id=419&cbvp=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

frame.html
ad4m.at/ Frame B9CE
2 KB
1 KB
Document
General
Full URL
https://ad4m.at/frame.html
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
546655
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=3600
cf-cache-status
HIT
cf-ray
80191e5a1bd4199e-FRA
content-encoding
br
content-language
en
content-type
text/html; charset=utf-8
date
Mon, 04 Sep 2023 20:52:50 GMT
expires
Wed, 09 Aug 2023 01:00:19 GMT
last-modified
Thu, 25 Aug 2022 14:12:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XkULeeP68Tsi6y8PyUNg%2FEGKe%2FRwTFdS9NLGhNUFZ7Mt9DSjd9Ds7vLnekLSialYnzeb34vdYZYpMUzxMzqBgMQely3Joz6aSpWiz5hqNJahyrp7uqXMcGMB6FWVDYhl%2FYX62no%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
activeview
pagead2.googlesyndication.com/pcs/ Frame 24E7
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss7s41lOPiFOXa9GmzFjvmgIsMQy9b2jiTdasWSDUgXXjf6njcRoAwNafrPuWDRbOozT-HUUf-9e3al3NTNrsk5FLNhKY03d8Bx3KP3&sig=Cg0ArKJSzIUZ27sriiVKEAE&id=lidar2&mcvt=1012&p=134,315,224,1285&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=718374510&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693860769660&rpt=210&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 11AC
0
0
Image
General
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CCd5XoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoE_QFP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl7ZPJTQgD_GnxLIPb9Dc058-fiFIa12hNocYa57L7JWdWkqTSSve4AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItMDE4NzExNjA1MDk4NzY3Mxjiwgw&sigh=g39gLiQh0KA&uach_m=[UACH]&cid=CAQSPABpAlJWKVbicbhlw5rURgRgA1q6YLGpXbEcob3dA1eEKnhH7rYh13xxOdYl3wRaApD5YfCbIT-l3TIs0RgB&cbvp=2&vis=1
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

winResponse
prod-rtb.ad4mat.net/ Frame 11AC
0
39 B
Image
General
Full URL
https://prod-rtb.ad4mat.net/winResponse?a=1ky17fzya5m31k9bdrr7j8ab5naq6mj8kejpt1jw9kwf6g1bt3n2yb7815qppnn7srztn1resgewtx6mgemcr8xxn917s68qjpvand6wnac1kh6e5h7x1x33gcebgnah681gb29z28czrd2c15f5q96zkzfy3msz3psn7bj00q02nxve68be39eat8brjsv3mgvakw4bxm0t4ckkdhjvz8pd0yzcg64ywbr48gfh25jg2pmhtx7n8e6bn16n7zeh8jgms7jx6fypbwjwv6kqn4datmx81szqtzzbzaedak0cb121sq40c09w3p370ermq183bjpsyjaae9chp99zvthp9rnyxc3c9a374e4jsvfqw5jpsx0f42g79nbtcshd68r8mrfh54&b=ZPZDoQANJNoCJ6S5AA2CENnFepYT1H7W0d3NaQ&cbvp=2
Requested by
Host: 2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
URL: https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 04 Sep 2023 20:52:50 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
image/gif
rs
ad4m.at/ Frame 5D4E
2 KB
2 KB
XHR
General
Full URL
https://ad4m.at/rs
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a11bee2c3c27f9753dd24b6d62e0e00bb4e3965f3f903cf4f0037d3cb7031c8

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
via
1.1 google
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aa0othiyrUXEzJKsq2a%2BoM0jEdhNl3pMsPrO7KwGWXRc8QtOFq7t1w6g5z1ZTKO4Nh0vYXcsvk1WFr6zkgxwkSCf%2BeDuJk8BGv%2FdBgLrVHloPjo8h3yF9Sm15%2FcFP4k7HdKc1M0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://as.ad4m.at
access-control-allow-credentials
true
cf-ray
80191e5ace6c35f3-FRA
x-backend-server
aa-reachservice-group-europe-west1-n2rc
alt-svc
h3=":443"; ma=86400
rs
ad4m.at/ Frame
0
0
Preflight
General
Full URL
https://ad4m.at/rs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://as.ad4m.at
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin
https://as.ad4m.at
access-control-max-age
1800
allow
HEAD,POST,GET,OPTIONS
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
80191e5a7e0135f3-FRA
content-length
24
content-type
text/plain
date
Mon, 04 Sep 2023 20:52:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=33qYrI2LSnDd7lCt54oLhTd2TgwZWSIt7VxURBlHNpBo6Nf2H%2FS3p1Z4N903yhL3iZ3Qkn%2BASS4wDSLnIF47ZCPESfgyvjqj2%2FdutUXc7MXugBuujZ3OgejQoz0CyKRsgNse0KM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google
x-backend-server
aa-reachservice-group-europe-west1-5ggx
rar
as.ad4m.at/ad/ Frame 2AD4
13 KB
5 KB
Document
General
Full URL
https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75e1fa2a536044ddea28bbfbc8b95a57e73eaae59d2afd21fce22d0459fb140f
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://as.ad4m.at/ad/dr?ed=1jf2dhcgnjnbhjs7rpxd1hrnb7ew5nz6pykgv0m02mfygx761chnqc6sv88y32dsg3dwe7tw84hc07m7m3wsbs8772jw0pwmh20j12r5fyaba0e2cv4tbjkpfn38e53vf3redhstyxf0cnh1z93cy2hb0v6njn44gxjb6ahg4r7qmqjmqsmsjn6ftsrqj3cddjdntc2tysg1ws0193m23kx7rhrmza1tvwmqskx6vxv31bazxzxa2matmk3ek3nk7t2d8jje65e27207xn6z8b5bvvy3bwpe10h0s6rt3etfpagfpk0hpmhvene0yn5gzhhqr12rgrhfm6hj5751ssqxjpx1jd2yd13crr37w9cs5vs7dhmg7adcz2rrk1p0b710smaznw8qbqhge8q1yxf6bqhyrn01d0tq56ce37nyv2af&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%26client%3Dca-pub-0187116050987673%26adurl%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
80191e5b1d8e199e-FRA
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:51 GMT
expires
0
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy
accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma
no-cache
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame 2AD4
114 KB
14 KB
Stylesheet
General
Full URL
https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1687950287
age
1071581
cf-polished
origSize=117335
x-guploader-uploadid
ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 28 Jun 2023 11:05:15 GMT
server
cloudflare
etag
W/"5d49535c2a84a9762127b3d9e77d7e02"
vary
Accept-Encoding
x-goog-generation
1687950315098833
content-type
text/css
x-goog-hash
crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control
public, max-age=3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RmTOdr8IyZ%2F63SQJEgkeL5hBGtsGRtuIZjnIJ4JQQbc9cURY%2BccLlabn7xyqQf3gJbiuO7aH5dJMTWTLuoTGwv96tcAVzSIMu8cA%2FOXXzehjsDjItFGNYqbre8AX7pr3H07W25Z9XuI%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
117335
cf-ray
80191e5b6e01199e-FRA
expires
Mon, 04 Sep 2023 21:52:51 GMT
807FC0314300FD3D7EA2A3865EB887A86EFDAC77BDFCACB7C49E7904A10BC6EE8F804F370DD32A67945E13F906FCB6989AB80F264BEC5568EF9AABD964B68990
assets.ad4m.at/logo/ Frame 2AD4
6 KB
6 KB
Image
General
Full URL
https://assets.ad4m.at/logo/807FC0314300FD3D7EA2A3865EB887A86EFDAC77BDFCACB7C49E7904A10BC6EE8F804F370DD32A67945E13F906FCB6989AB80F264BEC5568EF9AABD964B68990
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8aedce5ce280bf3c1e99fa9b36cb226e62cd39cf77c1f0c5660a6cab7bdece3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2421602
cf-polished
origFmt=png, origSize=11357
alt-svc
h3=":443"; ma=86400
content-length
5848
cf-bgj
imgq:85,h2pri
last-modified
Fri, 09 Jun 2023 08:41:46 GMT
server
cloudflare
etag
"ccfbd2e3feb27487a1f6d1f6b03866aa"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SzmDgHDDQVQd1WwO2sRfTVC4zslCEJjkmGEgGSCMawyuahzjOx%2FfmaZpGcsUo0kUB%2Fl1h%2FXOMDz5TiOhCJ3VuPEpvT9VGTOMAIxG1NMhjGJOjnIMofWJeQHOXPnETMaYhMX0tJpqk1oGZHLl"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e5b6e02199e-FRA
expires
Tue, 05 Sep 2023 20:52:51 GMT
2D65771C4E99642761C25D51AEBBCFD65B43B5413EF19697CC1FB2CD4144CA8006EDEBD7BBE3473EC0E77D5B95CFC345D27520E24E58F21FCA62F0BF53BC962B
assets.ad4m.at/ Frame 2AD4
183 KB
184 KB
Image
General
Full URL
https://assets.ad4m.at/2D65771C4E99642761C25D51AEBBCFD65B43B5413EF19697CC1FB2CD4144CA8006EDEBD7BBE3473EC0E77D5B95CFC345D27520E24E58F21FCA62F0BF53BC962B
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64f88a75df6eeef2e778f967a36f861c2005c64fb8b567a17a8f98878e351255

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2497355
cf-polished
origFmt=png, origSize=289744
alt-svc
h3=":443"; ma=86400
content-length
187558
cf-bgj
imgq:85,h2pri
last-modified
Fri, 23 Jun 2023 11:11:49 GMT
server
cloudflare
etag
"17decb4f4cab809ec8159433a7f13627"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3b%2FRBX2oHDHOXAL0TRUF2zDdJNcZIKtRSVfmUecpBmYS51MvO65Tmyd6u7dl%2BsSZLzONOJ4DacLodX08Xj6Tsej1K5JwP1G7s93xrwwMIPCVTst0GpTVMUEkJZYEspelIE0ZkmG4EHdBN%2F3G"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e5b6e04199e-FRA
expires
Tue, 05 Sep 2023 20:52:51 GMT
63CADBEA68649ECF1642645CEB25DF73A19E0B4D7735826E76E1CFE7786A55E8278917477BD44BA47017F94D7AA0F7B3A1C8F0FE880A090BE49650B6F1EAF6D9
assets.ad4m.at/logo/ Frame 2AD4
9 KB
9 KB
Image
General
Full URL
https://assets.ad4m.at/logo/63CADBEA68649ECF1642645CEB25DF73A19E0B4D7735826E76E1CFE7786A55E8278917477BD44BA47017F94D7AA0F7B3A1C8F0FE880A090BE49650B6F1EAF6D9
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50e734ffcdc09b70990c3eeab77d174cf6eb23513ced5bbe8204a12f934f6bca

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1813612
cf-polished
origSize=12956, status=vary_header_present
alt-svc
h3=":443"; ma=86400
content-length
8950
cf-bgj
imgq:85,h2pri
last-modified
Tue, 29 Mar 2022 14:32:10 GMT
server
cloudflare
etag
"c6c297b07f296b60586b8613b6e9b5cd"
vary
X-Goog-Allowed-Resources, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjsO2SuIqgTieK7sdNTkn9KR1fPa%2FHjzdlNVAAwlGbDyBQTqvhZLJ0Ix68p923E%2BrWufOEgjNu5%2FbYhK422lsIWRirKdpMgwvzGYGPE8bI6b%2FIdKEaIEEm%2BtuYLnI2q3rMb0CtHHGWy6vD99"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e5b6e06199e-FRA
expires
Tue, 05 Sep 2023 20:52:51 GMT
A290FB32C3CD17E30EABAAAC51275DC38FA2A2B372BE62031F552E1A8212BBA05286FFE21393F5511F67356FC5DA6D062DDAC9B6677230AA33BD1E7B84B05A27
assets.ad4m.at/product_image/ Frame 2AD4
422 KB
423 KB
Image
General
Full URL
https://assets.ad4m.at/product_image/A290FB32C3CD17E30EABAAAC51275DC38FA2A2B372BE62031F552E1A8212BBA05286FFE21393F5511F67356FC5DA6D062DDAC9B6677230AA33BD1E7B84B05A27
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16137866f93d5d309967f967d27a360c79fa570bb280257e5a06ae228a9fbd6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2568388
cf-polished
origFmt=png, origSize=632572
alt-svc
h3=":443"; ma=86400
content-length
432518
cf-bgj
imgq:85,h2pri
last-modified
Wed, 29 Dec 2021 17:30:00 GMT
server
cloudflare
etag
"ee529fd62e145fb264303add5fb5a944"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SqcEl8vXKJgLd1aF1dQFk7Rccy3l3DOn%2BTPcBwO4CFu%2BJoo%2Bn%2FCTSyV%2FuUaCVOINryk83DuRURZUPFqFU9NnBHSfEgkPzXXI1aDzwLRpzthcFDFPQpiPUMPWodjyt8oZamRIpFXWwe7PZzS3"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e5b6e07199e-FRA
expires
Tue, 05 Sep 2023 20:52:51 GMT
F1668CEEF41AAD8A0C029F9D23FE46EC6F8068CDC15DA60F85AFC1E3BD14A8C560B4DF91D88D53A78DBCC7160246BC21A8B17CCED604428331EE91402A545B83
assets.ad4m.at/logo/ Frame 2AD4
9 KB
10 KB
Image
General
Full URL
https://assets.ad4m.at/logo/F1668CEEF41AAD8A0C029F9D23FE46EC6F8068CDC15DA60F85AFC1E3BD14A8C560B4DF91D88D53A78DBCC7160246BC21A8B17CCED604428331EE91402A545B83
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e06abcb0bba197caada9cde8eab6127a2b3289561f9b174e8ca88e4eb44dce3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1910198
cf-polished
qual=85, origFmt=jpeg, origSize=25166
alt-svc
h3=":443"; ma=86400
content-length
9164
cf-bgj
imgq:85,h2pri
last-modified
Wed, 12 Jul 2023 08:51:14 GMT
server
cloudflare
etag
"d9606503812d4553e90c96568634c258"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjC0mzZFDAh2t2zRl2tL8x5gDRRnODwpvbossC5UNkRAPPM1%2FjHMt%2BWgdo7js9flKb3WjvHm3aM%2B9QkuCDXYYNSC5bjSxW5fNkTzBgc8aky8iy5CQ97wRtFkEdysSk2AOJPsuZWOYRw5taz5"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e5b6e0a199e-FRA
expires
Tue, 05 Sep 2023 20:52:51 GMT
88CC909826E8B4C77ABC3658EC13E506031E77495EE6E0D8A505DD6F27F28126A08A0386A08E12A1BDA9EFD1F5720E85A3B5D3A4C1C896B097477EAFDB1C037C
assets.ad4m.at/ Frame 2AD4
60 KB
61 KB
Image
General
Full URL
https://assets.ad4m.at/88CC909826E8B4C77ABC3658EC13E506031E77495EE6E0D8A505DD6F27F28126A08A0386A08E12A1BDA9EFD1F5720E85A3B5D3A4C1C896B097477EAFDB1C037C
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aad52fad01f205d360b0d8b5a2efed7e0d48bd1f78427daa442061c3f653714

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1914288
cf-polished
qual=85, origFmt=jpeg, origSize=92358
alt-svc
h3=":443"; ma=86400
content-length
61602
cf-bgj
imgq:85,h2pri
last-modified
Wed, 12 Jul 2023 08:50:33 GMT
server
cloudflare
etag
"95a44b5901a2d185ed20c520a333b7b0"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kc00ynyjO%2BnwXAxUxi6QwjOX7n4muvcMiY%2BKOO%2FEj1XrHaPYYx5KIxXGbYc0OwfMvomzU01v1lbzG6ZYg%2BfhCjkYrvDRD2LRAB274PPanOkU3LpPl7F9Gq75aQAGZuhsHItC%2BNVF3Gi3gJBh"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
80191e5b6e0b199e-FRA
expires
Tue, 05 Sep 2023 20:52:51 GMT
/
banner.congstar.de/cookie/ Frame 2AD4
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
  • https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CMTSvozrkYEDFVyPgwcdMVMLDg;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
  • https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneiddEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJkoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1693860771_033ea003-4b65-11ee-b98b-2233369fc7ee
0
550 B
Image
General
Full URL
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1693860771_033ea003-4b65-11ee-b98b-2233369fc7ee
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
HTTP/1.1
Server
87.118.116.9 Berlin, Germany, ASN31103 (KEYWEB-AS, DE),
Reverse DNS
km36617.keymachine.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:51 GMT
Server
Apache
P3P
CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
0

Redirect headers

Date
Mon, 04 Sep 2023 20:52:51 GMT
Strict-Transport-Security
max-age=86400
Node
Helix
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1693860771_033ea003-4b65-11ee-b98b-2233369fc7ee
Awin-Akamai-Rule-Set
default
Connection
keep-alive
Content-Length
0
/
beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/ Frame
0
0
Preflight
General
Full URL
https://beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.177.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-177-59.mxp53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
PUT
Origin
https://ndnation.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
OPTIONS,PUT
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Mon, 04 Sep 2023 20:52:51 GMT
via
1.1 0ad2d33f6ff79860fbe5108c38207a82.cloudfront.net (CloudFront)
x-amz-apigw-id
Kv-BlHcvoAMEo0A=
x-amz-cf-id
LX_W6OK9W1-2ebIGZFABM_H5e6QYh6Jx3y8ziexCsB9OE96S86inQw==
x-amz-cf-pop
MXP53-P1
x-amzn-requestid
83db2603-e5e6-4570-b703-d42d3c47560d
x-cache
Miss from cloudfront
/
beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/
110 B
470 B
XHR
General
Full URL
https://beacons.cloudmcapp.com/prod_putbeacons/streams/beacon_datastream_prod/beaconrecord/
Requested by
Host: tg1.aniview.com
URL: https://tg1.aniview.com/api/adserver/spt?AV_TAGID=6256fe729c5a4736b15c6a6a&AV_PUBLISHERID=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.177.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-177-59.mxp53.r.cloudfront.net
Software
/
Resource Hash
4420c39ec96f5a718173e5896db982275908de27099a964dcd67726e3a95df0e

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
via
1.1 0ad2d33f6ff79860fbe5108c38207a82.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP53-P1
x-amzn-trace-id
Root=1-64f643a3-5cd5029301f296e71434343e
x-amzn-requestid
37d2c92c-6d0b-4fe3-8c7a-672f6bd5d084
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
Kv-BnHlhIAMEDxA=
content-length
110
x-amz-cf-id
12tt17ssbNbFdig9v9D2e9_UTvQJ6jxCdmVJFvSiqvsEACv0k0HCLQ==
link.html
track.webgains.com/ Frame 2AD4
0
0
Script
General
Full URL
https://track.webgains.com/link.html?wglinkid=3756941&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1ht14t1dynak7x52m6x37sgdh1b6e9j2rd898ahs6r9dx671ek6q16p99x39b9mehcb502n699b6zva8ngkex4eq411s4mh5xpm13qd2haes0ax3jd6n0x4cybdeqcbv81xwb9sgnpmwhwr20nc4ntm9n0gaa24wcrdf6v2g6n4c5xbdj7bezr4wtpybrt4q3e9vtqd0zjyje0zhh3w388mmgq0xt35adjmey9gmp6a185fqg6s7680r6kgs28esen7g%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%252526client%25253Dca-pub-0187116050987673%252526adurl%25253D&clickref=oneid13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&viewref=oneid9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeEoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.234.224 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-234-224.eu-west-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
server
awselb/2.0
content-length
45
content-type
text/html
link.html
track.webgains.com/ Frame 2AD4
2 KB
2 KB
Script
General
Full URL
https://track.webgains.com/link.html?wglinkid=3098581&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hfek88bd5g8pbh1cr55608m97j6n2fykf2dk29dvj9p85vtn2hebabs5p0e7zs6509t2bbrrkj337y3h5aqvx6fds7wzw0nmhxadpj8p807vrjrzvm27nfqgqn1dywhm6kqgrnc84xx7f0aqbbrjyqzzyyz23yrg5q9dnanqg87sjjxcefxbjs5y99z6nw75q2qehw017m1h6r8eqrtxgttm0q5bzmbe3t3kbkcqnzqyykhrw3g9gyxktn89txxe7dg%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%252526client%25253Dca-pub-0187116050987673%252526adurl%25253D&clickref=oneid7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&viewref=oneidm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.134.234.224 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-134-234-224.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/7.4.26
Resource Hash
49f67fea609bcd0ddcf4e2fe069af5c255b95dd8ff68af8251afbd1a4a35b53d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
last-modified
Mon, 04 Sep 2023 20:52:51 GMT
server
nginx
x-powered-by
PHP/7.4.26
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=60
access-control-allow-headers
Authorization
expires
Mon, 04 Sep 2023 20:53:51 GMT
pvClk.min.js
analytics.webgains.io/ Frame 2AD4
51 KB
18 KB
Script
General
Full URL
https://analytics.webgains.io/pvClk.min.js
Requested by
Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3098581&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hfek88bd5g8pbh1cr55608m97j6n2fykf2dk29dvj9p85vtn2hebabs5p0e7zs6509t2bbrrkj337y3h5aqvx6fds7wzw0nmhxadpj8p807vrjrzvm27nfqgqn1dywhm6kqgrnc84xx7f0aqbbrjyqzzyyz23yrg5q9dnanqg87sjjxcefxbjs5y99z6nw75q2qehw017m1h6r8eqrtxgttm0q5bzmbe3t3kbkcqnzqyykhrw3g9gyxktn89txxe7dg%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%252526client%25253Dca-pub-0187116050987673%252526adurl%25253D&clickref=oneid7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9oneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&viewref=oneidm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-120.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 16:40:23 GMT
content-encoding
gzip
via
1.1 ba67e20db38657ee5cb05d05b3da9d70.cloudfront.net (CloudFront)
last-modified
Mon, 07 Aug 2023 14:11:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
15149
etag
W/"cb7accb6a6fc086cd831549a78a2fe42"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
x-amz-cf-id
-v8888lc2VYn3rLpo_82J7rjEI_6QORis0zixIJ1dS88Wj53OOlCWg==
1580727847_JJZV3RgLFGD9GCdCHmP2fyWcN2HYaIE7.png
cdn.track.production.webgains.team/278155/ Frame 2AD4
2 KB
3 KB
Image
General
Full URL
https://cdn.track.production.webgains.team/278155/1580727847_JJZV3RgLFGD9GCdCHmP2fyWcN2HYaIE7.png?Expires=1693861071&Signature=bvr9NQj~tl2jDt70Kytdlc1CQra4a9MRGOIiFReqw~UmQ6MSg~wQDXK1qVl4~BGZ59Sa-VR9wqkGyS8y4v5n1aJxVbDigEuZQUiWHy0-xkO6OPxwosPXhfIClxm6skvhE27pnN8psP9vyDzTmSaOT3-2noAP2eA6rhif15P-LMptHG3BucCdC9fc7CGetAbf-X1cjuaZi5LHDorB8qB8CiFUT23WzMmzqapuotBTzgtxlU6hGieNFBkFI5mkkalUt9DyQlxxzAJM-rEeEhmXm-a4FLzA~WHcVPGirkF716BFe-E0ydFeOoy0rDAMhxQNtyW1icbQYhY1tiXcT0wwnQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=175059%2C177100%2C196438&b=9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeE%2Cm3AsefGfWYXGSmHZHZtztkDerhKSwTX8AfbJ%2CdEQfEfkfpEY8SEHjHwtEtK72aeS4TGW4fJk&f=13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9b%2C7QZTqfzfjA53urHXHgtECB6RZT4S1Tr9ZuE9%2CK1eHRfZfGJ7jt5HMHktzCgJeh7SATwGkFPj&c=970&d=90&e=&g=fb2cd42da8a8e801d8db12d88d208580%2F8571750491774854093&i=65915%2C65803%2C25174&j=21%2C21%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach02_SSP_CONTROL_ADX&r=1693860771006&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%2526client%253Dca-pub-0187116050987673%2526adurl%253D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-52.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
17deb20c6f6ec3f074a2633c5c1706ae28e6def4c605c81c268dcd6161ad008e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-amz-version-id
null
date
Mon, 04 Sep 2023 01:39:03 GMT
via
1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
last-modified
Fri, 06 May 2022 10:31:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA6-C1
age
69230
etag
"90a67412ed0b25c3e4ca2ad17658d5e1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
2545
x-amz-cf-id
x6HCpMfPqSkyvYMEAmTYsH5xsO6t-w8JTpdmOoRlzxHJI1rcSHKEkw==
activeview
pagead2.googlesyndication.com/pcs/ Frame 11AC
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOrScdYYndQy08I9srwkDcZUB_ErJfecOW9Yvz_sF8M2Wvi9Kb3MFgQXXsudc9ORZDnC0F95t7iaqU4lK-Zk5Xyf69PGkNV5cH29iI&sig=Cg0ArKJSzBBoeqtnsro5EAE&id=lidar2&mcvt=1000&p=1110,294,1200,1264&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230830&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3939276862&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693860770173&rpt=545&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
index_2_1.ts
cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/
794 KB
796 KB
XHR
General
Full URL
https://cmcsports.cloudmcapp.com/cc2d77f5b1f74dfdbf6c2ec581b0848e/c2a42c131b054fb780c8ecdbad173eff/90117181bcc44739b4c0a892900204ff/435389441dd8480394e02cc8c47f4685/index_2_1.ts
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/libs/hls.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-33.mxp63.r.cloudfront.net
Software
AWS Elemental MediaPackage /
Resource Hash
4628c380b9b3c2cfecc64093ad8450e4d70a49caab926461f9025ff0b9210cc0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/all-smiles-in-irish-romp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Sun, 03 Sep 2023 23:09:36 GMT
via
1.1 0775da0a2f9756772faa2f4ff573da68.cloudfront.net (CloudFront)
server
AWS Elemental MediaPackage
x-amz-cf-pop
MXP63-P1
age
78195
vary
Origin
x-cache
Hit from cloudfront
content-type
video/MP2T
access-control-allow-origin
https://ndnation.com
cache-control
max-age=31536000
access-control-allow-credentials
true
content-length
813100
x-mediapackage-request-id
Root=1-64f51230-03f113ef7609d7644fb3a0ce
x-amz-cf-id
0O2typ2LOAqVuuBd3sNUnkmDujLIc-79uepSCCEuaUuMpbRr7UmLDA==
activeview
pagead2.googlesyndication.com/pcs/ Frame 43D4
42 B
64 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrlc4mDThV29s0s-4ojCvTdUg1mMVu5C3V_MS5fcLahDr1ubRa3UZY7-mZa17bHQA85j20mZcB66GEKDnDdA9a_nFx0PE29hOhAO7B9Dz-9fHDRmyybn7Fv7ZygbpmFpICI1Hz_SwRDEuB1Mw0yi61MvUDwc9TWasedOT1-ruzoZ3boSHURXKdCBIPNVKfpgPpfgNsE3SE6lElGFRUL5L36vDoQAPd3D-i2_a3KO8xv-F2CvULKtyY_ZpCwSHSV0ehlOExK004kLw7-qS2mArMRnfRoVcCMl2c8j806HNI5yYYy2VY3Nu9Zbb8BYVeKNNvkVwBI_wDb3s2DUshHxTnTsCImY7You9KeAaWpTB46U-MpbM9DfEqNhUqYcWumWqC7A2CcZAwrjOCcHhPoX66MOdWaiPbWSThkk-mqz1vtL7jAKKQFTvUganYRPb3v5ds7c-3OM3P-5La-Xiwre03O6rpRUZyFRMEtTl1LeZxjol6RNML6BKoGNZkejKS9d5gMk_vfIa8EyMOj-Bnd0y48vxZ3CNMDiHTOGQWY-aq0It0ESxrbnd2-1nszcxtDvlRZU6yxD9koWl0i35sNOHTqlnTISmiHLTvUkCKCn8MkxNwonrfmkegGDTKAQKrxby8DZH1c4IVqqSNK44AMJy1INnf4ZplwqWZ__eyHegd28SHrImoxTg8DopzYUHq4YXmFudq9UZAsd4JDrq8DYNt6FC-mleYseJw7nxU_KdxYgpa3MSd8xDWzatzRLQUBVnU4tpeFPYxsimfSdZTAAfKIGNC2iJL4REjXzG7fpTemiFjD9JGZEka2YVZy5lH6U6CHr2TIWX-bmmumW148JL3Xg5muUl6yE2WHSO_T1fJrXC-nbrXyvPTXxK5B5SVWPgy8Fign0coTSJR9_8tR8TNk9soM4RzH9N9fmdYSfee8xfXlNWxgiuLz7ioV4RB3f78XvuC_Mui6sgj5TphIa4C6SHTRMlFgGwtPq-GFWmkvueXZA6lUnWmPy9iM7qKv3S0m_IuEqg1Q18kL-qOqSEhEFjlzIzI57Fq1USjkP51H7FiRZ_mVic6YKvH7Le-yAOl51muzlbfPJp87O8vNcl2qfJzsXcNonF8DMfHSa9ZICQ-gY0kL7rI-3GC6uvCie_ubcKJ72FSRcCS68B7qI1hE4hfa-2JAhyok-DyDdJRV6WznlDN4YzHDXBv4cqsE54Hkh-7xKWgZcskqA&sai=AMfl-YTK05rlGWHQg5qYsM1P4Nw28PEFO_bYFAGj85ivqU-BP1R8Te25jmfXtRkAuYaA0JvZsOuZltfPNGP3Ak8nmZNs0qaEIXbdmqBXLf0w7R9_9AJZ7IoA7U66UdCNB3eFqvQFSStFl1b7Cg&sig=Cg0ArKJSzHMtXb8zyNGiEAE&cid=CAQSPABpAlJWQactB7M_RCdDexzQCG1k7cW5rTtOQN04IKgj5vl3Z6H4ejpK7VmUWU5_D1q9kNwmEeLWWg876xgB&id=ampim&o=1047,250&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=772&tls=1772&g=100&h=100&tt=1772&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ndnation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tracking-event
api.webgains.io/ Frame 2AD4
16 B
209 B
Fetch
General
Full URL
https://api.webgains.io/tracking-event
Requested by
Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.171.28.113 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-171-28-113.eu-west-2.compute.amazonaws.com
Software
nginx / PHP/8.1.14
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 04 Sep 2023 20:52:52 GMT
x-content-type-options
nosniff
server
nginx
x-powered-by
PHP/8.1.14
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
x-xss-protection
1; mode=block
tracking-event
api.webgains.io/ Frame
0
0
Preflight
General
Full URL
https://api.webgains.io/tracking-event
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.171.28.113 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-171-28-113.eu-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://as.ad4m.at
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
date
Mon, 04 Sep 2023 20:52:52 GMT
server
nginx
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fndnation.com%2F&domain=ndnation.com&cw=1&pbt=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://ndnation.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Mon, 04 Sep 2023 20:52:51 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
253826
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
envelope
lexicon.33across.com/v1/
0
0

json
gum.criteo.com/sid/
2 B
370 B
XHR
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fndnation.com%2F&domain=ndnation.com&cw=1&pbt=1&lsw=1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:52 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ndnation.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
219121
expires
0
f
fid.agkn.com/
0
0

prebid
id5-sync.com/api/config/
135 B
541 B
XHR
General
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
f509537a941a4046b1f076ab2441d1ea6bf21b3d2a0122faea116e1d609fbfaa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/
0
0

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3480
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159745
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.244.232 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=132656
content-encoding
gzip
content-length
5606
content-type
text/html
date
Mon, 04 Sep 2023 20:52:52 GMT
expires
Wed, 06 Sep 2023 09:43:48 GMT
last-modified
Fri, 01 Sep 2023 11:18:33 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 41EC
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Sep 2023 20:52:52 GMT
ETag
"40010-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
/
ssc-cms.33across.com/ps/ Frame 2549
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dVaqIEv0Cr66eeaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP013 /
Resource Hash

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Mon, 04 Sep 2023 20:52:52 GMT
server
33XP013
x-33x-status
2000208
sync
cookies.nextmillmedia.com/ Frame DDC9
2 KB
2 KB
Document
General
Full URL
https://cookies.nextmillmedia.com/sync?type=iframe
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.193.144.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-144-116.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash
b3eab5c56b7aec210a763983a84c98c0dd96d55e02ab12d5264925f9ac6ae077

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
2147
content-type
text/html
date
Mon, 04 Sep 2023 20:52:52 GMT
server
fasthttp
pd
didna-d.openx.net/w/1.0/ Frame E6E6
0
80 B
Document
General
Full URL
https://didna-d.openx.net/w/1.0/pd
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 04 Sep 2023 20:52:52 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame D0CA
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.19.244.218 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-218.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 04 Sep 2023 20:52:52 GMT
ETag
"623de86a-cf34"
Expires
Tue, 05 Sep 2023 20:52:54 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Unused62
8096267
Vary
Accept-Encoding
iframe
sync.colossusssp.com/ Frame 9272
0
0

v1
lb.eu-1-id5-sync.com/lb/
33 B
399 B
XHR
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
0c3556f44c7cb18f11fe18bf16dd0640d51c697a8db677ce0887217348557df1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:52 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
usync.js
eus.rubiconproject.com/ Frame 41EC
34 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
645c990f39dbf24c282b2e62297b3cf0f8a06f732309c682843f019d4df02eba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Sep 2023 01:29:29 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=16538
Connection
keep-alive
Content-Length
10123
Expires
Tue, 05 Sep 2023 01:28:30 GMT
725.json
id5-sync.com/g/v2/
276 B
683 B
XHR
General
Full URL
https://id5-sync.com/g/v2/725.json
Requested by
Host: ndnation.com
URL: blob:https://ndnation.com/a6407857-2ce8-4fd6-9b9c-56c1b06b0b18
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
64f740f91fe8dce12903fd1eafe785bbd9496e3798a0035cd04a91204b8472da
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ndnation.com
date
Mon, 04 Sep 2023 20:52:51 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
bounce
ib.adnxs.com/ Frame D0CA
Redirect Chain
  • https://ib.adnxs.com/async_usersync?cbfn=queuePixels
  • https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
0
648 B
Script
General
Full URL
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:52 GMT
an-x-request-uuid
d2d6236c-48fc-4d85-856e-314df549d59f
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.21; 217.114.218.21; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:52 GMT
an-x-request-uuid
01b7e9e1-91c8-4f8c-bb49-6b916234012a
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
location
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
cache-control
no-store, no-cache, private
x-proxy-origin
217.114.218.21; 217.114.218.21; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
pbs.nextmillmedia.com/ Frame FFE5
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dadnxs%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
  • https://cookies.nextmillmedia.com/setuid?bidder=adnxs&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=1907156604498028547
  • https://pbs.nextmillmedia.com/setuid?bidder=adnxs&uid=1907156604498028547
86 B
437 B
Document
General
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=adnxs&uid=1907156604498028547
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Mon, 04 Sep 2023 20:52:52 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Mon, 04 Sep 2023 20:52:52 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=adnxs&uid=1907156604498028547
server
fasthttp
/
ssc-cms.33across.com/ps/ Frame B4FC
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP012 /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Mon, 04 Sep 2023 20:52:51 GMT
server
33XP012
x-33x-status
2000208
prebid
rtb.openx.net/sync/ Frame 2B44
43 B
58 B
Document
General
Full URL
https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Mon, 04 Sep 2023 20:52:52 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
usermatch
ssum-sec.casalemedia.com/ Frame 6554
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_pri...
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=19...
2 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
1210a8df219e648fc36cd91dcfdad71e27e39ed2017dfd0456a8fa962b4b58e3

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
1967
Content-Type
text/html
Date
Mon, 04 Sep 2023 20:52:52 GMT
Expires
0
Keep-Alive
timeout=1, max=499
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache

Redirect headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
0
Date
Mon, 04 Sep 2023 20:52:52 GMT
Expires
0
Keep-Alive
timeout=1, max=500
Location
/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
pbs.gif
sync.colossusssp.com/ Frame 9182
0
0

usync.html
eus.rubiconproject.com/ Frame A04B
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid=
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 04 Sep 2023 20:52:52 GMT
ETag
"40010-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 04 Sep 2023 20:52:52 GMT
location
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
server
AkamaiGHost
setuid
cookies.nextmillmedia.com/ Frame 0744
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
0
0
Document
General
Full URL
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.193.144.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-144-116.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Mon, 04 Sep 2023 20:52:52 GMT
server
fasthttp

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Mon, 04 Sep 2023 20:52:52 GMT
location
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
server
envoy
x-envoy-upstream-service-time
0
setuid
pbs.nextmillmedia.com/ Frame 7C38
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=OEFBOEMxNkEtNUY5Qi00QUVCLTlENkYtNjNGQzlEODhBMjk5&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
  • https://cookies.nextmillmedia.com/setuid?bidder=pubmatic&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
  • https://pbs.nextmillmedia.com/setuid?bidder=pubmatic&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
86 B
568 B
Document
General
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=pubmatic&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Mon, 04 Sep 2023 20:52:53 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Mon, 04 Sep 2023 20:52:53 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=pubmatic&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
server
fasthttp
setuid
pbs.nextmillmedia.com/ Frame 2B24
Redirect Chain
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%...
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=4e21b2dd-3734-4854-97e1-4b89738b2912&gdpr_consent=null&gdpr=null
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=4e21b2dd-3734-4854-97e1-4b89738b2912
86 B
458 B
Document
General
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=4e21b2dd-3734-4854-97e1-4b89738b2912
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Mon, 04 Sep 2023 20:52:53 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Mon, 04 Sep 2023 20:52:52 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=4e21b2dd-3734-4854-97e1-4b89738b2912
server
fasthttp
putRecords
prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/
146 B
375 B
Fetch
General
Full URL
https://prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/putRecords?encoded=true
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.235.222.29 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-235-222-29.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
65ff0687f3630f3bcee4b91486c861ff79a6d37e459c6919ca99b4358c36a511

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
x-api-key
79db72eb0b5c7255afa54a253df24fb4a5ac916bf40b51c730df8850aa5665ca
Content-Type
application/json

Response headers

date
Mon, 04 Sep 2023 20:52:53 GMT
x-amzn-trace-id
Root=1-64f643a5-29a322534b06f800413627a3
x-amzn-requestid
7e445df0-79b6-4fc9-9144-59b68e2f8f3c
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
Kv-B5GsrvHcFTsw=
content-length
146
putRecords
prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/ Frame
0
0
Preflight
General
Full URL
https://prod.tahoe-analytics.publishers.advertising.a2z.com/logevent/putRecords?encoded=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.235.222.29 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-235-222-29.us-west-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://ndnation.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
date
Mon, 04 Sep 2023 20:52:53 GMT
x-amz-apigw-id
Kv-B3GkcPHcFWIg=
x-amzn-requestid
ca0028dc-3f75-450f-b7c0-ad5f14f3e272
usync.js
eus.rubiconproject.com/ Frame A04B
34 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.218.210.30 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-210-30.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
645c990f39dbf24c282b2e62297b3cf0f8a06f732309c682843f019d4df02eba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Mon, 04 Sep 2023 20:52:52 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Sep 2023 01:29:29 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=16538
Connection
keep-alive
Content-Length
10123
Expires
Tue, 05 Sep 2023 01:28:30 GMT
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame A04B
0
239 B
Image
General
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17888&nmuid=&khaos=LM5CYTG7-H-HWAA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
29af2665c43893332e84c235bac366c1
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usermatchredir
ssum-sec.casalemedia.com/ Frame 6554
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZPZDpKU53IFtdvxTEIc0_gAADGMAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEjG2gF-bxtvTQmeLXQKDSo&google_cver=1
43 B
766 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEjG2gF-bxtvTQmeLXQKDSo&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:52 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:52 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEEjG2gF-bxtvTQmeLXQKDSo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 6554
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZPZDpKU53IFtdvxTEIc0-gAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEB2XaiJyNgNv-A0C4b7vsk4&google_cver=1
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEB2XaiJyNgNv-A0C4b7vsk4&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:52 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:52 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEB2XaiJyNgNv-A0C4b7vsk4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 6554
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZPZDpKU53IFtdvxTEIc0_gAADGMAAAAB&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:52 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
5GB9QHEXAH1VQVNB0RNH
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 6554
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 04 Sep 2023 20:52:52 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
rum
dsum-sec.casalemedia.com/ Frame 6554
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=ZPZDpQANzPOF6wAN
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZPZDpQANzPOF6wAN&_test=ZPZDpQANzPOF6wAN
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZPZDpQANzPOF6wAN&_test=ZPZDpQANzPOF6wAN
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:53 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

x-served-by
cache-fra-eddf8230117-FRA
pragma
no-cache
date
Mon, 04 Sep 2023 20:52:53 GMT
via
1.1 varnish
server
Varnish
x-timer
S1693860773.120634,VS0,VE0
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZPZDpQANzPOF6wAN&_test=ZPZDpQANzPOF6wAN
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
ie
match.prod.bidr.io/cookie-sync/ Frame 6554
43 B
433 B
Image
General
Full URL
https://match.prod.bidr.io/cookie-sync/ie
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.108.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-108-9.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:53 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 6554
Redirect Chain
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=4e21b2dd-3734-4854-97e1-4b89738b2912&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
43 B
271 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=4e21b2dd-3734-4854-97e1-4b89738b2912&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:52 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=4e21b2dd-3734-4854-97e1-4b89738b2912&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=null
date
Mon, 04 Sep 2023 20:52:52 GMT
server
_
content-length
0
crum
dsum-sec.casalemedia.com/ Frame 6554
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=1611C2A599BB4D64BC8251F08348DB57
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=1611C2A599BB4D64BC8251F08348DB57
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 04 Sep 2023 20:52:52 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

date
Mon, 04 Sep 2023 20:52:52 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=1611C2A599BB4D64BC8251F08348DB57
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Sun, 03 Sep 2023 20:52:52 GMT
setuid
pbs.nextmillmedia.com/ Frame 6554
Redirect Chain
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZPZDpKU53IFtdvxTEIc0-gAA%263171
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZPZDpKU53IFtdvxTEIc0-gAA&3171
86 B
438 B
Image
General
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZPZDpKU53IFtdvxTEIc0-gAA&3171
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
54.147.66.236 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-147-66-236.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type
image/png
pragma
no-cache
date
Mon, 04 Sep 2023 20:52:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
86
vary
Origin
expires
0

Redirect headers

location
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZPZDpKU53IFtdvxTEIc0-gAA&3171
date
Mon, 04 Sep 2023 20:52:52 GMT
server
fasthttp
content-length
0
ctrack
track1.avplayer.com/
0
121 B
Ping
General
Full URL
https://track1.avplayer.com/ctrack?pt=2&d66=8.3.19&d74=&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&pid=624e25402d2a7c268c34f1d8&cid=625594b02e0ef2773933f2d1&r=ndnation.com&sn=&cd1=&app=&test=&cb=1693860769620
Requested by
Host: player.avplayer.com
URL: https://player.avplayer.com/script/8.3/v/avcplayer.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.50.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-50-179.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Mon, 04 Sep 2023 20:52:53 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
async_usersync
ib.adnxs.com/ Frame D0CA
0
596 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:53 GMT
an-x-request-uuid
fbc419d4-8e7c-462c-a3d4-4df264dbcab3
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
217.114.218.21; 217.114.218.21; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
track
track1.aniview.com/ Frame A83B
0
120 B
Ping
General
Full URL
https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=ndnation.com&rs=ndnation.com&sid=99143&t=1693860768&cip=217.114.218.21&sn=&tgt=0&osv=10&bv=116.0&brn=Chrome&wi=740&he=416&app=&AV_PUBLISHERID=624e25402d2a7c268c34f1d8&test=&d64=22505880afd7154c1116d8762c6c2fda&d63=22505880afd7154c1116d8762c6c2fda&aafaid=&proto=https&uid=1693860768965-959104183839-001170-006-006430&cha=0.7&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&d35=&d36=6.2.123&cb=56028372160&d39=&d65=&d66=8.3.19&d74=&d56=&apppkg=&d9=1000&d37=realtime&pt=2&d66=8.3.19&d74=&stagid=6256fe729c5a4736b15c6a6a&stplid=6256d6aef30d6040c750fbd7&cvid=&cpid=&str=autostart&AV_WIDTH=740&AV_HEIGHT=416
Requested by
Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=624e25402d2a7c268c34f1d8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.239.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-239-161.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ndnation.com/all-smiles-in-irish-romp/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Mon, 04 Sep 2023 20:52:53 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
PugMaster
image6.pubmatic.com/AdServer/ Frame 3480
2 KB
2 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=74920915&p=159745&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159745
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
2b7e38907b14da13c1bdc66b23cf9714963e79e83877ffb55f2b4a9534919a85

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Mon, 04 Sep 2023 20:52:53 GMT
content-length
1730
content-type
text/html; charset=UTF-8
Pug
simage2.pubmatic.com/AdServer/ Frame C3A0
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
42 B
245 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159745
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.80 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 04 Sep 2023 20:52:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

cache-control
no-cache
content-length
0
cross-origin-resource-policy
cross-origin
date
Mon, 04 Sep 2023 20:52:55 GMT
expires
Mon, 04 Sep 2023 00:00:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
782249
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
dcm
aax-eu.amazon-adsystem.com/s/ Frame 5486
43 B
855 B
Document
General
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299&redir=true&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159745
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.239.33.159 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Mon, 04 Sep 2023 20:52:55 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
FRCH9YRFT7Q1XE8V9VN2
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3480
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=iqjBal-bSuudb2P8nYiimQ%3D%3D&gdpr=0&gdpr_consent=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
15 KB
15 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Protocol
H2
Server
2.19.244.232 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:55 GMT
content-encoding
gzip
last-modified
Fri, 01 Sep 2023 11:18:33 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=132653
accept-ranges
bytes
content-length
5606
expires
Wed, 06 Sep 2023 09:43:48 GMT

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
qmap
sync.crwdcntrl.net/ Frame 3480
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.64.186 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-64-186.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:55 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.2.115
content-length
49
expires
0
ids
idsync.frontend.weborama.fr/ Frame 3480
Redirect Chain
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
  • https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1327062401
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
  • https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
0
284 B
Image
General
Full URL
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
Protocol
H2
Server
34.111.131.239 -, , ASN (),
Reverse DNS
Software
Weborama Collect Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:54 GMT
via
1.1 google
last-modified
Mon, 04 Sep 2023 20:52:55 GMT
server
Weborama Collect Frontend
vary
Origin
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
date
Mon, 04 Sep 2023 20:52:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
/
dmp.adform.net/serving/cookie/match/ Frame 3480
Redirect Chain
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=aDBtTGFEelpsT2pSNnFiaXdJdndPdk15QQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
  • https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
  • https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
0
0

Pug
image2.pubmatic.com/AdServer/ Frame 3480
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA2hzj2sTAIpmikPRCjkAVU&google_cver=1
42 B
364 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA2hzj2sTAIpmikPRCjkAVU&google_cver=1
Protocol
H2
Server
185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Mon, 04 Sep 2023 20:52:55 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:55 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA2hzj2sTAIpmikPRCjkAVU&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 3480
43 B
409 B
Image
General
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.158.204.35.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:52:55 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Sun, 03 Sep 2023 20:52:55 GMT
generic
match.adsrvr.org/track/cmf/ Frame 3480
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Mon, 04 Sep 2023 20:52:55 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame 3480
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2530264497608913266
42 B
322 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2530264497608913266
Protocol
H2
Server
185.64.190.80 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Mon, 04 Sep 2023 20:52:55 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 04 Sep 2023 20:52:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=2530264497608913266
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
wise.space
URL
https://wise.space/embed.js
Domain
lexicon.33across.com
URL
https://lexicon.33across.com/v1/envelope?pid=0010b00002QMH4LAAX&src=esp&ver=1.0.1
Domain
lexicon.33across.com
URL
https://lexicon.33across.com/v1/envelope?pid=0010b00002QMH4LAAX&gdpr=0&src=pbjs&ver=7.51.0
Domain
fid.agkn.com
URL
https://fid.agkn.com/f?apiKey=2086764725&r=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=26
Domain
sync.colossusssp.com
URL
https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Domain
sync.colossusssp.com
URL
https://sync.colossusssp.com/pbs.gif?gdpr=&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dcolossus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%5BUID%5D
Domain
dmp.adform.net
URL
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

281 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| documentPictureInPicture object| _wpemojiSettings object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome undefined| $ function| jQuery function| gtag object| dataLayer object| googletag object| tempwin string| wsHost object| s object| x object| _comscore object| _qevents function| e function| h object| win number| __WS_BOOT function| cnxps object| iframe object| $$mm-analytics string| url object| addComment object| q2w3_sidebar_options function| extendStatics function| __extends function| __assign function| reactive function| StaticOffsets function| DynamicOffsets string| StopWidgetClassName string| FixedWidgetClassName function| BaseWidget function| getWidgetContainer function| compatabilty_FW_v5 function| queryElements function| findWithProperty function| PositionWidget function| FixedWidget function| StickyWidget function| StopWidget function| Sidebar function| Sidebars function| onDocumentLoaded object| megamenu object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| $$mm-pubsubbroker object| ggeac object| google_js_reporting_queue object| didna undefined| INT_DIDNA_CONFIG object| pbjs object| DIDNA_CONFIG function| mergeConfig object| apstag number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| google_persistent_state_async boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint object| COMSCORE object| ns_p function| quantserve function| __qc object| ezt object| _qoptions object| aniplayerPos function| getDevicetype object| gaplugins object| gaGlobal object| gaData function| __spreadArray function| CXBootstrapLoader function| identifyRootURL function| generateDebugLog object| _aps boolean| apstagLOADED object| apscustom function| google_sa_impl boolean| _gfp_p_ number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| webpackChunk_aniview_player object| avContentPlayer function| a0_0x445a function| a0_0x48c0 object| confiant boolean| creativeVendorLibraryLoaded function| CXBootstrapper object| pbjsChunk object| _pbjsGlobals object| ADAGIO object| mnet string| nobidVersion object| nobid object| Criteo object| nmmRefreshCounts object| twemoji object| wp object| hindsight boolean| hindsight_loaded object| regeneratorRuntime object| ox_esp object| signal_decrypted function| lotameIsCompatible function| sync16589_aa function| sync16589_c undefined| sync16589_d undefined| sync16589_ba undefined| sync16589_e function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ga object| sync16589_v object| sync16589_na object| sync16589_wa object| sync16589_xa function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_s function| sync16589_t function| sync16589_u function| sync16589_w function| sync16589_ha function| sync16589_ia function| sync16589_y function| sync16589_ja function| sync16589_z function| sync16589_A function| sync16589_x function| sync16589_B function| sync16589_ka function| sync16589_C function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_K function| sync16589_L function| sync16589_M function| sync16589_J function| sync16589_la function| sync16589_ma function| sync16589_N function| sync16589_O function| sync16589_oa function| sync16589_P function| sync16589_pa function| sync16589_qa function| sync16589_ra function| sync16589_Q function| sync16589_sa function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_R function| sync16589_S function| sync16589_ya function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_W function| sync16589_za function| sync16589_X function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_Da function| sync16589_Aa function| sync16589_1 function| sync16589_Ca function| sync16589_Ba function| sync16589_2 function| sync16589_3 function| sync16589_4 function| sync16589_5 function| sync16589_Fa function| sync16589_Ga function| sync16589_Ia function| sync16589_Ea function| sync16589_7 function| sync16589_Ha function| sync16589_Ka function| sync16589_Ja function| sync16589_8 function| sync16589_6 function| sync16589_9 function| sync16589_La function| sync16589_Ma function| sync16589_Na function| sync16589_Oa function| sync16589_$ function| sync16589_Pa function| sync16589_Qa function| sync16589_Ra function| sync16589_Sa object| lotame_sync_16589 function| setImmediate function| clearImmediate object| __uid2SecureSignalProvider object| __uid2 object| ID5 object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_141 object| Criteo_identitytag_141 object| PublisherCommonId object| __id5_instances object| _33across object| storageAni object| sas object| apntag object| _ADAGIO object| GoogleGcLKhOms object| google_image_requests object| criteo_pubtag_prebid_135 object| Criteo_prebid_135 object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager

75 Cookies

Domain/Path Name / Value
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr-exp
Value: "2023-09-05 20:52:48"
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr
Value: 2
.ndnation.com/ Name: _gid
Value: GA1.2.1901554401.1693860768
.ndnation.com/ Name: _gat_gtag_UA_10350809_6
Value: 1
.ndnation.com/ Name: _ga_CF0WLTLXZR
Value: GS1.1.1693860767.1.0.1693860767.0.0.0
.ndnation.com/ Name: _ga
Value: GA1.1.750641541.1693860768
.quantserve.com/ Name: mc
Value: 64f6439f-d1b63-b0ef8-2c8f9
ndnation.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.ndnation.com/ Name: _pubcid
Value: a2d8d1f1-88d8-40bd-80d8-65205f1600b6
.ndnation.com/ Name: __qca
Value: P0-1230796650-1693860767606
.yahoo.com/ Name: A3
Value: d=AQABBKBD9mQCEFqEH4Lbf52_dT9V7FGU098FEgEBAQGV92QAZeAXyiMA_eMAAA&S=AQAAAo9M-s-gQkWk9c5tNIV5rwI
.ndnation.com/ Name: __gads
Value: ID=bb595f3c5c80e227-229624b1c3e7002c:T=1693860767:RT=1693860767:S=ALNI_MaRJDQob25jFnjXaxQhbhAVNAbPeA
.ndnation.com/ Name: __gpi
Value: UID=00000c6f0e50edf8:T=1693860767:RT=1693860767:S=ALNI_MbZCxt4_Q2Rg_ada7sxPSAwSQUCfA
.rubiconproject.com/ Name: khaos
Value: LM5CYTG7-H-HWAA
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qpYbA6PYFAyu7U1ZxogGjlwOA+xFj1I9sfQKCb/4IkTDlloRsdoqFdO7EDNwZttPPYzgHlbzd1OQJzU4JWreVW/5/oELTz3EoUijy0RC4Zd8RuybVyVU0yt
.script.ac/ Name: __cf_bm
Value: gy8vH05IntjCgmpNOXKHfsxIUjmdDMrPiRvRsi6Tz2k-1693860768-0-AfUv1MmP6Uyxc925GWdJQQwh8F+Kxa3hmT86BfNO+hFMndeM1jFjq4LrOmM1lCxLId+RAlx59wyOu9O7fQWD2fg=
.criteo.com/ Name: uid
Value: 44da5f9b-0e5b-40ed-b950-168a9fe3dbfa
.openx.net/ Name: i
Value: f1b5fd32-c166-4afc-85fc-b465f6303a29|1693860768
.aniview.com/ Name: aniC
Value: 1693860768965-959104183839-001170-006-006430
.csync.loopme.me/ Name: viewer_token
Value: 4e21b2dd-3734-4854-97e1-4b89738b2912
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 4f3dfe533fe94986
ads.resetsrv.com/ Name: ckbk
Value: 0000010E23ACC17A
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
.ctnsnet.com/ Name: gid_CAESEIQLNTvA8C-WLp5GNP0rzZg
Value: 1
.3lift.com/ Name: tluid
Value: 2069965525610701514279
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-b4dac8b3-51a0-4a17-9fa5-0a509a57e558-003%22%7D
.adform.net/ Name: C
Value: 1
.aniview.com/ Name: 1_C_56
Value: 4e21b2dd-3734-4854-97e1-4b89738b2912
sync.aniview.com/ Name: 1_C_56
Value: 4e21b2dd-3734-4854-97e1-4b89738b2912
.aniview.com/ Name: 1_C_10
Value: oPzVxR0iTvt3
sync.aniview.com/ Name: 1_C_10
Value: oPzVxR0iTvt3
.aniview.com/ Name: 1_C_105
Value:
sync.aniview.com/ Name: 1_C_105
Value:
.aniview.com/ Name: 1_C_52
Value: ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
sync.aniview.com/ Name: 1_C_52
Value: ua-418fcbc2-8558-37de-a901-74b2ca97cd3c
.adform.net/ Name: uid
Value: 2530264497608913266
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-b4dac8b3-51a0-4a17-9fa5-0a509a57e558-003%22%7D
.doubleclick.net/ Name: IDE
Value: AHWqTUlngsrfmENyWyc1BNdXW5iCbZtG0CsPARYe2FWjGLc1M5-wyeKqsXNxm4Sh5cs
.linkedin.com/ Name: bcookie
Value: "v=2&fd891563-991b-4831-8e70-758aa82a43fe"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTM4NjA3NzA7MjswMjFZbfoCk+rK5LBuyqya4DPT6i5gek1AxhsxJb5ny9+JCA==
.linkedin.com/ Name: lidc
Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2998:u=1:x=1:i=1693860770:t=1693947170:v=2:sig=AQFG1oxtP0zs6Gk8U7d3gSDMHL4ssF1A"
.tribalfusion.com/ Name: ANON_ID
Value: aYnt6ZayKalHobWm8ZaCyPqMlfrFHtiZdi2rkRAIk52Uk3VbGZbrVOVtBWUOe415lHLRbbwFv9ldFe4RBoMrNZbia6vqen9j3
.amazon-adsystem.com/ Name: ad-id
Value: A4UT8c_NIk8dksgAxp5uOgs
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.ctnsnet.com/ Name: cid
Value: 7c1948f56e6948aeb401e05f4f930c3c
.doubleclick.net/ Name: APC
Value: AfxxVi7ph9x-qXCQH-cv-6nWsDq9zvESzaydRr0pv3WF_1qi2_kqIQ
.adfarm1.adition.com/ Name: UserID1
Value: 7275076611149396115
.awin1.com/ Name: awpv11354
Value: 412871|1693860770|02ed4bb0-4b65-11ee-b98b-2233369fc7ee
.de17a.com/ Name: guid
Value: 1.6502602642665012710
.ndnation.com/ Name: cto_bundle
Value: RLoVHV92aUhWNlBmaXc4cVNnbTJ1ODZmdTkza3pMVU8yQW94aWEyZnJUNG15bmNVTG5BemcyMGdCbUdEVUZ0ZHhVbEF6Z3ViUTZzVUNXdGZscktSZDJ6WCUyQk1jWlZUNSUyQkhiRzJGR1htUmtqZzNLMzZWcjI5SWkxNTElMkJhVnZ5YjF6bGVieTM5WWF1Vmx3bHpKVE5wNFcxM0ZMMUElM0QlM0Q
www.conrad.de/ Name: HTLP_timestamp
Value: 1693860770964
www.conrad.de/ Name: CEAffHA
Value: YD
.www.conrad.de/ Name: __cf_bm
Value: jivbhs80cMomo5eDKbBitIwhPGXhyCUlM.AQwNANXXc-1693860770-0-ASXhsAfXtJJHTO9N2b/mQBY82NtSnSHLlnd9oMDkRqbOLRMVaBnuSUTOpApsXe/QA41BEdLm0juzkVIfOEwi1As=
.o2online.de/ Name: nscT485
Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTMxMDAwMDAwMDA2MTY5Mzg2MDc3MXZsZWExZGUyMDIzMDkwNDIyNTI1MTg4NTc0NTEwMDMzWDExNzY4M1YxMjI2MTMyNzAyTVN2aWV3b25laWRZeEdmcmYzZjlSeEZWSDlIZXRRdFJSOGNrUzFUNHBKY0pRb25laWRfX3N1aXRlX05ldG1peF9SZWFjaDAyX1NTUF9DT05UUk9MX0FEWDExNzY4Mw
.o2online.de/ Name: nscQ485
Value: V
.o2online.de/ Name: webShopPV
Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117683_-HTLP&utm_term=AFF_la_117683_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2023090422525188574510033X117683V1226132702MSviewoneidYxGfrf3f9RxFVH9HetQtRR8ckS1T4pJcJQoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&wfid=117683&affiliateId=v01MTQyMTExMzExMTExMTExMTEwMTQyMTMxMDAwMDAwMDA2MTY5Mzg2MDc3MXZsZWExZGUyMDIzMDkwNDIyNTI1MTg4NTc0NTEwMDMzWDExNzY4M1YxMjI2MTMyNzAyT
.awin1.com/ Name: awpv11938
Value: 412871|1693860771|033ea003-4b65-11ee-b98b-2233369fc7ee
.awin1.com/ Name: AWSESS
Value: 367022:2542680
.congstar.de/ Name: staticentry
Value: %7B%22spfr%22%3A%22412871%22%2C%22awc%22%3A%2211938_412871_1693860771_033ea003-4b65-11ee-b98b-2233369fc7ee%22%2C%22sp%22%3A%22awin%22%7D
ndnation.com/ Name: _lr_retry_request
Value: true
ndnation.com/ Name: _lr_env_src_ats
Value: false
.adnxs.com/ Name: uuid2
Value: 1907156604498028547
cookies.nextmillmedia.com/ Name: NMUID
Value: csuid_1b116ee0-94d9-4085-957c-c5deaffac256
.casalemedia.com/ Name: CMID
Value: ZPZDpKU53IFtdvxTEIc0-gAA
.casalemedia.com/ Name: CMPS
Value: 3171
.casalemedia.com/ Name: CMPRO
Value: 3171
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.pubmatic.com/ Name: SyncRTB3
Value: 1694995200%3A220
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299
.simpli.fi/ Name: suid
Value: 1611C2A599BB4D64BC8251F08348DB57
.pubmatic.com/ Name: pi
Value: 157577:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 2
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZPZDpQANzPOF6wAN
cookies.nextmillmedia.com/ Name: syncedBidders
Value: {"loopme":1,"pubmatic":1}
pbs.nextmillmedia.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJsb29wbWUiOnsidWlkIjoiNGUyMWIyZGQtMzczNC00ODU0LTk3ZTEtNGI4OTczOGIyOTEyIiwiZXhwaXJlcyI6IjIwMjMtMDktMThUMjA6NTI6NTMuMDY2MjYyODgzWiJ9LCJwdWJtYXRpYyI6eyJ1aWQiOiI4QUE4QzE2QS01RjlCLTRBRUItOUQ2Ri02M0ZDOUQ4OEEyOTkiLCJleHBpcmVzIjoiMjAyMy0wOS0xOFQyMDo1Mjo1My4yMzAzNzY0NjdaIn19LCJiZGF5IjoiMjAyMy0wOS0wNFQyMDo1Mjo1My4wNjYyNTkxNDNaIn0=

11 Console Messages

Source Level URL
Text
network error URL: https://wise.space/embed.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
network error URL: https://track.webgains.com/link.html?wglinkid=3756941&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1ht14t1dynak7x52m6x37sgdh1b6e9j2rd898ahs6r9dx671ek6q16p99x39b9mehcb502n699b6zva8ngkex4eq411s4mh5xpm13qd2haes0ax3jd6n0x4cybdeqcbv81xwb9sgnpmwhwr20nc4ntm9n0gaa24wcrdf6v2g6n4c5xbdj7bezr4wtpybrt4q3e9vtqd0zjyje0zhh3w388mmgq0xt35adjmey9gmp6a185fqg6s7680r6kgs28esen7g%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1kpkh15ncx40sd2tsyxqqbv70dfbzcdpgqyxgpsczra48w7qmcdzcthvhesah0wq0mp4zfcw4wt4329w2w8kjn8w3jbjnnd2tmhmgw9k613xc2ad0xqjeacwevjh4k84h7e7ca4e0kr1ychw18cw9jjza368mnxy63tgbwstv2hx4j859a776ng0bp7832fmv0gkgjv2cbw3pezpqh82h2bhh47t0502f5kkq4am5rzykt13kjm98ks9vaxhgdfr5f32ftz5y55qnc5qsdt0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCBCXQoUP2ZNrJNLnJnsEPkIS2oAuQ4YGEXLaoworwAsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0wMTg3MTE2MDUwOTg3NjczyAEJqQIgmifU8BuyPuACAKgDAcgDAqoEgAJP0DRh6VwlAToxMKqeaMJYI8ffpWCuE_o1dLQ2baWA_OHb0nUIColcLaBPNWHuqg2OeHfyXhlTKvdaTTnYkBsOW7hT2oX1tu0fphhbC76MyFJMtWrEo7HA5Dr2WOzxBi10qEnzMmyR1IHmtojgpa_meAVX7vBLxp7i1brOCCdqepjLt065Dp6FfyRHigvF4eLeCNgAYTDkcbT0xAQer-FFTb621Syym5M0K4wg8PawRRoHtmsI-UhavOYnI4tWaNLqru_PGDBJtcMZVJvF5pnqTNIArUTpl_RNBKb39nbnDDVH-QqVQW0HaivlYXO56wfaIgwzeIuxQp9P1msWOsy14AQBgAab5JLkuY_O_GKgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0wG5GLLltEUTKYpRuD8hou8hJ6-g%252526client%25253Dca-pub-0187116050987673%252526adurl%25253D&clickref=oneid13ZsbfKf4V28h9HdH9tpCE4pYt2SKT7Mjf9boneid__suite_Netmix_Reach02_SSP_CONTROL_ADX&viewref=oneid9jeTMfmfdZBDhKHBH2t7tPzBYt9SmTZY2TeEoneid__suite_Netmix_Reach02_SSP_CONTROL_ADX
Message:
Failed to load resource: the server responded with a status of 429 ()
javascript error URL: https://ndnation.com/all-smiles-in-irish-romp/
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=26' from origin 'https://ndnation.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=26
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://ndnation.com/all-smiles-in-irish-romp/
Message:
Access to XMLHttpRequest at 'https://fid.agkn.com/f?apiKey=2086764725&r=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F' from origin 'https://ndnation.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network error URL: https://fid.agkn.com/f?apiKey=2086764725&r=https%3A%2F%2Fndnation.com%2Fall-smiles-in-irish-romp%2F
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=8AA8C16A-5F9B-4AEB-9D6F-63FC9D88A299&gdpr=0&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

09nfgyvbtl.execute-api.us-east-1.amazonaws.com
2c9065fe85e29611c4b99e7ac05bcfe1.safeframe.googlesyndication.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
acdn.adnxs.com
ad.doubleclick.net
ad4m.at
ads.pubmatic.com
ads.resetsrv.com
analytics.webgains.io
ap.lijit.com
api.rlcdn.com
api.webgains.io
as.ad4m.at
assets.ad4m.at
banner.congstar.de
bcp.crwdcntrl.net
beacons.cloudmcapp.com
bh.contextweb.com
bidder.criteo.com
bloximages.chicago2.vip.townnews.com
btlr.sharethrough.com
bucket1.mm-syringe.com
c.amazon-adsystem.com
c1.adform.net
c2shb.ssp.yahoo.com
cadmus.script.ac
cd.connatix.com
cdn-ima.33across.com
cdn.ampproject.org
cdn.confiant-integrations.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdn.track.production.webgains.team
cm.g.doubleclick.net
cmcsports.cloudmcapp.com
colossusssp.com
cookies.nextmillmedia.com
cr.frontend.weborama.fr
csync.loopme.me
d1w6a77c28m7kb.cloudfront.net
d5p.de17a.com
dclk-match.dotomi.com
demo-wls-ssp-node.smartyads.com
didna-d.openx.net
didna.b-cdn.net
dis.criteo.com
dm.hybrid.ai
dmp.adform.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
esp.rtbhouse.com
eus.rubiconproject.com
events.qortex.ai
fastlane.rubiconproject.com
fid.agkn.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
go1.aniview.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hb.minutemedia-prebid.com
hbopenbid.pubmatic.com
ib.adnxs.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
invstatic101.creativecdn.com
lb.eu-1-id5-sync.com
lexicon.33across.com
match.adsrvr.org
match.prod.bidr.io
mug.criteo.com
ndnation.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
partner.o2online.de
pbs.nextmillmedia.com
pixel-us-east.rubiconproject.com
pixel.quantserve.com
pixel.rubiconproject.com
player.aniview.com
player.avplayer.com
playlist.cloudmcplayer.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prod-rtb.ad4mat.net
prod.tahoe-analytics.publishers.advertising.a2z.com
pv.medialead.de
px.ads.linkedin.com
region1.google-analytics.com
report2.hb.brainlyads.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s.tribalfusion.com
s.w.org
sb.scorecardresearch.com
script.4dex.io
secure-assets.rubiconproject.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssp.disqus.com
ssum-sec.casalemedia.com
static-de.ad4mat.net
static.criteo.net
static.solutionshindsight.net
storage.googleapis.com
sync-tm.everesttech.net
sync.1rx.io
sync.aniview.com
sync.colossusssp.com
sync.crwdcntrl.net
sync.targeting.unrulymedia.com
tags.crwdcntrl.net
tags.qortex.ai
tg1.aniview.com
token.rubiconproject.com
tpc.googlesyndication.com
track.webgains.com
track1.aniview.com
track1.avplayer.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
use.fontawesome.com
webservices.webspectator.com
wfpscripts.webspectator.com
wise.space
www.awin1.com
www.conrad.de
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.lead-alliance.net
www.southbendtribune.com
www.telefonica-partner.de
x.bidswitch.net
api.rlcdn.com
dmp.adform.net
fid.agkn.com
lexicon.33across.com
sync.colossusssp.com
wise.space
100.26.92.212
104.16.132.24
104.18.35.167
108.157.177.59
108.157.194.62
13.32.121.37
138.197.55.50
141.95.98.64
142.250.186.70
145.239.193.130
147.75.84.158
151.101.130.49
151.101.2.62
162.19.138.120
167.233.13.224
172.240.155.108
172.64.146.152
178.250.1.11
178.250.7.11
18.134.234.224
18.156.195.47
18.158.83.223
18.171.28.113
18.200.64.186
18.66.112.8
18.66.147.120
18.66.196.33
18.66.202.223
18.66.97.88
185.64.189.112
185.64.190.79
185.64.190.80
185.64.191.210
185.80.39.216
185.86.138.154
185.89.210.122
192.0.77.48
192.124.249.105
198.47.127.19
2.19.244.218
2.19.244.232
2.20.217.188
2001:4860:4802:32::36
208.93.169.131
213.155.156.169
216.52.2.30
216.58.206.34
23.21.152.207
23.212.211.47
23.218.210.30
2400:52e0:1e00::1080:1
2600:1901:0:76b9::
2600:9000:2057:c000:1a:aa67:f2c0:21
2600:9000:223c:d600:6:44e3:f8c0:93a1
2600:9000:2250:fe00:a:e047:753:6381
2600:9000:2395:6000:3:64bd:d2c0:93a1
2602:803:c003:200::43
2606:4700:10::ac43:266a
2606:4700:20::681a:3e
2606:4700:20::681a:8a9
2606:4700:20::681a:bd1
2606:4700:20::ac43:444e
2606:4700:20::ac43:49b1
2606:4700:20::ac43:4a81
2606:4700:4400::6812:2b5a
2606:4700::6810:5614
2606:4700::6812:1791
2606:4700::6812:18ad
2606:4700::6813:afbe
2606:4700:e0::ac40:670b
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:21::14
2a00:1450:4001:800::200e
2a00:1450:4001:801::2002
2a00:1450:4001:803::2004
2a00:1450:4001:809::200a
2a00:1450:4001:80f::2010
2a00:1450:4001:810::2001
2a00:1450:4001:810::2008
2a00:1450:4001:811::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2001
2a02:2638:3::c
2a02:2638:d::2
2a02:2638:d::a
2a02:26f0:7100:998::2c79
2a02:fa8:8806:13::1370
2a05:d018:d29:3605:cdf9:6ebb:c08d:dd
3.122.125.22
3.227.115.35
3.71.149.231
34.102.146.192
34.111.129.221
34.111.131.239
34.120.107.143
34.149.20.76
34.200.50.179
34.228.251.145
34.96.70.87
34.98.64.218
35.186.193.173
35.190.39.111
35.204.158.49
35.214.195.248
35.227.252.103
35.71.131.137
37.157.6.237
37.18.16.22
44.193.144.116
44.235.222.29
46.228.174.117
51.89.9.253
52.1.252.251
52.206.212.116
52.210.102.126
52.222.253.136
52.46.130.91
52.48.108.9
54.147.66.236
54.236.239.161
54.239.33.159
54.84.92.154
67.202.105.21
69.16.175.10
69.16.175.42
69.173.144.139
69.173.144.165
69.173.151.100
76.223.111.18
8.2.108.251
84.200.5.215
85.114.159.93
87.118.116.9
92.123.148.9
99.86.4.52
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3
059b802d3419127f62482543f14c2fee4412686ca9eb86c6908b964354c225a5
0679ace3655e4b9202a5a4f8d8777b8c6faddf1f9e4b3b6a205e0731e1050bf1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07314fbdf27444ca6389219142312c3b65b810d23fdff91ef39e60c819e8163b
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08a2fbf551787398b8b831d56201b2f9595ae2819df8149acd5fe50a592428f0
0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
0b4143d104391949ba1b8ffaa5e342add95a9a246fb2aa46f604f010bd297315
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c3556f44c7cb18f11fe18bf16dd0640d51c697a8db677ce0887217348557df1
0ceee487a90eea3b0e52f01360b44e8b6ac0898062c143dbe724663efd3d6f63
0d562b2abab83afe4f50944f86768d8a1eca6f09b8d49bcd1b232e7303bed3bd
101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860
1086d0ec98811004a382fdb91879aed16738578932118ca79c52bd79d7140b08
110e70d5b15665674c9a662a68059aafe3b0712da45e2c27eaedc100c289d45f
1168c8abfe02845289bb55fd1091f344ddc7b63f7d4c5e95c895b72b4bca982d
1210a8df219e648fc36cd91dcfdad71e27e39ed2017dfd0456a8fa962b4b58e3
16137866f93d5d309967f967d27a360c79fa570bb280257e5a06ae228a9fbd6e
17deb20c6f6ec3f074a2633c5c1706ae28e6def4c605c81c268dcd6161ad008e
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1931c5d0b9638554f43310a5d4c9e9652f92c7dd31da981f4ff7fcbd3945babf
1a90f6e348d34d8ff2d408f207d47ce955c133c6d250e2e4936121df79bf088b
1acd56cfd9c6750c54bf83815cbfa1b969b5a05825325204871fb914dee965fe
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1cbab83578df331197295ca15e20b683d0248ba6ce26c8973d421b329e9ce56f
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1db2a90e6e3782834b6f20c298acd4ea7bac24eafe07b457c0f58e2130f442ad
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
20b588b86dac6a605b4baefd6a9d46f2c1ac84dd78a230dfb4b962c3155096f4
270651f698624e69c4230a72509275056c033a67951dd2cdebd1b56d09f3383b
2b7e38907b14da13c1bdc66b23cf9714963e79e83877ffb55f2b4a9534919a85
2cf68b0f96497a6c432653e7b0ab42cb383f804f6bff63ecc7e38b2244b18d7b
2dad5ac646a269db9be6741f1c5973a4d0f242d176413662178a5710613934b3
2e8ea0960ecbfbceb315e0e8b8e2ad6ab04d6eec8de422cef2e5f58cb0f70c1c
2e949f7c00fb28395839347af2832e00b0b17fa659b9107b1fe97e033cffa957
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3042ad48ca06efa581001902610542545985cd9f256101a49f8d47ecec3d2375
30bcf6ecd423191be7d3e78594b4980a37eacdb8e433be66d59cbc2f4c2ba2e0
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3241f78f63bcbabb2f54458d0e617fa0e7b1a41d31c70d468394864a0cab06ab
34649e79dfd8a771d86985fd98a6809b8362ad9e09c69617a3a5da829b297992
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3701020e23555843f31cbddefb0fcbd66b05ceef5f24597f1d2c8911305e1104
377e78a989a862e9162471b6941a3b2bca501e11ceb25d229ed9d16f8e07a113
3a4e039af161ffcf744c99e826478d73d70db9b065df3bfbffdf57574026fd43
3c2bb1edc83db7e01b582f07603b904542b02338f03433c0fd7e907d7fef1369
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdd9957f328674a49573806215c9fe67a6f827515607cf8d7db980fc94b771c
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41fd4ed5ad93e39cd84d043e905e66e3bbb9dbb50cf2d7bbf68bfeef79f3d3cc
425949af6ff33e2ae8e92a5ee3fc23f97b7c5d7dc8b27a5493cf55ec9cb0094c
43c969dd91796954ee5b0d995fddf5dc9b008844db541a4103c1d95b28ef2f74
43f09d7dca1beaba1a69fa07303d7142b7929a7245b60878b5846d26b48a8c63
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4420c39ec96f5a718173e5896db982275908de27099a964dcd67726e3a95df0e
4452bc4d16309455982365fbe44c9294333c29dc89a7d69d6e7ac9ea92ffafb8
4503ee6bbde79608a0acbcde753e969d71b416bee1f7f4483fb5c5f5abf9423c
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
4628c380b9b3c2cfecc64093ad8450e4d70a49caab926461f9025ff0b9210cc0
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
485567ada85d2d82f3c23210e6082009fcd03700751bf61a07a56a256b1e8918
48c0c0652213b10729997c6c43dcbce4f18f36d011c0ed2dbfd4006808e80569
49f67fea609bcd0ddcf4e2fe069af5c255b95dd8ff68af8251afbd1a4a35b53d
4a0459255511f0e730976e7c0e0fd641b896435400b019c7a0edd652535f553a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f59f47836471cf3f02edfb217afdf107bf29cfe25c424c8c514a32712fc2ee8
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
507c16f4aecd6c9a19d4dbcccb3a470e046a4f606b3ab72ad080f65ac6a03b54
50e734ffcdc09b70990c3eeab77d174cf6eb23513ced5bbe8204a12f934f6bca
53b5cef704fd055c65011a6ba2f7dbe63c4e7ef1e3eec984b5859f6cf8e06e66
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54ac334268e7ad9593fe872a6c75537befc9fb0441e4ee880df02501e362e1c7
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5816cb49cb2408b2f7055731cf37ceb0e903acef960f08f3fc4b63bdee795f6c
587c0bd26306cf6f187074a9885bcf66c4d479dc7dd70cfa62c7a78026b07ea4
5aad52fad01f205d360b0d8b5a2efed7e0d48bd1f78427daa442061c3f653714
5c4d87a0564a5ce563dd7de56df1a22a9fd372d2d50ece713d8ba8973c5f1215
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
602e9d96de0404ae962de70665f8f1cfe966e24b3b3ff9bf13bf47f8d3b2068b
602f0b0ddd86fd394ba24cbd86a53463393f1f9e5ad7d2ab6208abc3b6b8ad3f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
645c990f39dbf24c282b2e62297b3cf0f8a06f732309c682843f019d4df02eba
64f740f91fe8dce12903fd1eafe785bbd9496e3798a0035cd04a91204b8472da
64f88a75df6eeef2e778f967a36f861c2005c64fb8b567a17a8f98878e351255
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3
65ff0687f3630f3bcee4b91486c861ff79a6d37e459c6919ca99b4358c36a511
667d77669d19714ac96c979a077c8c1ddeb43e5d9b425bf78da585cb92935dad
67d170a76df54fe40dcae82e4fac5c72727f113a4cc6229b383a47916f515479
6a24f95be875bbe0bda61851c383abc65e8e967a44556d99b6a2e48bcb97388d
6a345c424a210d4d389f8cffe521b482222e640f0b82f8396f7a06e2eb04f7fc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ccf36bcad83237ad8b6fccd63a044039693b4a936ae7c4e7e83aefbc12c7e9c
6feafb96bbf1af2086ecdd5f1f0f9d60fedfb444b77bc4540ed5febfc9043b4d
71b35500ef491761085d165aaa1c0c914da9475a3a6cf25c05f77d19b293044d
7268f95929f28a0bc33e701fd3e2445ab3dc1eccbf35485488cc393180a5182c
728716e1ff565db78fda48bc7f35e649711dc4be5e862d21693cbd566e8c0dea
731aeb9f616448637ee26d66fe25e22f1f06300ba656b53163f7bea4f9ef25ab
73db2a2a4d0933294f7188230306bea80ad011455f5f3a34127d33cbb43eb1c9
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75be366d3e7a2fbda9ec37cb8c0cb5fa265a65d233d7bb5cb1f6165d09489e3e
75e1fa2a536044ddea28bbfbc8b95a57e73eaae59d2afd21fce22d0459fb140f
76b88dcf40530dccabe878037537ed914d9b582564fd8a9c45d1524f01400256
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
7d349f9e08a50336b6f398554e817e6921dd390ef9d8cacf3074a24d4379bd10
7d68e1b3634db2da8c394ef1754ae0bb9e0fe14e550643e0b913464ce66ba6ac
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8030594b4999eca38901464b09383ca988c454a4f7ab6b963be75e6c42da011d
81a6feeba42461c950063868909af3692c6809b4a45cd9d890a0c967acad4cfe
82a82b0d01609a866a65587cb8bea49710d570151f8a8e53232124dccf8a4676
82d99de88bf7ac91f8e2efe936fb429d4fb86ed97a64d681ebfb12cbc6d590ff
8652647ec167a325a95cc28390329bf191aaa866a274de47e40149bb09b20dac
8795f620c348e90d62914cf11e2a48828041d64798b04b68fb040a447dc0aa51
8894e077cc0d1a47e73bd40004d99c8bd2c65f484e31afb5f095a299a47aabc4
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a11bee2c3c27f9753dd24b6d62e0e00bb4e3965f3f903cf4f0037d3cb7031c8
8a8d46b6f31d146102db0e8db9dedb26abe1050a1e10c58ef365b54ccf2f21b2
8d3ac7ed2a5c8565c0e76c1f90c0add97104041e93b04ab520ef73818c3d9515
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e71afd53d34b1a32c15ee776f34aa51869e45820afcc130ee01477b7e9e275e
93369813037f5d99f0ad1afa3df545bb86828ed5f07e7a578cebeee47f9a4320
93f3e27094d9df6c24961ced094670fb3dba859016ee1580276f7602fc8f3ff8
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
94dc330d7ff3d82152b1ceaa92a712469c9eae969fa025972b1090bfcd9cfb3e
958622e2ce103c663883a5e931b64fe435a4f6cb60e151242416727ea8529448
9767754fa9a8a8353a0558b66bdad4b770ba31d939edbe2c942110c8b1c53270
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b34452c32ec1393e9f2ae9d849683de6302ffad75c1ea07b272b2612a3e4608
9c7bf6fd89eb097c1f7cf0a33ba3ff0b9edc9ef69a2e496fa332c688841a8841
9f2ef335c07566f0d4f273a4b72bcb3ad2b02f0c6232da6129952ee60bd07ba8
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a17e3e49769a59949190c3e07af534cf5f508cf7ceafa6ea4e83a6c608d6573a
a22337a5c35611c75cf66852aa64bb0f4174fb3be7175097ea89ad3d55929934
a4aa36a874d3524a75f284babac118ad88966a7c21bc12c8cd102498e168989b
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a54341497c66b8b98dbc4e61f4729490843936dfaeb65549f75d3bef964b0d84
a64d200d42cc0ccbc8b1dd1046f5578c0d3c4db957c5098dc3a608502027e2db
a68087f20116e01c99dd290dc1abf685e724d834ebe5ffbae1dc273a6ea2c860
a6841d2c4a12ed948dd6c51720e62a032135ccd7f50cc17b7d8d37b20f43c2cb
a68a7aaf623132b6e47f6d9753c49336cc812251cc91a1b82280aca86144b29a
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a7450247a55c744121d5d46d74ce3962dc5d927e8001d21816ceb4c59a37b40f
a7cb0aab4eb9ea05a22065c39ee48cfa65fb4b414f0d1b73f1300bb8fca3adc3
a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff
a8aedce5ce280bf3c1e99fa9b36cb226e62cd39cf77c1f0c5660a6cab7bdece3
a9179676206755fbdcaf25d2c0958cf0ef14c8a787f38c966b9dbd8013b919f0
ae3d6a826507ad9a5c17cb73e82e9d3437f9b9564649f6a9f59d4c703e8506cf
af30e89c051a0f051d3ef7650337d975bb5641d379aaa420bd3ecb95f655fa0e
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b2a153bb98bb5d63554426b87b23f534a7ffadc16d8ad37067b14bf2ab85b9d5
b3eab5c56b7aec210a763983a84c98c0dd96d55e02ab12d5264925f9ac6ae077
b4651cd328cf2ec500baedbd8445a9ea15470aaa1780ea7648b0b2e6f7f0a73b
b4d587cecda63acc6a4c5574619791f557d0b59e0676453fbba7b347e0bc4bd4
b70f0a80bac892e1e492a9ee5cee527ea2a9a2ff162614ff7a3acc78b2e83db0
b875d5818b3be8d7a5972e22ab1477b38d4284fd9c427785e8efd3e84e7520c1
ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bcd0bd92c4d3a64d32241e49e420d84a92be87656e150f976bc2ea008d936c6a
bd2df0fff950bce978c27cee54ed6e14e5e90d9e7f1829ab56da3fb21025ec48
c207703a2894751109413bdf32ccc44e5bbf365c8be8afc939c6fe2ef4e3ce3a
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c25520d256fae2b4cab704a9a089f685cc95eb00cc8477e731a2e539dd726150
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c625fbad47aab81fc9724322d554eb71b7fdad06f8f8c740b6ebac7a68ae78f5
c663d02f1fd54eb4b7240aa7bb888b56405d1a6a5d0ac01890b9b70e1a420a20
c6675a204f25fd959bb07825feee6adae34120708f12930ce7e7f22dfdca0b3e
c668093037a7f6b6bca163b2089b30f28814af187512e1e37ac1dd07d42e5ca8
c6c2661872ccca2848cf122cc6abcb60afc2fa5b96b7d5d6349464485fd8aafd
c746ca687b3e79023240e45eb684f036fd9a1312b454758a6018b3ece635dafb
c78105e6ee45cf59ad74e02a3f256a20af8ec575d47075e84840de57d7e91963
c7de7fd184dac3fd591f012faa4cb3dc726aa5e48ee516a32627e90873b4194f
c80918a6d8ab176b0bf3c2d6981d8011aad5ab891f83c503b1629dda79287e19
c953247aa1084d9b0776174e20b795a235c93f9dcf7c9d34fded56de81146509
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca0b13088e4cc740b37d30f2a5dd83dba46709641f40678950fc0a8f41c9c14c
caa68c1070ab324fa8dcc95a26126279ee83b87725ca829957874312067d248e
cd5fbc42123065c6410094446b6da10c80eb61a3cd3f9fdd8ee3142ef0773542
ce2deb722ce9015a476ef64c5ef252fd51867152ddbf448fcd7f6573675e0d23
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfdddb1aac562e56fd8d6766f97484a9f25d8960601c4e80cd5b3ab446506d9f
d1a6932151d11bdbb00e2d7189ef2b3db4937b93b74bd3ad6605850658bcfd05
d818a014761cd9516d1b3e296946e960d91f4c917bf42a808e67323a8b062da8
d9e08da8f03bfc136e84f23144e1d9c6837ebed60f4c61b6c8cafc8215f77585
dacd84380ab1a5a19fa282a8f488e45d49dc40595b1a030efcffe8cce31e6f3d
db06d19451a1e93a142cfae831094f3e348673366c1ad9bc144544b0f11b2464
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dff9e6963ff933a9b0f9065f574ad95a904784f9405ca20a0f3feeea4d213f3e
e06abcb0bba197caada9cde8eab6127a2b3289561f9b174e8ca88e4eb44dce3f
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1
e394d0e1624d50536c8bf44a11c732e0561842aeb7681ccf6d13230d870c2c95
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b8cd0d6d8c57ef39e1bb5cff8557261b3b2f640656680a72e421471032d841
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e922a199c0736d84f1cb215cb5950484e8cf7c04011a35ccf28fd755aa5e7133
e963e7196beb9123059ec3534b042ebcd1ef0a470fa568bfbebfeab2f33c4fda
ea158645980a559a14b1e96c1a073c931f9241c96711163f93f3d21263e12548
ea72f3069858dd5799972a81559d163f0cffc15449b48b9fd80b2fb4dba88a6d
ee32eb1ca4915f3c4e70e785f8a5fc2533de2cda73dba8857e63c9007d64f51b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f12519de9c711802995ba7f9ff657e29d583bdfbecd2ecc03033bda827d30c9d
f2b99e0ac804013dc7370410a8653c4f42082e990c1000809eb9a9aea52d2c97
f509537a941a4046b1f076ab2441d1ea6bf21b3d2a0122faea116e1d609fbfaa
f52e5c72ddd7d48dbd5709673b058d862a00f1eb5c055db7223156e6875bb7f1
f5ef8edb4b86aa28a037814c4e01f595132692bd47ec423d2e649bf7b4f66482
f666cb519dd4c35cc655c7e7ecc8a437ea52cf14738a21cf6b1a0ff90e844dbf
f7d124a9ca61097c6e62d74e580a802b36e4a1f70ad8356d3d11e9333057d927
fa548a9ded41d155003ed19ae60beb51bec151a1216a55c695b5ec0c2cc6c159
fae89768b8f292558aa096c58cd9995c2601df28a88de775586f26859a155b54
fd6829e1e7540954f29938c16c1afac26c7deac1e32e4d04a32885c753a66f7f
fde4eef3ca0bafeaa74e25a52a10204e6c2737a991108a6417bb3b793e14ee4d
ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2