user.gemvpn.xyz Open in urlscan Pro
91.107.188.26 Public Scan

URL: https://www.lgbtqnation.com/news/
Title: News

URL: https://www.lgbtqnation.com/life/
Title: Life

URL: https://www.lgbtqnation.com/politics/
Title: Politics

URL: https://www.lgbtqnation.com/bias-watch/
Title: Bias Watch

URL: https://www.lgbtqnation.com/commentary/
Title: Commentary

URL: https://app.monstercampaigns.com/c/qun2nne3a2xz7mclcnpb/
Title: Subscribe

URL: https://twitter.com/lgbtqnation

URL: https://facebook.com/lgbtqnation

URL: https://instagram.com/lgbtqnation

URL: https://www.lgbtqnation.com/2023/05/zooey-zephyr-hugs-her-colleagues-as-she-returns-to-the-montana-house-floor/

URL: https://www.lgbtqnation.com/2023/05/copenhagens-mayor-calls-out-tiny-california-towns-hostile-pride-debate/

URL: https://www.lgbtqnation.com/2023/05/7-lgbtq-athletes-who-came-out-changed-the-game/

URL: https://www.lgbtqnation.com/2023/05/families-of-trans-youth-sue-oklahoma-over-its-new-gender-affirming-healthcare-ban/
Title: Families of trans youth sue Oklahoma over its new gender-affirming healthcare ban

URL: https://www.queerty.com/florida-woman-declared-a-local-hero-for-throwing-a-drink-in-matt-gaetzs-face-at-a-wine-festival-20230503?utm_source=lgbtqnation&utm_medium=directlink&utm_campaign=directlink&utm_content=Florida+woman+declared+a+national+hero+for+throwing+a+drink+in+Matt+Gaetz%E2%80%99s+face+at+a+wine+festival
Title: Florida woman declared a national hero for throwing a drink in Matt Gaetz’s face at a wine festival

URL: https://www.lgbtqnation.com/2023/05/j-harrison-ghee-alex-newell-make-history-as-first-nonbinary-actors-nominated-for-tony/
Title: J. Harrison Ghee & Alex Newell make history as first nonbinary actors nominated for Tony

URL: https://www.lgbtqnation.com/2023/05/2-men-joined-lesbian-dating-app-to-shame-trans-women-but-they-just-ended-up-shaming-each-other/
Title: 2 men joined lesbian dating app to shame trans women but they just ended up shaming each other

URL: https://www.lgbtqnation.com/2023/05/cops-told-hayley-kiyoko-she-couldnt-have-drag-queens-in-her-show-she-brought-them-onstage-anyway/
Title: Cops told Hayley Kiyoko she couldn’t have drag queens in her show. She brought them onstage anyway.

URL: https://www.lgbtqnation.com/2023/04/anti-lgbtq-trump-lawyer-whines-as-fellow-magas-turn-on-her-with-misogynist-insults/
Title: Anti-LGBTQ+ Trump lawyer whines as fellow MAGAs turn on her with misogynist insults

URL: https://www.lgbtqnation.com/2023/04/dylan-mulvaney-tells-rosie-odonnell-its-time-for-lgbtq-people-to-step-up-for-trans-people/
Title: Dylan Mulvaney tells Rosie O’Donnell it’s time for LGBTQ+ people to “step up” for trans people

URL: https://www.lgbtqnation.com/2023/04/wisconsins-out-sen-tammy-baldwin-announces-reelection-campaign/
Title: Wisconsin’s out Sen. Tammy Baldwin announces reelection campaign

URL: https://www.lgbtqnation.com/2023/04/whiney-marco-rubio-says-a-dylan-mulvaney-instagram-video-will-end-the-global-balance-of-power/
Title: Whiney Marco Rubio says a Dylan Mulvaney Instagram video will end the global balance of power

URL: https://www.lgbtqnation.com/2023/04/north-dakota-governor-signs-trans-sports-bans-after-vetoing-them-in-past-years/
Title: North Dakota governor signs trans sports bans after vetoing them in past years

URL: https://www.lgbtqnation.com/usa/
Title: News (USA)

URL: https://www.lgbtqnation.com/2023/04/missouri-gop-votes-to-slash-state-library-funding-over-lgbtq-books/
Title: Missouri GOP votes to slash state library funding over LGBTQ+ books

URL: https://www.lgbtqnation.com/2023/04/whose-egg-is-it-anyway-what-not-to-ask-a-queer-parent/
Title: Whose egg is it anyway? What not to ask a queer parent.

URL: https://www.lgbtqnation.com/2023/04/rightwingers-are-now-boycotting-jack-daniels-over-an-lgbtq-campaign-from-2-years-ago/
Title: Rightwingers are now boycotting Jack Daniel’s over an LGBTQ+ campaign from 2 years ago

URL: https://www.lgbtqnation.com/2023/05/anti-trans-trolls-attempted-to-swat-zooey-zephyr-girlfriend-erin-reed/
Title: Anti-trans trolls attempted to “swat” Zooey Zephyr & girlfriend Erin Reed

URL: https://www.lgbtqnation.com/2023/05/wanda-sykes-joel-kim-booster-lilly-wachowski-other-lgbtq-stars-support-writers-strike/
Title: Wanda Sykes, Joel Kim Booster, Lilly Wachowski, other LGBTQ+ stars support writers’ strike

URL: https://www.lgbtqnation.com/2023/05/gop-congresswoman-snaps-at-conservative-who-accused-her-of-supporting-trans-people-by-wearing-a-tux/

URL: https://www.lgbtqnation.com/2023/05/cops-tackle-protestors-after-gop-orders-removal-of-trans-rights-activists-from-texas-house/
Title: Cops tackle protestors after GOP orders removal of trans rights activists from Texas House

URL: https://www.lgbtqnation.com/2023/05/florida-lawmaker-admits-republicans-hate-lgbtq-people/
Title: Florida lawmaker admits Republicans hate LGBTQ+ people

URL: https://www.lgbtqnation.com/2023/05/karine-jean-pierre-scolds-fox-reporter-for-his-dramatics-at-press-briefing/
Title: Karine Jean-Pierre scolds Fox reporter for his “dramatics” at press briefing

URL: https://www.lgbtqnation.com/2023/05/gop-governor-rejects-funding-for-pbs-because-clifford-the-dog-indoctrinates-kids/
Title: GOP governor rejects funding for PBS because Clifford the dog “indoctrinates” kids

URL: https://www.lgbtqnation.com/2023/05/anti-lgbtq-pundit-accused-of-abusing-wife-exposing-genitals-to-coworkers/
Title: Anti-LGBTQ+ pundit accused of abusing wife & exposing genitals to coworkers

URL: https://www.intomore.com/culture/trailblazer-cece-telfer-knows-trans-girls-belong-in-sports/?utm_source=lgbtqnation&utm_medium=directlink&utm_campaign=directlink&utm_content=Trailblazer+CeC%C3%A9+Telfer+knows+trans+girls+belong+in+sports
Title: Trailblazer CeCé Telfer knows trans girls belong in sports

URL: https://www.lgbtqnation.com/2023/05/what-does-the-bible-say-about-transgender-people-an-in-depth-look/
Title: What does the Bible say about transgender people: An in-depth look

URL: https://www.lgbtqnation.com/prime/

URL: https://www.lgbtqnation.com/2023/04/the-benefits-and-dangers-of-viagra-might-be-greater-than-you-think/

URL: https://www.lgbtqnation.com/2023/04/how-to-win-the-battle-with-erectile-dysfunction-part-1/

URL: https://www.lgbtqnation.com/2023/04/by-the-numbers-boomers-are-retiring-in-the-millions-and-the-healthcare-costs-will-be-staggering/

URL: https://www.lgbtqnation.com/2023/03/this-new-popular-housing-choice-could-be-right-for-you/

URL: https://www.lgbtqnation.com/2023/05/rachel-maddow-connects-ugandas-kill-the-gays-bill-to-arizona-christians/

URL: https://www.lgbtqnation.com/world/
Title: News (World)

URL: https://www.lgbtqnation.com/2023/05/anti-lgbtq-legislation-is-making-66-of-queer-youth-more-anxious-suicidal/

URL: https://www.lgbtqnation.com/2023/05/dwyane-wade-gabrielle-union-heckled-by-transphobes-why-did-you-mutilate-your-son/

URL: https://www.lgbtqnation.com/page/2/
Title: 2

URL: https://www.lgbtqnation.com/page/3/
Title: 3

URL: https://www.lgbtqnation.com/page/1892/
Title: 1,892

URL: https://www.twitter.com/lgbtqnation
Title: Twitter168K+ followers

URL: https://linktr.ee/lgbtqnationpodcast
Title: podcastApple, Spotify, Stitcher and more

URL: https://www.youtube.com/user/lgbtqnation
Title: Youtube2K+ subscribers

URL: https://www.gaycities.com/
Title: GayCities

URL: https://www.queerty.com/
Title: Queerty

URL: https://intomore.com/
Title: INTO

URL: https://www.q.digital/

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://q-digital.videoplayerhub.com/galleryplayer.js?ver=20210324 HTTP 301
https://btloader.com/tag?h=q-digital&upapi=true

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

Request Chain 177

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZFLdzrDgiz4Q4WVRwnC7fQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1

Request Chain 179

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

Request Chain 181

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZFLdzrDgiz4Q4WVRwnC7fQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

Request Chain 182

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1

Request Chain 183

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D

Request Chain 201

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=hc5BYya_SX6MzMCJl6ymgQ&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hc5BYya_SX6MzMCJl6ymgQ

Request Chain 202

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGIhw2WhJ0E4jSzsTlIeQNI&google_cver=1

Request Chain 203

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=FEwF2ERtQxSlq2sF-F0aiw&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=FEwF2ERtQxSlq2sF-F0aiw

Request Chain 204

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/y9bP41WCFjKiMRgkUCv1iMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-2.xff4pE2oJzV57sX65zjD0J6FfYJCr5osbOwA--~A

Request Chain 206

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH89FWJU-23-31OQ

Request Chain 207

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEg4OUZXSlUtMjMtMzFPUQ== HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECOQyVulUeATpmmYKBGl9sw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg4OUZXSlUtMjMtMzFPUQ==&google_push=

Request Chain 208

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGQwM2RlNmU1MDhkOTZlZDhiMTBiZGJlZmMwZDI5NjFlMTY5NzllNg

214 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
user.gemvpn.xyz/ 209 KB
49 KB 99ms
44ms Document
text/html 91.107.188.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.107.188.26 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.24.0 /

Resource Hash

1057e4f354e87601afb0d654f43d5305be92b50116d5bbfcd35e47f26024bdcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536001; includeSubDomains; preload max-age=31622400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 512
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=600
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 7c1be1e14c53bbec-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 03 May 2023 22:18:53 GMT
link: <https://www.lgbtqnation.com/wp-json/>; rel="https://api.w.org/" <https://lgbtq.to/41Y8KdM>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: geolocation=(self "https://www.lgbtqnation.com"), microphone=(), camera=()
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JsNn9iP8rySdM9mvFDrZRgLZ%2FQxRsO0vkrWz%2FnwSNPWioEieK6GHZacbzvaf%2FryAZ%2B42X55TnXN7Aav85pxjFT6e%2Fq0VOoCNg4fsi9m2dC4ktXYSNVVfdcCt3kbBqKOox4Y3cZ%2BhGyZ9k%2FNGq0jsQJVJ"}],"group":"cf-nel","max_age":604800}
server: nginx/1.24.0
strict-transport-security: max-age=31536001; includeSubDomains; preload max-age=31622400
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 6, 7
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-crpjc
x-served-by: cache-chi-kigq8000155-CHI, cache-fra-eddf8230022-FRA
x-styx-req-id: 4b0b2efd-e9ff-11ed-a37c-d2ed9f824b70
x-timer: S1683152333.010362,VS0,VE0
x-xss-protection: 1; mode=block

GET
H2 200 script.js Show response
dfboipmnnah5o.cloudfront.net/ 124 KB
43 KB 39ms
8ms Script
application/javascript 2600:9000:20eb:5400:3:aed2:1700:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dfboipmnnah5o.cloudfront.net/script.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:5400:3:aed2:1700:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 73d16488d186dafad0d8dffc5f86b94e0c35d413be4b1741bc3df9242740c170

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: lvA_3mC1JLsSODg2hEbzKczXFSCx7wvd
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
date: Wed, 03 May 2023 22:16:02 GMT
last-modified: Wed, 03 May 2023 18:27:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 172
x-amz-server-side-encryption: AES256
etag: W/"d91389593c2e26f12865008f06664f88"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=600,public,must-revalidate
x-amz-cf-id: Cp98-imKVgQKkCW5HHuEISO0MuZOkquRvlKhx7ojs6z9ZTi1QbJRUQ==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 74 KB
25 KB 70ms
29ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a80653896c19a130a15299b454ae823da7b1f339e5b590531c424644b4a81800

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24813
x-xss-protection: 0
server: cafe
etag: 725 / 19480 / m202305010101 / config-hash: 4027723343301255587
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 03 May 2023 22:18:53 GMT

GET
H/1.1 200
OK adb.2634970.min.js Show response
prod.adspsp.com/ 284 KB
92 KB 35ms
8ms Script
text/javascript 13.32.27.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.adspsp.com/adb.2634970.min.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-84.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 802c95f9cbdcf9e286b3cbf423448376fe90991e1a7ea6305049991fc566a13b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 21:36:07 GMT
Content-Encoding: gzip
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
Last-Modified: Tue, 02 May 2023 21:34:43 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-C2
Age: 70374
x-amz-server-side-encryption: AES256
ETag: W/"dbd8a4e2670a29587c3ba8d0e3915674"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: ZuCh9Jza_w8653BaETeLp1Ikbiq9zEH3VBvoEkxkGjzcDe_QtjWz1Q==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 227 KB
56 KB 31ms
7ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e81437bacb2eadf8e9892f7c4423437a86ed8249bf77dcf71770909857779174

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:25 GMT
content-encoding: gzip
via: 1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront), 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
last-modified: Thu, 27 Apr 2023 19:15:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 28
x-amz-server-side-encryption: AES256
etag: W/"e301ce991ef543783521cd0156a962ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: bqRYLgw6n2mswOd7Ab3RYPwdLdrOKnh3CiavEY3x-RisAagI0zqcRQ==

GET
H2 200 style.min.css
www.lgbtqnation.com/wp/wp-includes/css/dist/block-library/ 93 KB
13 KB 56ms
28ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-774wk
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100134-CHI, cache-fra-eddf8230104-FRA
last-modified: Tue, 02 May 2023 17:05:28 GMT
server: cloudflare
x-timer: S1683047880.765031,VS0,VE1
etag: W/"645142d8-172a9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7v7IVvxP3KSfrGrcf1tFKaUiDC7v3s71UxBQDbDx7WeX9%2FcA8JNV4N5byUT%2FTqvVG1Zeesy1UOb4be74tM58XULLBP4pzxGexPylLIgAXH40ItQRIQ%2FFvMTL%2FId62AXKdcHoG4F%2Fxt9uQwFnoAny7OXw"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 501767dc-e90c-11ed-a69b-266b36fadd0e
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb29bbce-FRA
x-cache-hits: 15, 1

GET
H2 200 classic-themes.min.css
www.lgbtqnation.com/wp/wp-includes/css/ 217 B
581 B 55ms
28ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-zhff9
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000058-CHI, cache-fra-eddf8230106-FRA
last-modified: Tue, 02 May 2023 17:05:28 GMT
server: cloudflare
x-timer: S1683047880.767631,VS0,VE1
etag: W/"645142d8-d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hl7C7V%2FsDxnSY%2FV2TB9wNRef8AUGeJ2Q1%2F5%2FqAxzzdbiHFH77xuV7HCSPYru94glaPOyvpDWkOG5BpijfLNKny46N5netAEPo9%2FZiZCO0zSWtIFLL0V13M%2FJS2n6xYbUOyT5gZOwI%2FQcCTmo5i0uQYCl"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 50189f3f-e90c-11ed-a548-7a8434a2fe44
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb2abbce-FRA
x-cache-hits: 17, 1

GET
H2 200 frontend.css
www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/frontend/css/ 23 KB
5 KB 47ms
19ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/frontend/css/frontend.css?ver=1.2.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

747a3bba65f5fa699a05b34f7d60088ed3c5748004e2a8e43b1bf7778a130281

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 22:24:57 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 84352
cf-polished: origSize=33126
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 18, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100123-CHI, cache-fra-eddf8230058-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 22:23:41 GMT
server: cloudflare
x-timer: S1683067982.682356,VS0,VE1
etag: W/"64518d6d-8166"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Es5oRfGDyBk7ROG%2Bj2NujlGzbO7QhJBbelfMBHoOppJ7lWIxKp4Vo3dfzDIC1JtSaq1HWdwjEnzi5yD8JlQEYUDMDmCiSLO4XIli%2B%2F1H7GmLfYVQLc%2BqqH%2FbRDgmTw2n0XXNZJsJuVmJkVxXgQxQfgz0"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 2b9a8abe-e938-11ed-a139-fa0d7fa6cc3c
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb2cbbce-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-5kdf8

GET
H2 200 widget-leaderboard.css
www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/frontend/css/ 1 KB
872 B 56ms
28ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/frontend/css/widget-leaderboard.css?ver=1.2.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1d59782968fe887a66eb653b45b9162a2c44dcd407152c68657bbb54d38d272

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 22:24:57 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 84352
cf-polished: origSize=1295
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 19, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000127-CHI, cache-fra-eddf8230118-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 22:23:41 GMT
server: cloudflare
x-timer: S1683067982.693320,VS0,VE1
etag: W/"64518d6d-50f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BuiwaCqzT6BgDt1Cv%2FdxjU5sC6gYMkXY%2FrRX9%2Fy5tGyDySptKezyhTVMaWkfetkUAldyifEISHy8Ehz2v%2Br4JwII1aNQvmbFW596yNvUyboVuDSmY4fVlJUop2WtqOdYEnnozwvA7gxpYngjQPnLu80I"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 2b9c39de-e938-11ed-a37c-d2ed9f824b70
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb2ebbce-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-crpjc

GET
H2 200 animations.css
www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/vendors/animations/ 17 KB
3 KB 61ms
34ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/vendors/animations/animations.css?ver=1.2.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75000e96e6f6234ea2ae0454bc85b2f9796829b7191ba1cab893522f6c776062

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 22:24:57 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 84352
cf-polished: origSize=27883
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 17, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000035-CHI, cache-fra-eddf8230052-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 22:23:41 GMT
server: cloudflare
x-timer: S1683067982.688871,VS0,VE1
etag: W/"64518d6d-6ceb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t3VSKpoE87a1bTN5u3%2FC3PhrrR5ZshW63kGxtyh7r8ijYemIhpcNeIuFLbBuTmqC4apMLtmobcEpWYj6zIgv2HYrrtdM%2BhnUZCt0sy3lqs3FoUOTabTfHsTIWFVsYVWrV6mqoYJXxgbbJREB2npeLIoX"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 2b99e666-e938-11ed-8145-2ecbc81e1adc
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb30bbce-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-nk5mx

GET
H2 200 cookie-law-info-public.css
www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/css/ 3 KB
2 KB 56ms
29ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/css/cookie-law-info-public.css?ver=2.3.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e74df990fc2870bec563c9c8f7e343dcda30fd8e4689aeeab5e82b060d714d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
cf-polished: origSize=3967
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 17, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000071-CHI, cache-fra-eddf8230077-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: cloudflare
x-timer: S1683047880.768794,VS0,VE1
etag: W/"645142d6-f7f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lFkjkGqAIsqgIY9hbzKepNlpCgjljO1uHqjR7gawelDEMU%2BzdYzXl2X%2BvoBll7LT82%2FLhUVvGrJxNrZWNr7bVMDAMrfj3HjvCkDLicoGG%2Fwq%2B%2F1u5E3yV%2FS9uz65FDeeXtge8DLEjr4JEoaD5jeSpCY2"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 5018b372-e90c-11ed-a548-7a8434a2fe44
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb33bbce-FRA
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-zhff9

GET
H2 200 cookie-law-info-gdpr.css
www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/css/ 17 KB
4 KB 56ms
29ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/css/cookie-law-info-gdpr.css?ver=2.3.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b0bdf59b1ce2c43507c42dfc11f73185ab3b04717399db2544c458df3c1dfd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
cf-polished: origSize=22265
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 16, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000023-CHI, cache-fra-eddf8230100-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:27 GMT
server: cloudflare
x-timer: S1683047880.770288,VS0,VE3
etag: W/"645142d7-56f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLFqpqqJKE%2BZH6yHCc7B6hnFrWPo3oF1aNzpQ2Tt6c7r7vrepRHgVnFyEJZ%2Bnj9%2FNsxRAiSL57SaWcRi7M0xnASFs%2ByilmzPDgaihqoFfl%2B10wYx6BgbtZHdOPvpwasXIcxwgkY5aciuIBpjEWnOKazk"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 50175f2a-e90c-11ed-9251-d60409dc0553
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb37bbce-FRA
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-m7g5m

GET
H2 200 vendors.css
www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/ 116 KB
21 KB 54ms
27ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/vendors.css?ver=v20220309a

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4074606040c859be816705f57d552c550b252f1f05513ed7fe931e8d2903080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
cf-polished: origSize=171005
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 15, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100039-CHI, cache-fra-eddf8230060-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:27 GMT
server: cloudflare
x-timer: S1683047880.766473,VS0,VE32
etag: W/"645142d7-29bfd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1p7VjEEOZJMMOk6l%2BXyLuyt9xi1oSJlRF%2BHo7o9I3t1MYKUYD8ZhYIhpydeW7ydMSbcgaX6BeuzhLNE%2FlkGdrmgZzu6Tbqy0izbwPBaf2Iv2bsF7snRd%2FSyZZ8dZNSp5T3z7zggM886tmoq9Ht4TfyBC"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 501a8105-e90c-11ed-8d30-9a8294422577
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb31bbce-FRA
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-pqhqh

GET
H2 200 main.css
www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/ 94 KB
18 KB 62ms
35ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/main.css?ver=1683122433

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05e78e055b18557a9102461c4f4ea15a43995d5dd8f3d12e169adaf1f3f77868

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Fri, 03 May 2024 14:00:42 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 28895
cf-polished: origSize=96229
content-encoding: br
x-cache: MISS, HIT
x-cache-hits: 0, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000165-CHI, cache-fra-eddf8230137-FRA
cf-bgj: minify
last-modified: Wed, 03 May 2023 14:00:29 GMT
server: cloudflare
x-timer: S1683123439.978879,VS0,VE3
etag: W/"645268fd-177e5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Aw%2FQdC1YPikXti64VMJT5sWB8FG2bPYnzEDTtQEiH4TkoeaLc%2FEUqJE%2BuJqslx%2BkPYew0BDbdPd2CDxQLhZ5%2F1rBiQSY%2FKFpsUMRJq1Ese6Y0Yiw6JExKHo1rxmvleiEugFD%2Fpl%2FW98jV7sHBgRCz9r"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: e37dc26f-e9ba-11ed-b29b-3674233cca68
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb32bbce-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-5chg9

GET
H2 200 frontend-gtag.min.js Show response
www.lgbtqnation.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 12 KB
4 KB 47ms
20ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.14.1

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-pqhqh
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100068-CHI, cache-fra-eddf8230046-FRA
last-modified: Tue, 02 May 2023 17:05:25 GMT
server: cloudflare
x-timer: S1683047880.765872,VS0,VE5
etag: W/"645142d5-2e7a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vhG825jtyYYMQvlbCTHxl87sAezZDbh9hsioGTpsedM5bFWn1QQJWY7t7qW%2BuSsd9MO7qom32DN3HrjdVJr1j1cwQV3KeSqsFZs8aA%2Bre2kpts4lDa2g3S6PLy%2Bcvfz6A3Y835EUE5o8DkIKfYwc%2Fe7N"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 50193603-e90c-11ed-8d30-9a8294422577
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb3bbbce-FRA
x-cache-hits: 13, 1

GET
H2 200 jquery.min.js Show response
www.lgbtqnation.com/wp/wp-includes/js/jquery/ 88 KB
32 KB 56ms
29ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-pqhqh
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100067-CHI, cache-fra-eddf8230028-FRA
last-modified: Tue, 02 May 2023 17:05:28 GMT
server: cloudflare
x-timer: S1683047880.769093,VS0,VE1
etag: W/"645142d8-15e54"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WwmVgzaWbTYqGFPA6P5fZkD6cX%2FFmR9thYCiRkprHrtiE2JutM5x07j6SvRkO%2B0Ymc94xb0avloOy0GazXPXktyrfeVriyxBBY1EWedImJmVQBLU00%2BrHvv3L4K%2FhZwEmEJr3JTGb43yFtvUxID8SyQ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 501a0667-e90c-11ed-8d30-9a8294422577
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb3cbbce-FRA
x-cache-hits: 17, 1

GET
H2 200 jquery-migrate.min.js Show response
www.lgbtqnation.com/wp/wp-includes/js/jquery/ 11 KB
5 KB 45ms
18ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-m7g5m
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100059-CHI, cache-fra-eddf8230053-FRA
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: cloudflare
x-timer: S1683047880.769001,VS0,VE2
etag: W/"645142d6-2bd8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tf3UM5Jf30mftGHCS8gscuGZyg3pY%2BcUnxN39ThKuuSwHD6E8uBdUxgl8fh1ADdrsHQoDNVyKS4lp6kA%2FC18LyZdJC1%2B3vf7Fkx3tvjy0JcTL2TMUT9Hey7FQl31kB5LSOJnb3i%2BR1tCk%2FLI3HLvlbKN"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 50199c4e-e90c-11ed-9251-d60409dc0553
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb3abbce-FRA
x-cache-hits: 16, 1

GET
H2 200 cookie-law-info-public.js Show response
www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/js/ 39 KB
11 KB 47ms
21ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/js/cookie-law-info-public.js?ver=2.3.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51aaa102a38e781229d7ccf4572538d580f51d9edb2c59fdd94875f0a0c4d322

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
cf-polished: origSize=50720
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 17, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100043-CHI, cache-fra-eddf8230138-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: cloudflare
x-timer: S1683047880.769997,VS0,VE2
etag: W/"645142d6-c620"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCAHkHSFcn2qokWKBo9kUB%2FRIxUuyKtK9S38EeX%2B5tbJMOPUs5KbdRFremEC2qEXs3kygkBKFXsU%2BrfOBMtw13klXB0kt9LO9MnGD3T%2F0ruJTnI8%2BCMgMLMyJQSHDvCwFMTxteDtJGfoGqOrwY%2F70VYZ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 501efc6a-e90c-11ed-a548-7a8434a2fe44
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb38bbce-FRA
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-zhff9

GET
H2 200 cookie-law-info-ccpa.js Show response
www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/admin/modules/ccpa/assets/js/ 6 KB
2 KB 46ms
20ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/admin/modules/ccpa/assets/js/cookie-law-info-ccpa.js?ver=2.3.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb98e186ac26f3c45bf690ff488f9d1d73de6b0d973afccc2228e462f7951bc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
cf-polished: origSize=8502
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 7, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100139-CHI, cache-fra-eddf8230074-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:27 GMT
server: cloudflare
x-timer: S1683047880.768392,VS0,VE3
etag: W/"645142d7-2136"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LdoMvMpEgAe1%2B6TSV%2BIJrLCBvczhFAnjpwalqV%2BtC%2FYSY3zgPZBWfHsQKjOLzVJJ3p34E7hYVelr24u0atLkKbr%2FDzs8RUOnKlpBxFhZTZgjaqE5WzNUIIbdXz55KiHcPWCdTRvgbWQhUOs%2F1jpOosvk"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 501a9ddb-e90c-11ed-a69b-266b36fadd0e
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb39bbce-FRA
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-774wk

GET
H2 200 main.js Show response
www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/scripts/ 7 KB
3 KB 53ms
26ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/scripts/main.js?ver=v20220725a

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c5c88c6307b95428f2b8c752ef81f522d04390378cb8967db0a5f1834aac69d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
cf-polished: origSize=8364
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 17, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000105-CHI, cache-fra-eddf8230092-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:23 GMT
server: cloudflare
x-timer: S1683047880.782571,VS0,VE102
etag: W/"645142d3-20ac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u45xItQBnO6Lwh3vnFDvH6xQPLif5cNvVFvNZJdTQJ%2BYgtV2dvnr2nYmmwANCEVFPIorLAbvEJp8UP5odu8K12UyeiCd9ed8rHoLzzvvzHq3fzrERt6%2Bwc%2FJHhrsyws5t2H7lGlG2NU3haP%2FtOPzLJPJ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 50198035-e90c-11ed-a37c-d2ed9f824b70
cache-control: max-age=31622400
cf-ray: 7c1be1e1eb3ebbce-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-crpjc

GET
H2 200 css2
fonts.googleapis.com/ 13 KB
1 KB 37ms
16ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=PT+Serif:ital,wght@0,400;0,700;1,400&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d0cecd5e0748660f3aeea01981c4ee5e5150558a2281c0d5e5c3c3877eebd3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 May 2023 22:18:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 May 2023 22:18:53 GMT

GET
H2 200 lgbtq-nation-logo.svg
user.gemvpn.xyz/images/logos/ 5 KB
3 KB 52ms
46ms Image
image/svg+xml 91.107.188.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://user.gemvpn.xyz/images/logos/lgbtq-nation-logo.svg

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.107.188.26 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.24.0 /

Resource Hash

39b2a4ee2647a0ba753cef06d89128cb59585e2422c85cc585b313efcce1dbfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:00 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104800
content-encoding: br
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-774wk
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000159-CHI, cache-fra-eddf8230113-FRA
last-modified: Tue, 02 May 2023 17:05:23 GMT
server: nginx/1.24.0
x-timer: S1683047533.190244,VS0,VE120
etag: W/"645142d3-143d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EOkHeQiGNMxGVjmq4cdcqGZ06Njqk6Z0qY3URKcLVzS6NAPmSKoMbwuSJ18On3jolyCW%2B1NW2SbjUcKTXlF1%2FrqeUqsd03t1VFTp4NwPFzQ%2Bs7tBn%2BYCMoVSL1%2B8wBQzDRNTzqzoGNR4MbiH%2FheihBj4"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4ffae670-e90c-11ed-a69b-266b36fadd0e
cache-control: max-age=31622400
cf-ray: 7c1be1e2fa5d18b7-FRA
x-cache-hits: 16, 0

GET
H2 200 lgbtq-nation-logo-stacked.svg
user.gemvpn.xyz/images/logos/ 5 KB
3 KB 50ms
44ms Image
image/svg+xml 91.107.188.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://user.gemvpn.xyz/images/logos/lgbtq-nation-logo-stacked.svg

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.107.188.26 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.24.0 /

Resource Hash

505799011939a803e0c6fb372c5b0ed517e7c41f88275dfec40e42322b62a7d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104800
content-encoding: br
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-5kdf8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100179-CHI, cache-fra-eddf8230122-FRA
last-modified: Tue, 02 May 2023 17:05:23 GMT
server: nginx/1.24.0
x-timer: S1683047533.191607,VS0,VE108
etag: W/"645142d3-1461"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=54nAmgUoNC4%2FQ36d9jxQiAqZ6S86Ps0f1U4dfqb1e%2FnmxJMZaFiNS0NATOXW8AvvxWDfKxHGtxd5e5YSmlhWMQ6I6t6Uan9ZHEQpqWlw3pW%2FQA6XTseeV2rY9T7QQxdMuIEKg06j8nD4k0jcSmC2ECqW"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 50126857-e90c-11ed-a139-fa0d7fa6cc3c
cache-control: max-age=31622400
cf-ray: 7c1be1e2fe7b3616-FRA
x-cache-hits: 16, 0

GET
H2 200 zooey-zephyr-1.png
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/ 20 KB
21 KB 68ms
7ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/zooey-zephyr-1.png?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=1200&h=600

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

2a2d07fabd119cc7e447abf4e4388c83bc295cd956480cea99ad3de61287cd15

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 27 Apr 2023 13:04:41 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 551652
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 20562
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 161575s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_009_20230427130441_85a69_R0iR#600z
etag: "5cef808947f88fa58c3f6e7ef742e3d0"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: 69ZGRf2ElmoIdRiAW9Kuv5pXRUfNZbsqbVaBmydijJT-d685tAvYkQ==

GET
H2 200 shutterstock-106732691.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 30 KB
31 KB 73ms
13ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/shutterstock-106732691.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=524&h=220

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

af737ee5d9d71c2396304cc8f9b159e238fb2f6b49192db9378adeb5a249a1e9

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 19:37:45 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 9668
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 31060
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 87940s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230503193745_727ec_QPts#370z
etag: "d2dbdc5a6eb39943095fb88e2302f2c1"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: dIui6zrez3r6BL8gnGQ-7yU3tWaqXStztcd6ChxT05Bh16eOzbod6Q==

GET
H2 200 screenshot-2023-05-02-at-3.17.24-pm-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 15 KB
15 KB 75ms
14ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/screenshot-2023-05-02-at-3.17.24-pm-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=524&h=220

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

f2a8f1e1909fe26e2d507b01748c27a1c20bfec5301fbe30fb3f1e87f87c2a7a

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 16:22:52 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 21361
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 14864
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 71046s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_009_20230503162252_fc738_7kmP#370z
etag: "812ac9f7c39f5d3c69435ee1e2ffe18b"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: 95rXUj2tTVhnF6masDLB4Ygh80nvvJRE4y2-mc2I7C2uZDY9h8VDBw==

GET
H2 200 shutterstock_1433782895-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2022/03/ 27 KB
27 KB 75ms
15ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2022/03/shutterstock_1433782895-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=1000&h=624

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

171e358f6ae3926c731b24e04037707829bd2b4f4bbe2b9dac5eeed5a9eb3fdc

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:11:43 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 430
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 27168
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 33104784s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230503221143_ccfe4_JDqB#777z
etag: "17b2c32befc1319058168f76c43a878d"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: BuWPsc7FtMnaiqCXjE0dHx_0zQ7T2AAFzJFiAHouKV7Ii5yaQt1vUQ==

GET
H2 200 Screenshot-2021-11-29-154837.png
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2021/11/ 35 KB
36 KB 79ms
18ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2021/11/Screenshot-2021-11-29-154837.png?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=1000&h=624

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

7c072d42d70e55e36649a611c71449fade8f374eb1378b60b320ff1f2372c302

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 16:38:26 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 20427
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 36234
x-xss-protection: 1
x-hexa-initwait: first_req, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_009_20230503163820_55b5e_qbwZ#777z320y330y
etag: "ac8373a7b85c1c0dfe98586cd1f3cb07"
x-resource-status: downloaded
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: A1R_w2_s1(webp)_w2_s2(png)_e(4)R
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: -1AidiLrKUckMw2PZoRWEVba9dcXzaL4D65n_-2ZbeLsXzSTNo5utw==

GET
H2 200 hags-food-wine-glasses-12-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2022/10/ 35 KB
35 KB 81ms
20ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2022/10/hags-food-wine-glasses-12-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=1000&h=624

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

7b14f39501d672924b7aa33ee8619892cc29467109d35147520b9641564c0ad3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 21:00:30 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 4703
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 35460
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 5824s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230503210030_79b28_2r7T#370z
etag: "8301556c25b7c618427188a2c2a8ce4c"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: G5wzidzkhDBzo_yLb1D56qDw_9vDwnRQjxV6DSA7T0UaNLXFGgz-UA==

GET
H/1.1 200
OK lgbtq-prime-logo.png
lgbtqnation-assets.s3.amazonaws.com/assets/2022/09/ 14 KB
14 KB 339ms
120ms Image
image/png 3.5.29.23
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lgbtqnation-assets.s3.amazonaws.com/assets/2022/09/lgbtq-prime-logo.png
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.29.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 71977ff12332da95182280f8d1de08bd64102999298c7b14bf1500c885a47ca5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 22:18:54 GMT
Last-Modified: Wed, 21 Sep 2022 19:42:56 GMT
Server: AmazonS3
x-amz-request-id: NK79X4ZZ1MJG32RT
ETag: "20e106366354dfddd058147bdbb03040"
Content-Type: image/png
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 14293
x-amz-id-2: q4ETz3kVAVPJtsgO5pTsJQIgDk/XmOkNK6rEwNeYX2Zsg2G1rACoHw8UF2VZV3yuJLKeyQKU4GHKLLJznGkOKuqFGKfmAcsrwthsE1CDgWI=

GET
H2 200 shutterstock-1502273063-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/ 7 KB
8 KB 13ms
10ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/shutterstock-1502273063-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=370&h=205

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

fb27b39c4e5aa8be014a6a5437bb55ef383906b8bb28d5405d5254d10bcd96d7

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 23 Apr 2023 19:01:42 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 875831
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 7304
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 256870s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230423190142_146f4_QtzG#380z
etag: "c42ae228dd654f97e810f41518a04795"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: RueRduo65oKtYHGzO5ddG88RAQdAtAar3c1BRDBkGZOPF4etWrwsag==

GET
H2 200 shutterstock-2050263041-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/ 12 KB
13 KB 13ms
11ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/shutterstock-2050263041-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=370&h=205

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

b3bc614d49c7aca41b773db1425a187f7b0ee3e431d5858d965a8ce73ef29821

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 16:06:53 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 1059120
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 12242
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 75477s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230421160653_6b966_It2k#600z
etag: "6d074a9b699bd930a46cf437a7ead362"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: 60ftgRJu9JA-Mqv8snZP5seqAX38gof9QHRElhCZBmoiC4QOHWeJEA==

GET
H2 200 shutterstock-324599408.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/ 8 KB
9 KB 14ms
12ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/shutterstock-324599408.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=370&h=205

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

02fee94c1eba7afbec24a7937b3a43bc8a71ad0a90f13ffd7da10cd5f1786f3f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 18:01:11 GMT
x-hexa-sleepingtime: 0
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 2261862
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 8030
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 2851s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230407180111_2bf43_LNL5#330y
etag: "eb06601c6c71e493e3bc8219f3154d49"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
x-hexa-deeptrace: cA;sfr:58,lrq:resized_once;reliab
timing-allow-origin: *
x-amz-cf-id: 64osAxs9MfVOqw3DoejDg2-Lxaqmw8Kus3s0wE70Uy-mCeI2YgqY5g==
x-hexa-start: 2023-04-07 18:01:11.326500

GET
H2 200 adu-maggie-ben-betty-scaled-e1679533217121.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/03/ 16 KB
17 KB 15ms
13ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/03/adu-maggie-ben-betty-scaled-e1679533217121.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=370&h=205

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

602148a87fffbf043822bdc441ce5b709cb41db4e203be40ec381a1ebf29a8e0

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 19:10:05 GMT
x-hexa-sleepingtime: 0
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 3553728
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 16562
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 65348s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230323191005_85360_oKHr#320y
etag: "d517cabd1979d19718553301793e6ba1"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: MK263tsfbjxdbHT7FFQI2eN_Zf2MqoPiKu_7deTniu5ehE41H_dcEQ==

GET
H2 200 Screenshot-2021-11-29-154837.png
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2021/11/ 20 KB
20 KB 18ms
16ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2021/11/Screenshot-2021-11-29-154837.png?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

dcced8c57bb7b1624d7cc67afde6a78dfda2112b56ffddee38148aca180ce4b8

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 16:39:57 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 20336
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 20002
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 33013019s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_009_20230503163957_ef446_CgmY#777z
etag: "c29e81c19c7bc578a3a863933e9a472d"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: gTlVXhn7dCu6OTiaIYsijVZodU0vKKz2StCMLt5P2EW7UCOlGuRcwQ==

GET
H2 200 screenshot-2023-05-02-at-3.17.24-pm-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 20 KB
21 KB 15ms
13ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/screenshot-2023-05-02-at-3.17.24-pm-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

d275cf281ca7b82e99a6ac994e58221479ea0eaf3777d64bcd103c90475d22e2

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 16:01:39 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 22634
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 20902
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 69773s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230503160139_2193b_rdUl#370z
etag: "584ab9f8176697ee6fdcda7848de995f"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: t1gOSDRo8kOLP6RVyYJI9iCqmjOibPrguDqiknF6tjkwx8JXpUP3HQ==

GET
H2 200 screenshot-2023-05-03-at-9.51.11-am.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 12 KB
13 KB 16ms
14ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/screenshot-2023-05-03-at-9.51.11-am.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

ead6a381eba40a9adfd275e8e76149eb403ca81d2dbf79e2126f5ea5bab553c3

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 15:37:12 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 24101
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 12622
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 2658s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230503153712_08892_IeZK#370z
etag: "d3cd579ddc26bd8d961de606ba41e16f"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: iW8iv27wjZxeLVcTI2aIb67yIKPmG_l4ky7adJBzeYLgfpIbqvdDvw==

GET
H2 200 zooey-zephyr.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 7 KB
7 KB 16ms
14ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/zooey-zephyr.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

ac8d24bc675e652069a3dde9386e2b0bcd4cb4e7e733a12583f1a428bc72ed4f

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 15:14:37 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 25456
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 6666
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 870s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230503151437_c7460_4vaz#777z
etag: "5ef2296f7c18455f290ecc6abbc9e56a"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: SLu55qXaKMp_RR65IgQ7Si-f2YRND8xHUjk6uzxzNZdH1O-q2GqZMg==

GET
H2 200 jeff-holcomb-florida-hate-lgbtq.png
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 10 KB
11 KB 17ms
15ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/jeff-holcomb-florida-hate-lgbtq.png?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

9397b2b387738e9fe57a739486fa8738d5d9f4e64618bcbfc32b4a0704e4a0ed

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 14:05:53 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 29580
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 10434
x-xss-protection: 1
x-hexa-initwait: first_req, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230503140550_9cdc3_RRdu#380z
etag: "e92d5c49acb905d6ed26477b438bc674"
x-resource-status: downloaded
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: A1R_w2_s1(webp)_w2_s2(png)_e(4)R
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: FoyIIVEUd5mLGc7vXIkRET2Ckp1nCEKMhHVYz0e7rGGuyvA6HvVgYw==

GET
H2 200 karinejeanpierre.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/ 19 KB
20 KB 17ms
15ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/karinejeanpierre.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

a850737601f3d30ad42147f68ef1ba63466ca56b816586366881d5d579551ecd

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 18:12:24 GMT
x-hexa-sleepingtime: 0
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 2001989
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 19870
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 14100s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230410181224_eaefc_ejpK#320y
etag: "cf9c92eac56d14c014191e7968797bd6"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
x-hexa-deeptrace: cA;sfr:11798,lrq:resized_once;reliab
timing-allow-origin: *
x-amz-cf-id: a414hjoWfuVlM76HMRlNCgTlU4_GaNTIU1JCycx314UdXig0XXlj6A==
x-hexa-start: 2023-04-10 18:12:24.142700

GET
H2 200 steven-crowder-spouse-abuse-genitals.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 27 KB
27 KB 18ms
16ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/steven-crowder-spouse-abuse-genitals.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

f820748946db28779e63d24e41128bf58612ce7187463ae22f7dde5cc0755ddc

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:07:52 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 36661
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 27238
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 465s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230503120752_e7ec6_V72g#370z
etag: "5751022615f0ef6132001cf1edf1a44d"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: UpY6_h_Sls_P5mOIK0mgDJkPJQIYA9c96UWQSrh1kCSO5Wh_13uWXA==

GET
H2 200 shutterstock-7307896-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 43 KB
44 KB 23ms
21ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/shutterstock-7307896-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

a97229c9e958921d471be27b553f9b36b694b2c113802357baa400ac871d930b

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 22:05:21 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 87212
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 43890
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 307s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230502220521_05612_4bBp#320y
etag: "fe88fa400992337deebb361727cfc739"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: gVmbVXWMB30cfkRuhfF3SQ2Ph_Hei9sHLzgu5cF1cHtMKH6WcqWzog==

GET
H2 200 cece-telfer.png
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 7 KB
8 KB 21ms
20ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/cece-telfer.png?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

0f4f7820fca74b7f87f72683e7a9a47d0a55bb6ec5eb72821e6048125a0fa2b1

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 21:01:12 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 91061
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 7620
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 4278s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230502210112_182e1_VgFf#370z
etag: "9942b94a658a1d10ced5d608b5dab1d3"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: ygG82JiU7kT5jNc88I0Kt46Pu4ujIEcnEkjknwnGK-nJq8QYX42iEQ==

GET
H2 200 rachel-maddow.png
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2021/12/ 9 KB
9 KB 18ms
17ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2021/12/rachel-maddow.png?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

2ded5124597b6d194f60e23c9cbe44b9f150ff0695068581e1f477582b2ecf04

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 30 Apr 2023 16:06:56 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 281517
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 8904
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 27326999s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230430160655_53240_iiF7#330y
etag: "b93a7345f9a73237d1cdf757f69e2358"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: II8RVEE8MjZ2tD3esFWor4OdPM74iLqFGwvLZg4Cq2l1XPyrnh_M7w==

GET
H2 200 shutterstock-714358801-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 21 KB
22 KB 19ms
17ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/shutterstock-714358801-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

4174e057be4e64a6ceda295202ffbfc9cae69ba3015568c6cdbdd200f642ec33

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 19:37:14 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 96099
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 21298
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 417s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_051_20230502193714_c545d_nJgS#777z
etag: "1a67a239df178d6f654afc8871502fa8"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: NtTyN7nDT4YzMLq-994QG2bUNVVRBPLESUAZQJuBbxtVNHxupC-LHw==

GET
H2 200 shutterstock-106732691.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 33 KB
34 KB 19ms
18ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/shutterstock-106732691.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

0a5c84fe649b14d96e13f821d43124e066af3a25facc7189737956f682c07721

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 19:06:57 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 97916
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 33564
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 212s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_002_20230502190657_8aa9c_JurS#380z
etag: "e72c85e208e902857b880381e053637c"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: D0SGYnGx7phx_R9eHg-hc44YuYBElehiQSWpD9eI0-M7rkdturGrgw==

GET
H2 200 transgender-affirming-bible-verses-scaled.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/ 16 KB
17 KB 22ms
20ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/04/transgender-affirming-bible-verses-scaled.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

b6047eb3716ad9bd80022dd0c86875f17e10073f63bc84f6c3f299e1074c6f30

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 18:31:40 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 100033
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 16336
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 98650s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_009_20230502183140_7dabc_Eeos#330y
etag: "6d3a5e63f579e02ce0215d4542943ab2"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: yy-UL9-1_vxLmZmfWcF3Ju-GHEMxEtgYHV9cJbu4cmwMihJK9NTcug==

GET
H2 200 dwyanewademetgala.jpg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/ 15 KB
16 KB 20ms
18ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2023/05/dwyanewademetgala.jpg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=490&h=334

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

35f2f2368016ce645c562760615bf6da82527619fc85092f59df11f867183c77

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 17:02:52 GMT
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 105361
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 15454
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 5120s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_018_20230502170252_c0059_7Yth#330y
etag: "ce18270e02edc73c93bc5bee16a47ca9"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
x-hexa-flowtrace: AnRRR
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: 2fkrnvrvYJkAyae8oAb7qGc2CEbA4iq56JKj_USYpjyRUP4yPebzLQ==

GET
H2 200 lgbtq-nation-logo-stacked-white.svg
user.gemvpn.xyz/images/logos/ 5 KB
3 KB 48ms
45ms Image
image/svg+xml 91.107.188.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://user.gemvpn.xyz/images/logos/lgbtq-nation-logo-stacked-white.svg

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.107.188.26 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.24.0 /

Resource Hash

98fdb39d4187158aee8f3d65a6eff96564ccdf4126d3e04aa71a4650b14268c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:00 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 103958
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-nk5mx
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000179-CHI, cache-fra-eddf8230124-FRA
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: nginx/1.24.0
x-timer: S1683048376.881922,VS0,VE1
etag: W/"645142d6-1461"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mS8Re5ZyOP0CgpQZsHrE3diCssGGW4WVaTE6St3WhseKiX5JMsUtHVnWJZpdeEFCvs67HluRkmWfLciWTiRxZAj9J4bW1k13eNQryu6EOIXDo3sOQ%2FTm%2BpTVaF7goM9mGVoC4W0cPBi7ubf8yA9HxItS"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 50005b2d-e90c-11ed-8145-2ecbc81e1adc
cache-control: max-age=31622400
cf-ray: 7c1be1e2f82f9bb9-FRA
x-cache-hits: 16, 1

GET
H2 200 q-digital-logo-dark-gradient.png
user.gemvpn.xyz/images/logos/ 5 KB
6 KB 48ms
46ms Image
image/png 91.107.188.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://user.gemvpn.xyz/images/logos/q-digital-logo-dark-gradient.png

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

91.107.188.26 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.24.0 /

Resource Hash

90cc26f6c16ba3e4fd9be51d540a190ac8bfe09372758e7548a371bff73e14b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:10:58 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104453
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-crpjc
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5542
x-served-by: cache-chi-kigq8000153-CHI, cache-fra-eddf8230118-FRA
last-modified: Tue, 02 May 2023 17:05:23 GMT
server: nginx/1.24.0
x-timer: S1683047880.051837,VS0,VE15
etag: "645142d3-15a6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nAAIEMLUMpfYqw9NBXVwHHW2InKfrN%2Fgzgux1W2gjEtXLZSp3Bvgv%2FLL1ie88DnpfJbQy6l57Fz7BFc9CxG3ig222YlZrF1Tq6epI4ckxswas4ZOhV1SnHnyOkgzm%2BHVgI98uncr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-styx-req-id: 4e9dda1f-e90c-11ed-a37c-d2ed9f824b70
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 7c1be1e2f9c4bbf5-FRA
x-cache-hits: 15, 1

GET
H2 200 cookie-law-info-table.css
www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/css/ 5 KB
2 KB 17ms
17ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/css/cookie-law-info-table.css?ver=2.3.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

484d2a59ebf4bec600c4d20aed383a0a38ee33d6d7043d31c0fcc423143222b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104454
cf-polished: origSize=6366
content-encoding: br
x-cache: HIT, HIT
x-cache-hits: 15, 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100163-CHI, cache-fra-eddf8230025-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: cloudflare
x-timer: S1683047880.774800,VS0,VE2
etag: W/"645142d6-18de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RIepxIDTZUiSFXWTejq9n9ROEHIfxdC1AeymhxJUjcO%2BXB9%2FROnQ%2BeK5HJBKcJTCZkJ3YQMQU8CpANlCxZQ4eHbjDq5mvcwl2ypS9BB2EZaVF9ckQB%2Fk931d8CiNkucuI8ti9aRXx4ABgmAm4jx2%2FsRg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 50191de3-e90c-11ed-9251-d60409dc0553
cache-control: max-age=31622400
cf-ray: 7c1be1e22b69bbce-FRA
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-m7g5m

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://q-digital.videoplayerhub.com/galleryplayer.js?ver=20210324
https://btloader.com/tag?h=q-digital&upapi=true

14 KB
7 KB

41ms
15ms

Script
application/javascript

2606:4700:20::681a:78b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=q-digital&upapi=true
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Server: 2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55e88320751e3d91706367442e5df402ef8c51454ebc0161e7627ceba85bc1da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 03 May 2023 21:17:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3466
etag: W/"a67ebefd373f1cf07e7430b25e9ff09a"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xLcrL5nU9yeNiDKoEKVgHPZQbtvFdiWC0%2FgF5KatJpOaMaIk%2BD6pACG%2BkjOSPmw4gdhMkjutsF71%2Bf%2BFjVbfALhAOih2qGFFT0Qo0rss8k7y5vtGu2chBp6e0uc2r0rbCb1uf0Q4jOVY1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7c1be1e2be389b40-FRA

Redirect headers

date: Wed, 03 May 2023 22:18:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0BI2Zy1p73U1Cc4b%2Fhu7OxVljJNYECBbuFU5Fco%2FjfhRBSoiKS3cOL0oASKBRnyMMWiK0AnM4WnZQmNBmr1KtfDRIKerHem15FTkMnxdmpvoJ3G2gcrEYx1pVbc5gg9YxySGWm9T9TIuJG5itNbNMpU%2BIaNUaqQYysE%3D"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=q-digital&upapi=true
cache-control: max-age=3600
cf-ray: 7c1be1e25e9337e0-FRA
expires: Wed, 03 May 2023 23:18:53 GMT

GET
H3 200 thickbox.js Show response
www.lgbtqnation.com/wp/wp-includes/js/thickbox/ 10 KB
4 KB 18ms
18ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp/wp-includes/js/thickbox/thickbox.js?ver=3.1-20121105

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5d1743ca0b4b8db7aa3d4aee6aec8e0054dfd2abfa97ad8dd70693656be88c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:14:58 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85925
cf-polished: origSize=13242
content-encoding: br
x-cache: HIT, MISS
x-cache-hits: 19, 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000101-CHI, cache-fra-eddf8230051-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: cloudflare
x-timer: S1683066408.235050,VS0,VE119
etag: W/"645142d6-33ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PAFKTy5jZB4AmMJAj7Yp3K85Rt391EbDH84J%2FkAzcm1m88LT4EAdHq%2BiDR72Pam2nrj65TBVn8ztxSC3dbm6lR5ESNvheQDFobdQ3%2B3fUW7IS6UbOyfHb1I6e9cFFYR%2BeH1ZdmGLHrDB%2Fy2jHg2cbmLN"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: dd62a7a9-e90c-11ed-b29b-3674233cca68
cache-control: max-age=31622400
cf-ray: 7c1be1e268ab6997-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-5chg9

GET
H3 200 pnotify.min.js Show response
www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/vendors/pnotify/ 28 KB
8 KB 22ms
18ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/vendors/pnotify/pnotify.min.js?ver=1.2.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1563de63068e769447daece44fa71e8cfe861ac1cafd1be5bce0d71007b5d0fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 22:24:58 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85925
content-encoding: br
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-zhff9
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000146-CHI, cache-fra-eddf8230044-FRA
last-modified: Tue, 02 May 2023 22:23:42 GMT
server: cloudflare
x-timer: S1683066408.239459,VS0,VE105
etag: W/"64518d6e-6ffc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JTDhGyK6VnzDe4dkjElD3RgmRwW2xWg8WuF6ZqrMXoZW8nLpPR0Wsprki9dAIaR6f8lMp98yksEfoM6gHEAiIBGUKZ2OawEpvpBoYfeSX0Prxmq01GG7ZE3hhc8%2FGiQb30fMhfpRKQBD9vru1T%2FiHD%2FZ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 2bee49bb-e938-11ed-a548-7a8434a2fe44
cache-control: max-age=31622400
cf-ray: 7c1be1e2c8fd6997-FRA
x-cache-hits: 17, 0

GET
H3 200 sharer.js Show response
www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/vendors/sharer/ 16 KB
6 KB 25ms
21ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/vendors/sharer/sharer.js?ver=1.2.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

173e480c8155229cba065125c797fc03ed7c755acabcb148f2d0745ade9fed8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 22:24:58 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85925
cf-polished: origSize=23201
content-encoding: br
x-cache: HIT, MISS
x-cache-hits: 18, 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000172-CHI, cache-fra-eddf8230096-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 22:23:41 GMT
server: cloudflare
x-timer: S1683066408.239690,VS0,VE103
etag: W/"64518d6d-5aa1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XljzO%2F7hxkZL%2F%2Fk5ms7FFfvGtmXnWUcAzxjwajp33DKcnsS1uDDQNm6iC0fY1Vma2oSu0pnFv4wsexL%2BNJLDto%2FI5W%2BesyqFKeD5vGQvR6y8j6yXJCawABwTGNidW6c5NY8nACAPT8ZuqISGxwWRPthO"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 2bee3c67-e938-11ed-b29b-3674233cca68
cache-control: max-age=31622400
cf-ray: 7c1be1e2c9006997-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-5chg9

GET
H3 200 frontend.js Show response
www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/frontend/js/ 23 KB
6 KB 21ms
15ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/onionbuzz/static/frontend/js/frontend.js?ver=1.2.7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c778bda3094da12779de09d802a68b515e0a90d419fb4847f1289560ec56db39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 22:24:58 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85925
cf-polished: origSize=42015
content-encoding: br
x-cache: HIT, MISS
x-cache-hits: 16, 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-klot8100163-CHI, cache-fra-eddf8230075-FRA
cf-bgj: minify
last-modified: Tue, 02 May 2023 22:23:41 GMT
server: cloudflare
x-timer: S1683066408.244173,VS0,VE137
etag: W/"64518d6d-a41f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FptGsEiP4X4D9KUyB5tnmQXXJvJakrRfZh5wRZHA7yOtIVJPGKHzI4RR6FECa%2FiHfVh8m2jrv06BE1eqcx8qeG9V8P553lb8rR1wffIDhItxX96mro35anxQcvzJEQea4V7EeadCUXghg6XNwwvaV2j"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 2bed6b56-e938-11ed-a37c-d2ed9f824b70
cache-control: max-age=31622400
cf-ray: 7c1be1e2c9046997-FRA
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-crpjc

GET
H3 200 vticker.min.js Show response
www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/resources/assets/scripts/ 4 KB
2 KB 19ms
14ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/resources/assets/scripts/vticker.min.js?ver=v1.21

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e7e6536b9e185170f0846482b8b50e4eadfdcf096a0cfece62b946d43750282

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:06 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 103809
content-encoding: br
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-zhff9
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000071-CHI, cache-fra-eddf8230065-FRA
last-modified: Tue, 02 May 2023 17:05:27 GMT
server: cloudflare
x-timer: S1683048525.592670,VS0,VE105
etag: W/"645142d7-11c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bovjk6mjxJo3QDLJkXasL3rsU9bKHO1zbVDZQgZQub3BhzdTHgTp1lqDECMu5LA5OXfoMdwLdBUChLwXobcu2pKrw2dLdjJBxxvYbPBQTKd8Nc1rISQqZWAI90HCxN73eNTemWwOHzQwCt%2BlKeAUmhkW"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 53505f34-e90c-11ed-a548-7a8434a2fe44
cache-control: max-age=31622400
cf-ray: 7c1be1e2c9066997-FRA
x-cache-hits: 10, 0

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 42ms
17ms Script
application/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=6.1.1

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1610
etag: W/"06f50014011c1fcd9e21b6b0481979de"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7c1be1e2fa2f19a0-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 06 May 2023 22:18:53 GMT

GET
H3 200 helper.min.js Show response
www.lgbtqnation.com/wp-content/plugins/optinmonster/assets/dist/js/ 2 KB
2 KB 20ms
15ms Script
application/x-javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.13.1

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed4a940faeaa3dc23dad3af003a54680db0da12d22214094dc171e0d10c3ca12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:01 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 103809
content-encoding: br
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-zhff9
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000173-CHI, cache-fra-eddf8230104-FRA
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: cloudflare
x-timer: S1683048525.631873,VS0,VE1
etag: W/"645142d6-9d4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2SHyhhzOea6ch3Ab2x25aYQtqkZqes8FFszwuctLarT0JCnQcap8U7P5T7hnzojUn79rZN8VFa%2BuMHOcisZeDAYjdQ910JbsyDd1HRzBhushYwL8w2D8lV5IKSuPInpqnA3dyukxqyzhB8CFNz1Tqhw9"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 50196b44-e90c-11ed-a548-7a8434a2fe44
cache-control: max-age=31622400
cf-ray: 7c1be1e2c9076997-FRA
x-cache-hits: 16, 1

GET
H2 200 p.js Show response
cdn.parsely.com/keys/lgbtqnation.com/ 59 KB
22 KB 37ms
8ms Script
application/javascript 18.66.100.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/lgbtqnation.com/p.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.100.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-100-58.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 04a93b12a645d07f4fb317582ecc4d739c1070aad68a46e69569aa1477076302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: public
date: Wed, 03 May 2023 03:21:43 GMT
content-encoding: gzip
via: 1.1 c2e56cd54e2593df95ccca8a6d98c958.cloudfront.net (CloudFront)
last-modified: Wed, 08 Feb 2023 17:40:36 GMT
server: nginx
x-amz-cf-pop: FRA56-P2
age: 68430
etag: W/"63e3de94-eaec"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: 8XbY0nAeSsC8tUb-8SYQOx3KDBUeUtyUYA_DUekJL72i6Be4XNMOMA==
expires: Thu, 04 May 2023 03:18:23 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305010101/ 401 KB
124 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305010101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

282b1607a57a6bef203e6016dc849f5162dd0ceae9d12296d476344afefffe41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 03 May 2023 10:50:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41301
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126853
x-xss-protection: 0
server: cafe
etag: 4617370205818610952
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 02 May 2024 10:50:32 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 48 B
75 B 55ms
41ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=user.gemvpn.xyz

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ee95ca75e715cd10da53905ac68765b8a130e8c13762c10b3ac2a33db819126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51
x-xss-protection: 0
expires: Wed, 03 May 2023 22:18:53 GMT

GET
H2 200 / Show response
geo.adspsp.com/ 4 B
340 B 337ms
290ms XHR
text/plain 2600:9000:2490:a200:1e:7118:9c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.adspsp.com/
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:a200:1e:7118:9c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c6c3342285049f5853f348e007471b75ec2a5d3966dbe7fc3e908fc530bcac37

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 bb5a1c03f2335d92378a3e68542733da.cloudfront.net (CloudFront)
x-adb-procip: 2001:ac8:20:272::2e, 130.176.223.181
x-adb-rmadr: ::ffff:10.0.1.170
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
access-control-allow-origin: *
x-adb-fwdip: 2001:ac8:20:272::2e, 130.176.223.181
content-length: 4
x-amz-cf-id: z9SwbFmCPK8HzslVOEzsSdHoM7uWErzPIdHpmC_hggTuAv144-AaGw==

GET
H2 403 .js
dyv1bugovvq1g.cloudfront.net/47/user.gemvpn.xyz/ 0
0 440ms
394ms Script
application/xml 2600:9000:223e:7a00:5:82fd:2500:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dyv1bugovvq1g.cloudfront.net/47/user.gemvpn.xyz/.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:7a00:5:82fd:2500:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 421ms
408ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
x-amz-version-id: ZtsI5FMPcYjgnUSe6fFwOoK3szNfqbqS
content-encoding: gzip
via: 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Thu, 27 Apr 2023 23:46:51 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: DDdOMYY-lP_QjAUQisH5LStArl8JjAKq6H2o4hdcsofjEVZ5A5Xtmg==

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 33ms
8ms Script
application/javascript 13.32.99.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 05:40:27 GMT
content-encoding: gzip
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5e.cloudfront.net (CloudFront)
last-modified: Thu, 09 Mar 2023 09:22:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 59907
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: A4x329WOnITFdcDo6ljaILvdHoSNe5HYAXQ-Fg7X5R1_vgPQefFvQA==

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 61ms
8ms Script
application/javascript 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f3f47d6a938ede7a828ca47022eee50835e4c9375f7ca41581fa94e25c8e950e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: gzip
etag: "DUHyBE1e2vdA+NAhXV6BXg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Wed, 10 May 2023 22:18:53 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 50 KB
19 KB 62ms
13ms Script
application/javascript 2400:52e0:1e00::865:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::865:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-865 /
Resource Hash: d7c20247857c9627b5552e890b46e76d22ae989102eeffb9ab5f62df6b1c9002

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
cdn-edgestorageid: 722
perma-cache: HIT
cdn-storageserver: DE-197
cdn-cachedat: 05/03/2023 11:24:46
cdn-pullzone: 293267
last-modified: Tue, 02 May 2023 20:35:19 GMT
server: BunnyCDN-DE1-865
cdn-fileserver: 370
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"64517407-c83b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 15a91bc1cf7bd453830c7ec9c82deeca
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 lgbtq-prime-backer-scaled.jpeg
abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2022/09/ 16 KB
16 KB 20ms
19ms Image
image/webp 52.222.236.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abuwjaawap.cloudimg.io/v7/_lgbtqnation-assets_/assets/2022/09/lgbtq-prime-backer-scaled.jpeg?&auto=format&auto=compress&crop=faces&fit=crop&gravity=face&w=1700&h=400

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-4-150.fra56.r.cloudfront.net

Software

Scaleflex HTTP Loadbalancer /

Resource Hash

8054bde23ce4fab74f3b298fb0c65091af2f3d400d0151c1c27642cec86ef514

Security Headers

Name	Value
Content-Security-Policy	default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 03:23:39 GMT
x-hexa-sleepingtime: 0
via: 1.1 e37b7824685046c107e13d08c43993fc.cloudfront.net (CloudFront)
x-hexa-masterrefresh
x-hexa-originusedcode: 200
x-amz-cf-pop: FRA56-P4
age: 5943314
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:
x-origin-visibility: OV_NORMAL_FILE
x-cache: Hit from cloudfront
content-length: 16112
x-xss-protection: 1
x-hexa-initwait: probably_cached, first_req 202991s ago, no_wait
server: Scaleflex HTTP Loadbalancer
x-cloudimg-traceid: CiI_013_20230224032339_a815a_dvlx#380z
etag: "a5d0c1f2346da58c8ce998df2238b6a8"
x-resource-status: cached_resized
access-control-allow-methods: POST, GET, OPTIONS
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000, s-maxage=31536000, public
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: MTesM8OA5UJPh9TrsyN13nQxQBFJKKbAmtRhatxPDuozjgrSSbdY3Q==

GET
H3 200 pattern-flag2.png
www.lgbtqnation.com/images/backers/ 47 KB
48 KB 17ms
17ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lgbtqnation.com/images/backers/pattern-flag2.png

Requested by

Host: www.lgbtqnation.com
URL: https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/main.css?ver=1683122433

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7bab3a5f1889bcc91ab6563837a4b1b827239d8d5bb61741f6d4d7417c32ab55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/main.css?ver=1683122433
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:02 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 103809
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe4-a-5cfc8c548-pqhqh
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 48060
x-served-by: cache-chi-kigq8000025-CHI, cache-fra-eddf8230080-FRA
last-modified: Tue, 02 May 2023 17:05:27 GMT
server: cloudflare
x-timer: S1683048525.654938,VS0,VE3
etag: "645142d7-bbbc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KcMOCoGBnIaKhAH4PA6IGSwZjmOmA%2Fr21N2ObNqgsOdONdf5XnKFXBnR%2BpJ0cy68d1Gi66RzckhzSXA9e%2BRQKme%2FlKjWfddnTzggeZQADXgPMnRHjnM9gyXBWp4FSPxnAky3P8iPLNAuAWju0NY1ldCi"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-styx-req-id: 50d9cd11-e90c-11ed-8d30-9a8294422577
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 7c1be1e3193c6997-FRA
x-cache-hits: 16, 1

GET
H3 200 mdicon.ttf
www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/fonts/ 15 KB
16 KB 29ms
18ms Font
application/x-font-ttf 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/fonts/mdicon.ttf?1qswia

Requested by

Host: www.lgbtqnation.com
URL: https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/main.css?ver=1683122433

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41961eb9e8787489bf7cdb2cc200741edd327c62d55832a446fb40b673b5d32a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

Referer: https://www.lgbtqnation.com/wp-content/themes/lgbtqnation-2019/assets/styles/main.css?ver=1683122433
Origin: https://user.gemvpn.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:11:00 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-crpjc
x-cache: HIT, HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-chi-kigq8000098-CHI, cache-fra-eddf8230094-FRA
last-modified: Tue, 02 May 2023 17:05:23 GMT
server: cloudflare
x-timer: S1683152333.310759,VS0,VE0
etag: W/"645142d3-3dd8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82Uap07sN4XGXiyfVJGo%2Fai2K2iJTvNFJFW36A1d2CoVOwNuiA96BEJPrBkY%2BTffbRxObnF0SvRSEF0HdNoO%2Blf8Vb%2BINWoeOroSKQm6qCvvQoZPLn0lK1pqYjSkO58dhguR4%2FNM0klqUxVKxJuVAGxI"}],"group":"cf-nel","max_age":604800}
content-type: application/x-font-ttf
access-control-allow-origin: *
x-styx-req-id: 4f8f243a-e90c-11ed-a37c-d2ed9f824b70
cache-control: max-age=31622400
cf-ray: 7c1be1e32c79bb73-FRA
x-cache-hits: 16, 2

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 29ms
5ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=PT+Serif:ital,wght@0,400;0,700;1,400&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://user.gemvpn.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 06:10:15 GMT
x-content-type-options: nosniff
age: 403718
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 06:10:15 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 35ms
11ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=PT+Serif:ital,wght@0,400;0,700;1,400&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://user.gemvpn.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 17:25:47 GMT
x-content-type-options: nosniff
age: 363186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 17:25:47 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 31ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=PT+Serif:ital,wght@0,400;0,700;1,400&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://user.gemvpn.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 06:22:44 GMT
x-content-type-options: nosniff
age: 402969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 06:22:44 GMT

GET
H2 200 EJRVQgYoZZY2vCFuvAFWzr8.woff2
fonts.gstatic.com/s/ptserif/v18/ 32 KB
32 KB 37ms
14ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptserif/v18/EJRVQgYoZZY2vCFuvAFWzr8.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=PT+Serif:ital,wght@0,400;0,700;1,400&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://user.gemvpn.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 17:41:19 GMT
x-content-type-options: nosniff
age: 103054
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33116
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:52:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 May 2024 17:41:19 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
870 B 39ms
14ms Image
image/gif 2606:4700:20::681a:346
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1285649
x-guploader-uploadid: ADPycdtofWi2ROsRhgUeHdaHIFi5CkrRDuyJu23b2NMTdlDzyz23cVaFIJWBeN_oGAa5ZjqbexOyPinclJoSKSh3oAxGaQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oo%2FX4M4dc2saUBWdZOrVgELGrNI38lLogRoY33Na2fSMrnyhfKw%2F1W8bx%2FtcCjabY%2B8N5%2FXpa8su0dv%2F6Y%2FfV51o7cQ0mqo%2FU6OTSifLYmfv3z%2FfxEX0o%2BlnS9pW4hTgK0NCaeHqrkOFgGQ0%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7c1be1e3c8b56934-FRA
expires: Wed, 19 Apr 2023 02:11:24 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
572 B 33ms
6ms Image
image/x-icon 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 03:18:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68417
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 May 2023 03:18:36 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
337 B 39ms
14ms Image
image/gif 2606:4700:20::681a:346
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.709778335410922
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1285649
x-guploader-uploadid: ADPycdtofWi2ROsRhgUeHdaHIFi5CkrRDuyJu23b2NMTdlDzyz23cVaFIJWBeN_oGAa5ZjqbexOyPinclJoSKSh3oAxGaQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a5C7eMsp8CYuTmOsF3mRGKmOI1hre2bM5r8IbU7U6lALe%2BymD90FB%2B5iD7kH%2BSeA0Y4ArO6PkbuDAFb1GMWG7N5ArnkCHmJJao3ubmaaMn%2Fp0209iHgaqUqYdSOAcpJFfzuCCvHjNUVBu8yFPg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7c1be1e3c8b66934-FRA
expires: Wed, 19 Apr 2023 02:11:24 GMT

GET
H/1.1 204
No Content /
adspsp.com/pt/2634970/19/1/ 0
110 B 703ms
172ms Image
image/png 54.186.25.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adspsp.com/pt/2634970/19/1/?a=2,a2lh89fw683XqpK7vaYD,hKRZLK6ZSr&aa=00Gumh&b=&e=&c=https%3A%2F%2Fuser.gemvpn.xyz%2F&d=&f=1.lh89fvy6.1T7u&g=1Tdc&u=116e1332:lh6sexwl:3if&v=18g.xc.0.3js.1.0&m=z&rnd=1683152333407
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.186.25.31 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-25-31.us-west-2.compute.amazonaws.com
Software: linux /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Server: linux
Connection: keep-alive
Content-Length: 0
Content-Type: image/png

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
260 B 143ms
33ms Image
image/gif 52.17.99.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1683152333424&plid=ec14ce36-33be-4719-b709-286dfc56aaaa&idsite=lgbtqnation.com&url=https%3A%2F%2Fuser.gemvpn.xyz%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22parsely%3Ametadata-detection%22%3A%7B%22version%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.lgbtqnation.com%2F%22%2C%22hash%22%3A1643541504%7D%7D&sid=1&surl=https%3A%2F%2Fuser.gemvpn.xyz%2F&sref=&sts=1683152333419&slts=0&title=LGBTQ+Nation+-+The+Most+Followed+LGBTQ+News+Source&date=Wed+May+03+2023+22%3A18%3A53+GMT%2B0000+(GMT)&action=pageview&pvid=5877ce0e-b20d-4cdc-b50f-3751cbf011b4&u=pid%3D4365927b-b6a2-48c8-8fed-db4192a2ca4a
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.99.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-99-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 22:18:53 GMT
Cache-Control: no-cache
Last-Modified: Wednesday, 03-May-2023 22:18:53 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 118ms
94ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://user.gemvpn.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 May 2023 22:18:53 GMT
server: nginx/1.21.6
via: 1.1 google

POST
H2 200 1a Show response
i.clean.gg/ 0
104 B 96ms
95ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 25ms
24ms Script
application/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2038
etag: W/"2cf94922e2d551e8dc7c38c022a9a3ca"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7c1be1e40bc119a0-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 06 May 2023 22:18:53 GMT

GET
H2 204 b
sb.scorecardresearch.com/ 0
223 B 8ms
8ms Image
text/plain 13.32.99.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=32666898&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1683152333454&ns_c=UTF-8&c7=https%3A%2F%2Fuser.gemvpn.xyz%2F&c8=LGBTQ%20Nation%20-%20The%20Most%20Followed%20LGBTQ%20News%20Source&c9=
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-21.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5e.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: gtb82d_ThGH-Sytc2RcJ9eaAs2tAO8hJ0oDx15gFbM0lWDZ3UI7Ghg==
x-cache: Miss from cloudfront

GET
H2 200 rules-p-3a_FtJ1e9ZPvw.js Show response
rules.quantcount.com/ 160 B
633 B 36ms
6ms Script
application/javascript 2600:9000:223c:b200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-3a_FtJ1e9ZPvw.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:b200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ce140ac48b3492e399d34cb78d7eb1c5893dfa69e632d93aa1b4fdfa86d9cdc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:06:35 GMT
via: 1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Fri, 14 Oct 2022 06:34:22 GMT
server: AmazonS3
etag: "4c5223e17fc0fe5eb693d53a2a0b619c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: 9MjV6PFvJo44PXWPH_8MOVnPPF6KNHft-IRy1KYbE_wvBy-zwi5mzQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 199 KB
72 KB 45ms
23ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V18NBPRHD7

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c4dfacc34a22af39c01a46b6c333a98342ec9708d2600aeee8a4bd9888b01935

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 73472
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 May 2023 22:18:53 GMT

GET
H3 200 loadingAnimation.gif
www.lgbtqnation.com/wp/wp-includes/js/thickbox/ 15 KB
16 KB 14ms
14ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lgbtqnation.com/wp/wp-includes/js/thickbox/loadingAnimation.gif

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

expires: Thu, 02 May 2024 17:14:58 GMT
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=31622400
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85924
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe4-b-84cb564dbb-5chg9
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15238
x-served-by: cache-chi-kigq8000150-CHI, cache-fra-eddf8230111-FRA
last-modified: Tue, 02 May 2023 17:05:26 GMT
server: cloudflare
x-timer: S1683066409.331335,VS0,VE105
etag: "645142d6-3b86"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qRbEhYZ%2FGRK3NTvchLMXqeX5dam2TkEiBrXjbyWV%2BuqD77HypqK3TNSyCer6UWAkCbMz2dYVaCviCgHGzFHGFiSHTW2RFyk4RmYMPuAHXGX8ZlDMQfK4ebA1FRaUGOdWwGiox8XuG5ooztkOH%2FQGP%2BJJ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-styx-req-id: dddf0628-e90c-11ed-b29b-3674233cca68
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 7c1be1e45a556997-FRA
x-cache-hits: 16, 0

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 18 KB
3 KB 14ms
13ms Stylesheet
text/css 2400:52e0:1e00::865:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::865:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-865 /
Resource Hash: 103f4d3fbc08fff41f2ddb722186887b3d8977d2a7da27e7ed0f2f5752dc339f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
cdn-edgestorageid: 863
perma-cache: HIT
cdn-storageserver: DE-199
cdn-cachedat: 05/03/2023 11:35:09
cdn-pullzone: 293267
last-modified: Tue, 02 May 2023 20:35:20 GMT
server: BunnyCDN-DE1-865
cdn-fileserver: 370
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"64517408-464c"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5986174db70e76852243d46295e21f9d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 404 qun2nne3a2xz7mclcnpb Show response
api.omappapi.com/v2/embed/40711/ 184 B
552 B 245ms
206ms XHR
application/json 18.66.112.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/40711/qun2nne3a2xz7mclcnpb
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-59.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 20bb9969f332eb427b8423e0b8ba0a2509e3afb1c18ca415aa2adb05c6b8a575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
x-user-agent: standard--
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-cache-config: 0 0
server: Pagely Gateway/1.5.1
x-amz-cf-pop: FRA56-P5
vary: Accept-Encoding, User-Agent
x-cache: Error from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-CSRF-Token
content-length: 184
x-amz-cf-id: VuMAHpiCQUJ_uFfbPulpTXeNn1iDOT6Gl2l8HPZ0JI80qX8QBkNLKA==

GET
H2 404 wwuruqctmkqmwftvq8q1 Show response
api.omappapi.com/v2/embed/40711/ 184 B
550 B 209ms
173ms XHR
application/json 18.66.112.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/40711/wwuruqctmkqmwftvq8q1
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-59.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 20bb9969f332eb427b8423e0b8ba0a2509e3afb1c18ca415aa2adb05c6b8a575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
x-user-agent: standard--
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-cache-config: 0 0
server: Pagely Gateway/1.5.1
x-amz-cf-pop: FRA56-P5
vary: Accept-Encoding, User-Agent
x-cache: Error from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: X-CSRF-Token
content-length: 184
x-amz-cf-id: wbseTMJMch0DTckl2c3ROY_5V7yL6qTwFKftFQk1DVaejwgHopMi0Q==

GET
H2 200 753447 Show response
api.omappapi.com/v1/optin/40711/ 2 B
610 B 132ms
99ms XHR
application/json 18.66.112.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v1/optin/40711/753447
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-59.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: FRA56-P5
x-cache-status: HIT
x-cache: Miss from cloudfront
content-length: 2
x-optinmonster-campaign: z1swjyvgvwtikcpcutyf
x-user-agent: standard--
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: Pagely Gateway/1.5.1
etag: "b91e5dc54e033e761837b7b846da520f"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: yImKdS6CsljU4mifvuY8PKmk9dCqoNF_7Ibc_Pn7zB_PI6e-zUpUhg==
expires: Wed, 03 May 2023 22:09:31 GMT

GET
H2 200 735503 Show response
api.omappapi.com/v1/optin/40711/ 2 B
609 B 124ms
98ms XHR
application/json 18.66.112.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v1/optin/40711/735503
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-59.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: FRA56-P5
x-cache-status: HIT
x-cache: Miss from cloudfront
content-length: 2
x-optinmonster-campaign: tpdn2jrl6qeglircpvdg
x-user-agent: standard--
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: Pagely Gateway/1.5.1
etag: "b91e5dc54e033e761837b7b846da520f"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: CEDi5pEA97bKs5ez1avTOtfE3TgwFV4km76CbBehfrOibqeSTAAFMw==
expires: Wed, 03 May 2023 22:14:28 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
303 B 105ms
105ms XHR
text/plain 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fuser.gemvpn.xyz&pubid=ca0a1be3-4fa6-40a0-bcab-b3d35d8368f1
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-cache: Miss from cloudfront
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: r6ooXtsFraDuP_7YhTH87BYTQB0vA5I-1-1R5nuIvX7n94DtQoa7Sw==

GET
H2 200 738340 Show response
api.omappapi.com/v1/optin/40711/ 2 B
610 B 281ms
278ms XHR
application/json 18.66.112.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v1/optin/40711/738340
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-59.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: FRA56-P5
x-cache-status: HIT
x-cache: Miss from cloudfront
content-length: 2
x-optinmonster-campaign: dkvmv3ha6mkszuqmt2ge
x-user-agent: standard--
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: Pagely Gateway/1.5.1
etag: "b91e5dc54e033e761837b7b846da520f"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: uz2hgJ2RprLLX64YCE_ho4wnuedM7R0KFi4uTTl2gbVfKj7wQ-wkkw==
expires: Wed, 03 May 2023 22:14:28 GMT

GET
H2 200 804750 Show response
api.omappapi.com/v1/optin/40711/ 2 B
609 B 279ms
278ms XHR
application/json 18.66.112.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v1/optin/40711/804750
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-59.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: FRA56-P5
x-cache-status: HIT
x-cache: Miss from cloudfront
content-length: 2
x-optinmonster-campaign: cz5ftynarx6ryt5eqdpt
x-user-agent: standard--
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: Pagely Gateway/1.5.1
etag: "b91e5dc54e033e761837b7b846da520f"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: 8zIbNrcXbrC4Ltw7wXy9RXaZ-xEeD_zkfeUVZbaA-V6djRlPM_80-g==
expires: Wed, 03 May 2023 22:09:31 GMT

GET
H2 200 pixel;r=1872726215;rf=0;a=p-3a_FtJ1e9ZPvw;url=https%3A%2F%2Fuser.gemvpn.xyz%2F;uht=2;fpan=1;fpa=P0-1830975189-1683152333455;pbc=;ns=0;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;ref=;d=gemvpn....
pixel.quantserve.com/ 35 B
372 B 9ms
8ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1872726215;rf=0;a=p-3a_FtJ1e9ZPvw;url=https%3A%2F%2Fuser.gemvpn.xyz%2F;uht=2;fpan=1;fpa=P0-1830975189-1683152333455;pbc=;ns=0;ce=1;qjs=1;qv=93f4cf8b-20230329153214;cm=;gdpr=0;ref=;d=gemvpn.xyz;dst=0;et=1683152333552;tzo=0;ogl=site_name.LGBTQ%20Nation%2Ctype.website%2Ctitle.LGBTQ%20Nation;ses=0baaf23b-f680-40ac-8a7e-7565ae6b2d88

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/780445e1-e0f5-4511-946c-e03913687877/ 3 KB
2 KB 63ms
54ms Script
text/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/780445e1-e0f5-4511-946c-e03913687877/web?callback=__jp0

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59b7c4357c12c478b9050bc1727b1280602e3069b752b38ee2e7e599d8079498

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: EXPIRED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 67ef9145-9ac3-4efd-b729-477ddb8605aa
x-runtime: 0.024490
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"59b7c4357c12c478b9050bc1727b1280"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 7c1be1e4cc7219a0-FRA
access-control-allow-headers: SDK-Version
expires: Wed, 03 May 2023 23:18:53 GMT

GET
H2 200 oPS.js Show response
d15kdpgjg3unno.cloudfront.net/ 109 KB
24 KB 32ms
6ms Script
text/javascript 2600:9000:2490:e200:11:b309:9100:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:e200:11:b309:9100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1ad80e243b7deca52718ccec392c5984b03fe92e8be029d5b8eda64fb05f5ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 14:18:42 GMT
x-amz-version-id: Pyv71cMvmkRYITskMYBZSfUHb8ks7lOe
content-encoding: gzip
last-modified: Wed, 03 May 2023 14:18:38 GMT
server: AmazonS3
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
etag: W/"a8eb2a9d09b2ff4e9f7fc437f3250c12"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=84600
age: 28812
x-amz-cf-id: IqD8Nu8sxVHfvl-dRl85TxiGEGiqf2yeMjiVpzgQX2dQxSGDM5POsQ==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
463 B 535ms
329ms XHR
text/javascript 108.138.4.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fuser.gemvpn.xyz%2F&pid=bjlJVpmSw2eHW&cb=0&ws=1600x1200&v=23.426.459&t=2000&slots=%5B%7B%22sd%22%3A%22adbridg_ad_adblntoplb_1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22home%22%7D%2C%7B%22sd%22%3A%22adbridg_ad_adblnboxlarge_1%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22home%22%7D%5D&pubid=ca0a1be3-4fa6-40a0-bcab-b3d35d8368f1&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.4.150 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: G1N2VG630KM35ZW5HH8N
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://user.gemvpn.xyz
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: KneZ8BdKp5dRFB1oyNwVAlCwJ8M6r00-2YIWl-_9zfIHphQWiazEgQ==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 40ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-V18NBPRHD7&gtm=45je3510&_p=1322365786&gdid=dZGIzZG&cid=71626702.1683152334&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1683152333&sct=1&seg=0&dl=https%3A%2F%2Fuser.gemvpn.xyz%2F&dt=LGBTQ%20Nation%20-%20The%20Most%20Followed%20LGBTQ%20News%20Source&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V18NBPRHD7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 115 KB
45 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1203094-4&l=dataLayer&cx=c

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

da9fd7c392344fec265001a58a99d2490168376d164bf10dcf093f07cf37bce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45739
x-xss-protection: 0
last-modified: Wed, 03 May 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 May 2023 22:18:53 GMT

GET
H2 200 hotjar-1893332.js Show response
static.hotjar.com/c/ 9 KB
4 KB 75ms
40ms Script
application/javascript 18.66.97.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1893332.js?sv=6

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-10.fra56.r.cloudfront.net

Software

Resource Hash

586eb2459d2ce523d33189b54dc22d3a287a814e82db1eb6663469828ff5653a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/452dc9d9639178bd795088011942b972
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: JBqMSZ79W84qNnDGW9Ib9gg8VtzywgAjUOK4nLPIjBaiKbb-Cl-UTg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 99 KB
39 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NCVV72

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d5b9e16fdf86e5ec3be3014e3e7f9540cd8545111ba584e6e4225d9e678d2a5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39765
x-xss-protection: 0
last-modified: Wed, 03 May 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 May 2023 22:18:53 GMT

GET
H/1.1 204
No Content /
adspsp.com/pt/2634970/1/2/ 0
110 B 668ms
172ms Image
image/png 54.186.25.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adspsp.com/pt/2634970/1/2/?a=2,a2lh89fw683XqpK7vaYD,hKRZLK6ZSr&aa=00Gumh&b=1//2-28^k8`2i.qy`2i.qy`6y:2@1040162^k8`2i.qy`2i.qy`6y,5@20883108^k8`2i.qy`2i.qy`6y,9@581900^k8`2i,18@LGBTQ_Desktop_Leader1^k8`2i.qy`2i.qy`6y,33@Pdttf083ZaS8TaUTNJ50ah7r^k8`2i.qy`2i.qy`6y,116@213789743^k8`2i.qy`2i.qy`6y,154@dWBJy2QKOr6jjQaKlId8sQ^k8`2i.qy`2i.qy`6y,166@20463^k8`2i.qy`2i.qy`6y_26^8c`6y.8c`go:2@1040158^8c`go,5@20883105^8c`go,9@581897^8c`go,18@LGBTQ_Desktop_Box2^8c`go,33@ftxO295svn2Cfny2yioNrqmc^8c`go,116@681402167^8c`go,154@dWBJy2QKOr6jjQaKlId8sQ^8c`go,166@20463^8c`go,185@19223aa4164a1c25e26050b8dc979c59^8c`go&bu=U22637b45b06425,adbridg_ad_adblntoplb_1,%2F4564944%2Flgbtqnation%2Fhome&bu=U376b7507ace12e,adbridg_ad_adblnboxlarge_1,%2F4564944%2Flgbtqnation%2Fhome&e=&c=https%3A%2F%2Fuser.gemvpn.xyz%2F&d=&f=1.lh89fvy6.1T7u.2Te5&g=2Tj4&u=116e1332:lh6sexwl:3if&v=18g.xc.0.3js.1.0&m=z&rnd=1683152333614
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.186.25.31 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-25-31.us-west-2.compute.amazonaws.com
Software: linux /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Server: linux
Connection: keep-alive
Content-Length: 0
Content-Type: image/png

POST
H/1.1 204
No Content hb Show response
brightcombid.marphezis.com/ 0
172 B 747ms
390ms XHR
text/plain 178.128.135.204
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://brightcombid.marphezis.com/hb
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://user.gemvpn.xyz
date: Wed, 03 May 2023 22:18:54 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 338 B
603 B 174ms
145ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU6A725L
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff4782a097f6b1fdfcbe385deb14dfb5815364bcbcb36c6f530ca1802cb78769

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Wed, 03 May 2023 22:18:53 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 10 B
388 B 65ms
18ms XHR
application/json 216.52.2.30
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.44.0
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: 6aae64de37c7801ed7b8c69c256772203d4071ab685ba8e1ef9ff9e8f3975804

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 03 May 2023 22:18:53 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://user.gemvpn.xyz
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 10

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 522 B
1 KB 94ms
13ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11744&site_id=64666&zone_id=1040162%3B1040158&size_id=2%3B15&alt_size_ids=55%2C57%3B10&p_pos=atf&rf=https%3A%2F%2Fuser.gemvpn.xyz%2F&tg_i.page=https%3A%2F%2Fuser.gemvpn.xyz%2F&tg_i.domain=user.gemvpn.xyz&tg_i.pbadslot=%2F4564944%2Flgbtqnation%2Fhome%23adbridg_ad_adblntoplb_1%3B%2F4564944%2Flgbtqnation%2Fhome%23adbridg_ad_adblnboxlarge_1&tk_flint=pbjs_lite_v7.44.0&x_source.tid=7d543be0-838f-4190-87d2-ca62a6779ebf%3Be36c3546-1e2c-45b9-ac78-663ae06f8be7&l_pb_bid_id=BR673a76cec8e62d%3BBR15680567dd01d36&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&x_imp.ext.tid=7d543be0-838f-4190-87d2-ca62a6779ebf%3Be36c3546-1e2c-45b9-ac78-663ae06f8be7&rp_maxbids=1&p_gpid=%2F4564944%2Flgbtqnation%2Fhome%23adbridg_ad_adblntoplb_1%3B%2F4564944%2Flgbtqnation%2Fhome%23adbridg_ad_adblnboxlarge_1&slots=2&rand=0.1269313941381891
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: a3c3dfcb1784cb69979a2274d5ed0ad68e44e7a4496cca43876c2cde28b608c7

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://user.gemvpn.xyz
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 264 B
1 KB 121ms
97ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

ec2-3-77-50-106.eu-central-1.compute.amazonaws.com

Software

nginx/1.21.3 /

Resource Hash

219453727c19ceacad85f04e9a24298e0f1447156035b46f8fa6a469ce27a668

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:53 GMT
AN-X-Request-Uuid: f6ce38fd-cc73-4185-8210-12eb3788c682
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://user.gemvpn.xyz
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 146.70.117.120; 146.70.117.120; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 264
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
538 B 29ms
8ms XHR
application/json 3.77.50.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=7.44.0&referrer=https%3A%2F%2Fuser.gemvpn.xyz%2F&tmax=2000

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.77.50.106 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width
x-auction-status: 3, 3
content-type: application/json; charset=utf-8
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
158 B 151ms
108ms XHR
text/plain 52.29.126.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.126.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-126-79.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://user.gemvpn.xyz
date: Wed, 03 May 2023 22:18:53 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 65ms
23ms XHR
text/plain 52.29.126.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.126.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-126-79.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://user.gemvpn.xyz
date: Wed, 03 May 2023 22:18:53 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
178 B 151ms
101ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=dWBJy2QKOr6jjQaKlId8sQ
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 8682a9d1eb430133f694b6e96e9090bbd4455d72e6712115cbfd161be0325b03

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://user.gemvpn.xyz
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
351 B 148ms
98ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=dWBJy2QKOr6jjQaKlId8sQ
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 8682a9d1eb430133f694b6e96e9090bbd4455d72e6712115cbfd161be0325b03

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://user.gemvpn.xyz
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 182 B
531 B 67ms
23ms XHR
application/json 185.255.84.150
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fuser.gemvpn.xyz%2F&PageUrl=https%3A%2F%2Fuser.gemvpn.xyz%2F&PageReferrer=https%3A%2F%2Fuser.gemvpn.xyz%2F&CanonicalUrl=https%3A%2F%2Fwww.lgbtqnation.com%2F

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.150 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

1b75b28950f2e2c40d222b668adaa97ff5d971d4af1a057d8ab7bd3bf9601e19

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
vary: Accept-Encoding
access-control-allow-headers: Accept-Encoding, Content-Type
content-length: 182
expires: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 21:05:04 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 4429
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 03 May 2023 23:05:04 GMT

GET
H2 200 5.112e6dc7.min.js Show response
a.omappapi.com/app/js/ 16 KB
6 KB 16ms
15ms Script
application/javascript 2400:52e0:1e00::865:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.112e6dc7.min.js
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::865:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-865 /
Resource Hash: f77582bed375bcc38f36c2b1a15e9deb97f387905b0c087a77448add795cd0c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
content-encoding: br
cdn-edgestorageid: 1075
perma-cache: HIT
cdn-storageserver: DE-168
cdn-cachedat: 04/25/2023 22:14:02
cdn-pullzone: 293267
last-modified: Tue, 25 Apr 2023 22:14:02 GMT
server: BunnyCDN-DE1-865
cdn-fileserver: 567
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"644850aa-3f86"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 4f94b8a2f5664a69531cf51f58879142
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 17ms
17ms Stylesheet
text/css 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2743
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 7c1be1e58e2f2c36-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 02 Jun 2023 22:18:53 GMT

GET
H2 200 modules.b440b8b3971e5ec6056f.js Show response
script.hotjar.com/ 264 KB
68 KB 72ms
20ms Script
application/javascript 18.66.2.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.b440b8b3971e5ec6056f.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.2.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-2-12.txl50.r.cloudfront.net

Software

Resource Hash

674492bb351bc3c8328b014f9ad016d26361a9da7599de0f0af8dfdbb7b99d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 09:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 b7fabb5a327e018775ea26a6f65c6e10.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P1
age: 46186
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 69234
last-modified: Wed, 03 May 2023 09:28:55 GMT
etag: "4d60597d3bb7082d16c50293546f6f66"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: bY-hD20Bun301DXeRBL40I6vLDwsdxvRehgFK0CtqnAOSVZmzQ-Fpg==

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 21:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2746
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 03 May 2023 22:33:07 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1322365786&t=pageview&_s=1&dl=https%3A%2F%2Fuser.gemvpn.xyz%2F&ul=en-us&de=UTF-8&dt=LGBTQ%20Nation%20-%20The%20Most%20Followed%20LGBTQ%20News%20Source&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAUIhAAAAACAAI~&jid=951730214&gjid=416729106&cid=71626702.1683152334&tid=UA-1203094-4&_gid=1659206640.1683152334&_r=1&gtm=457e3510&did=dZGIzZG&gdid=dZGIzZG&jsscut=1&z=756238063

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK Test_oPS_Script_Loads Show response
sqs.us-east-1.amazonaws.com/397719490216/ 378 B
658 B 376ms
106ms XHR
text/xml 3.239.232.163
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sqs.us-east-1.amazonaws.com/397719490216/Test_oPS_Script_Loads?Action=SendMessage&MessageBody=cid%3D47%26bt%3Dnull
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.239.232.163 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-239-232-163.compute-1.amazonaws.com
Software: /
Resource Hash: 9d5dee66009374ea81c8a35ab82f3ca4824ccc0a96b34afcf0b89f47352195c5

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
Date: Wed, 03 May 2023 22:18:54 GMT
x-amzn-RequestId: dc9c15fc-248c-50e3-8696-4930c482a79c
Content-Length: 378
Content-Type: text/xml

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 63ms
21ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-1203094-4&cid=71626702.1683152334&jid=951730214&gjid=416729106&_gid=1659206640.1683152334&_u=aCDAAUIgAAAAACAAI~&z=1125896902

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 03 May 2023 22:18:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/780445e1-e0f5-4511-946c-e03913687877/ 176 B
765 B 61ms
51ms Fetch
application/json 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/780445e1-e0f5-4511-946c-e03913687877/icon

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

010232417c65b9fe5575b05cc45503818b57f0b9b08ba0af9d28006dd2ba1ed1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:53 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 9ddfe77c-d74a-4507-90f2-f78ed73d90c4
x-runtime: 0.008591
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"010232417c65b9fe5575b05cc4550381"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept, Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cf-ray: 7c1be1e61af11e10-FRA
access-control-allow-headers: SDK-Version

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 41ms
20ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-1203094-4&cid=71626702.1683152334&jid=951730214&_u=aCDAAUIgAAAAACAAI~&z=1959902045

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 51ms
17ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-1203094-4&cid=71626702.1683152334&jid=951730214&_u=aCDAAUIgAAAAACAAI~&z=1959902045

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 d9f9a80f-ebb8-45db-8372-62851c496a86.png
img.onesignal.com/t/ 15 KB
16 KB 59ms
51ms Image
application/octet-stream 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.onesignal.com/t/d9f9a80f-ebb8-45db-8372-62851c496a86.png

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4d794b436e41d1945f5c560956cf6667f2e91790ca12cca9f42160425bbc6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-goog-encryption-kms-key-name: projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
date: Wed, 03 May 2023 22:18:53 GMT
strict-transport-security: max-age=15552000; includeSubDomains
cf-cache-status: REVALIDATED
x-guploader-uploadid: ADPycdsbnZyJ05In8CC2wLtOR13EWRx2l-axNoTUHne3Xc1M0niN7zNf3XCeDG8f26xr0Gll5kD29F8uwrl_QyNB7oTF
x-goog-meta-x-goog-source-etag: "7448e8fa99045c4eb6a30d402b24edb0"
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15309
pragma: no-cache
last-modified: Tue, 14 Feb 2023 02:14:43 GMT
server: cloudflare
etag: "-CLnji7f4k/0CEAE="
vary: Origin, Accept-Encoding
x-goog-generation: 1676340883550649
content-type: application/octet-stream
x-goog-hash: crc32c=QXGB4Q==, md5=dEjo+pkEXE62ow1AKyTtsA==
cache-control: public, max-age=2678400
x-goog-meta-cache-control: public, maxage=604800
x-goog-stored-content-length: 15309
accept-ranges: bytes
cf-ray: 7c1be1e6adcb19a0-FRA
expires: Sat, 03 Jun 2023 22:18:53 GMT

GET
H2 200 async-api.8f89c105-1.231.0.min.js Show response
js-agent.newrelic.com/ 2 KB
2 KB 28ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/async-api.8f89c105-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

67f99ac35e1f837e5571b596248acd66df2dddedb17e20ba4527c825ec957ced

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: mU67jycgcinZxIFlMFQSe3f.nxc8alvQ
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: 37BCS8DNZHFEX51F
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1293
x-amz-id-2: l7Sao9WnOGc5CscYZH3uUViOtgVHcPpjk5kE/fPGBUygGNaNTDprb0BNj/7u1DP8P15bLFbq5Kw=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.304116,VS0,VE0
etag: "c795d925c282d627e664bd4811db2c5f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 824

GET
H2 200 lazy-loader.67423d16-1.231.0.min.js Show response
js-agent.newrelic.com/ 928 B
617 B 28ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/lazy-loader.67423d16-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

16a2fcf59eb7e6f04fe15ad2b13cff5fd8813a3267e7f4c57fdf16d35470f5d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: T3hyF0giIyFMr4zq18cu84rHhrcGImyr
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: 37B1K184NX2X7FRQ
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 414
x-amz-id-2: k5L/2mfzMyXve8s1l6Dl4lgGgtutkuhhdaCioUYljnUFn7YTJgVLiw2s3aE5MrfjGblCqgbP0OY=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.304134,VS0,VE0
etag: "5c71e603fdc4b5e7eb31a10d4bf90768"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 835

GET
H2 200 862.04af29e3-1.231.0.min.js Show response
js-agent.newrelic.com/ 9 KB
4 KB 7ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/862.04af29e3-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

03c8ef299748fad241484cddf509b6e90b394949882a72f9174dc97da671f151

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: F3uiK5YwfyYXl9HDrytyVd85M_NbPJob
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTGYTYZGYTEE5VR
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3627
x-amz-id-2: CnoHNTRWJk/FswBIswZL53MF3lVkOZRgjF8pScf2uhb05x7xqmtixOsgewdo6Clj5FnD4CPUQgc=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.314754,VS0,VE0
etag: "8ff6f8d3b9281c2834e211ce2228757e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2991

GET
H2 200 page_view_event-aggregate.8cf0450e-1.231.0.min.js Show response
js-agent.newrelic.com/ 11 KB
4 KB 7ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/page_view_event-aggregate.8cf0450e-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9c52fb85b7798d62e60aee232ae9b2a224c88d52cd6405bac28a3a2a18d11642

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: YL5vYhsqsLDVb5Z0VzI.0IKZ9oVf.jnj
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTTS9CQWGF416KD
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 4107
x-amz-id-2: Lk3Gf6ZFg2qFe0YszWBoBDq4Jr85JvIsv4FhXT4LVfwr7XtpheTYp7TKEGRXx9TIGVaYfcXs6I0=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.315146,VS0,VE0
etag: "927ef57448f4e9500b6ddd704625d0b2"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2989

GET
H2 200 page_view_timing-aggregate.a30a53ff-1.231.0.min.js Show response
js-agent.newrelic.com/ 12 KB
5 KB 7ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/page_view_timing-aggregate.a30a53ff-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

53350e307f02d76f2b5b69ad7ec7f53e6d32e84d2718f03ddd4b8fcd752f454b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: tXajjyfh__GTM5HYavqt0WCAqFhJIRAd
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTKRCBWK9DY9VF2
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 4637
x-amz-id-2: CKWepQMptbiGZFbvmlyoSJpxWV7TanAvkhpurJpPVUD+E87oxr/ze2rgQ9QP/sPuOgvywtwCjnc=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.315670,VS0,VE0
etag: "81350454b5ae22caf77cada88c68cd10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 3003

GET
H2 200 metrics-aggregate.78efb4d5-1.231.0.min.js Show response
js-agent.newrelic.com/ 4 KB
2 KB 7ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/metrics-aggregate.78efb4d5-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e54f6dd45ddca0b2de26ce3ba1622eb755f28fd5c4a36b4cc95ee1df44430c05

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: GnoOJSNFMPBLvvU2loT.6gfpbCRyQb8e
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTZPDPNJWS35TK2
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1587
x-amz-id-2: fUoQ+XMTbTgwmL/Eea4Z/+Eqgm9QhGJWm7/n7/PpAZUPdgH3OTX2ZX9ZNwi81DBuJoAMOluu2sQ=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.316158,VS0,VE0
etag: "25879f97e7abf9cd89e027ff5a41ed81"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2985

GET
H2 200 jserrors-aggregate.0b4d6623-1.231.0.min.js Show response
js-agent.newrelic.com/ 7 KB
3 KB 7ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/jserrors-aggregate.0b4d6623-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

04183289430803326acd6b1535457d8196284cb67186adb767c506c8c69a0fb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: sBZl8cmCtUvWsekLB_5JE6E4NTVXZbrJ
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTG5BSGJZ3576BQ
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2699
x-amz-id-2: mzcws6fZHkHHrTADpFtfGdNmxISvxtuagteg9fmLGk/mdvXhaqP1WG59IV24D8qGPn0nTH1AKMY=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.316695,VS0,VE0
etag: "105c0b07033e97d2ad5192f22cd2b7be"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2047

GET
H2 200 ajax-aggregate.b0da4738-1.231.0.min.js Show response
js-agent.newrelic.com/ 5 KB
2 KB 7ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/ajax-aggregate.b0da4738-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

46989843cf6db9b279fe42b1ad1f76e09e30eabc768be16ea6c6bb2f94c67883

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: fX33moFHF9HahFsZ9OF7r7ctzevPre0s
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTPJEJPB2M16VS2
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2158
x-amz-id-2: o+z7o+gVJvxMzYo6RoTcp2dMOyyOsURblNe0x2s7wXZVVnC1VKMxRJ65qOIQQ6u3vuWgPfv3JJw=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.317225,VS0,VE0
etag: "9a50be0680ff4e93b2870bc5fa243b5e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 2048

GET
H2 200 session_trace-aggregate.0938abd3-1.231.0.min.js Show response
js-agent.newrelic.com/ 8 KB
3 KB 6ms
6ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/session_trace-aggregate.0938abd3-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

981a6fc6c212bbebf95cb8ba05a6cf43caedfdc678afe6b9ec26085b500d57ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: wGz7Zc4CdeNSHrMhENAh1KuuSWZPluFa
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTKVMK4G03C9ZJV
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3219
x-amz-id-2: eI6Spho81iFK1wd6ak7IEwK4jY14z4wsClJIOi/E7+BvCsOVulW0w6tNsvxh+lK7txj/UfZ+44c=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.317749,VS0,VE0
etag: "e48f352e197fb565313a4b08e8d2220a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1709

GET
H2 200 page_action-aggregate.42c392aa-1.231.0.min.js Show response
js-agent.newrelic.com/ 2 KB
1 KB 10ms
10ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/page_action-aggregate.42c392aa-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

51e416712f2a66c0f2abf8fc2ea4d86df45109a57406156a6ebec14c8138d626

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: y9zWfqNMoXLtAEnsmpgdpZ1x7ixYhd2R
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: TD9VJ30EHGF3GVXH
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 983
x-amz-id-2: m/JfP/uIDF1zMjEEsLJNvcUwEphuCWd8SnvQ8bzdTukQ+f/0jFKVz4C0Wh17Xa8hA+99HRL0Ifw=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.318309,VS0,VE0
etag: "127fe6773a93cca9c6fdbb5ff34d7655"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1322

GET
H2 200 spa-aggregate.19ebdf8d-1.231.0.min.js Show response
js-agent.newrelic.com/ 18 KB
7 KB 10ms
10ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/spa-aggregate.19ebdf8d-1.231.0.min.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1233d721917f7d6b0cb2ef684806bb7337e1101a736c33b09f23ff7130ea37ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: Nv8wrgEhI.ic6ql5Cch9vZS5.tVJ_ipI
content-encoding: gzip
via: 1.1 varnish
date: Wed, 03 May 2023 22:18:54 GMT
strict-transport-security: max-age=300
x-amz-request-id: MWTQ2S1B4EK13KEQ
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 6566
x-amz-id-2: 3XspXqooYA/1dqYAfEd34SASadpCTQLAKTeshZF0HeNMmY25/RC/UbzrxlAzx5R3C9BXGNBbxjU=
x-served-by: cache-fra-eddf8230068-FRA
last-modified: Fri, 28 Apr 2023 17:58:54 GMT
server: AmazonS3
x-timer: S1683152334.318885,VS0,VE0
etag: "b29b6d7f913058268f8d081edc70f25c"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1738

GET
H/1.1 200
OK NRJS-e7ac69b9ed0b3ee6edc Show response
bam.nr-data.net/1/ 49 B
528 B 334ms
259ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-e7ac69b9ed0b3ee6edc?a=502295015&v=1.231.0&to=Y1RTMEpSX0EEUE1aCloecAdMWl5cSlpXVwBM&rst=1403&ck=0&s=12ed89fef1b06d40&ref=https://user.gemvpn.xyz/&ap=1298&be=99&fe=1260&dc=423&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1683152332926,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:23,%22c%22:23,%22s%22:34,%22ce%22:55,%22rq%22:55,%22rp%22:99,%22rpe%22:122,%22di%22:509,%22ds%22:520,%22de%22:523,%22dc%22:1357,%22l%22:1357,%22le%22:1359%7D,%22navigation%22:%7B%7D%7D&fp=461&fcp=461&at=TxNQRgJITE8%3D&jsonp=NREUM.setToken
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 22:18:54 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7c1be1ea0fab2c27-FRA

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 58ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=user.gemvpn.xyz

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 40ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=user.gemvpn.xyz

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 151 KB
51 KB 234ms
234ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=545742978614377&correlator=3592008819193491&eid=31074242%2C31074272%2C44777897&output=ldjh&gdfp_req=1&vrg=202305010101&ptt=17&impl=fifs&iu_parts=4564944%2Clgbtqnation%2Chome&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1x1%2C728x90%7C970x90%7C970x250%2C300x600&ifi=1&adks=4155109806%2C3574728437%2C3152155227&sfv=1-0-40&fsbs=1%2C1%2C1&prev_scp=ad-location%3DSkin%26adb_imp%3D1%7Cad-location%3Dlb_top%26amznbid%3D2%26amznp%3D2%26adb_cfg%3DLGBTQ%2520DT%2520LB%2520BTF%26adb_bdr%3Dnone%26adb_imp%3D1%7Cad-location%3Dbox_large%26amznbid%3D2%26amznp%3D2%26adb_cfg%3DLGBTQ%2520Box%2520Large%26adb_bdr%3Dnone%26adb_imp%3D1&eri=1&cust_params=UGC%3Dno&sc=1&cookie_enabled=1&abxe=1&dt=1683152334393&lmt=1683152334&dlt=1683152333034&idt=160&adxs=0%2C436%2C1075&adys=0%2C13%2C653&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fuser.gemvpn.xyz%2F&frm=20&vis=1&psz=1600x4600%7C1600x4600%7C320x631&msz=1x-1%7C1600x24%7C320x600&fws=4%2C4%2C4&ohw=1600%2C1600%2C1600&ga_vid=71626702.1683152334&ga_sid=1683152334&ga_hid=1322365786&ga_fc=true

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69fecdaf60fbda8297202134a1f44c4e5c3dfa02ce1d55c0ad7608ddba880439

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52561
x-xss-protection: 0
google-lineitem-id: -2,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://user.gemvpn.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 84ms
56ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305010101&st=env

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97342cfa46ea53e32785af8540fa623bd4333541c47a8d2ac8ced584ee73e89e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11258
x-xss-protection: 0

GET
H2 200 container.html Show response
69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B7BA 6 KB
3 KB 78ms
16ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 22:18:54 GMT
expires: Thu, 02 May 2024 22:18:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 204
No Content /
adspsp.com/pt/2634970/11/3/ 0
110 B 172ms
172ms Image
image/png 54.186.25.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adspsp.com/pt/2634970/11/3/?a=2,a2lh89fw683XqpK7vaYD,hKRZLK6ZSr&aa=00Gumh&b=0,1,2,3,4,5:6,7,,2u:8,9,,2M:a,b,,1T:c,d,,1G:e,f,,3i:g,h,,4o:i,j,,3k:k,l,,cM&b=0,1,m,n,o,5:6,p,,2u:8,q,,2M:a,r,,1T:c,s,,1H:e,t,,3i:g,u,,4o:i,j,,3l:k,l,,cN:v,w,,21&bi=1,A14b43994339d905,28,U22637b45b06425,adbridg_ad_adblntoplb_1,%2F4564944%2Flgbtqnation%2Fhome,2,1040162,5,20883108,9,581900,18,LGBTQ_Desktop_Leader1,33,Pdttf083ZaS8TaUTNJ50ah7r,116,213789743,154,dWBJy2QKOr6jjQaKlId8sQ,166,20463,26,U376b7507ace12e,adbridg_ad_adblnboxlarge_1,1040158,20883105,581897,LGBTQ_Desktop_Box2,ftxO295svn2Cfny2yioNrqmc,681402167,185,19223aa4164a1c25e26050b8dc979c59&e=&c=https%3A%2F%2Fuser.gemvpn.xyz%2F&d=&f=1.lh89fvy6.1T7u.2Te5.3T11p&g=3T15p&u=116e1332:lh6sexwl:3if&v=18g.xc.0.3js.1.0&m=z&rnd=1683152334427
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.186.25.31 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-25-31.us-west-2.compute.amazonaws.com
Software: linux /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Server: linux
Connection: keep-alive
Content-Length: 0
Content-Type: image/png

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 56ms
29ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 May 2023 22:18:54 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C8B9 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 9033
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 19:48:21 GMT
expires: Thu, 02 May 2024 19:48:21 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 269D 783 B
968 B 17ms
16ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9e9cffac77dc86f246255573c0bfb4e555658ad4d9a9d3a0ea0ece607d2a5149

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QSYIF787aRqnmCosR8qtDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-QSYIF787aRqnmCosR8qtDA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 22:18:54 GMT
expires: Wed, 03 May 2023 22:18:54 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 FHHDynUGsrfH4TjWcGmt-S1vebovfm5iFoLlE4fXdvI.js Show response
pagead2.googlesyndication.com/bg/ Frame C8B9 37 KB
14 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FHHDynUGsrfH4TjWcGmt-S1vebovfm5iFoLlE4fXdvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1471c3ca7506b2b7c7e138d67069adf92d6f79ba2f7e6e621682e51387d776f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:09:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14620
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 May 2024 12:09:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 269D 0
0 47ms
42ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305010101&jk=545742978614377&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

GET
H2 200 container.html Show response
69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AACD 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 22:18:54 GMT
expires: Thu, 02 May 2024 22:18:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5E77 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 22:18:54 GMT
expires: Thu, 02 May 2024 22:18:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK NRJS-e7ac69b9ed0b3ee6edc Show response
bam.nr-data.net/resources/1/ 36 B
416 B 236ms
236ms XHR
text/plain 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/resources/1/NRJS-e7ac69b9ed0b3ee6edc?a=502295015&v=1.231.0&to=Y1RTMEpSX0EEUE1aCloecAdMWl5cSlpXVwBM&rst=1895&ck=0&s=12ed89fef1b06d40&ref=https://user.gemvpn.xyz/&st=1683152332926&at=TxNQRgJITE8%3D
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90c93635a657154134ee328e9d047b6a8868586be18a1102ad0276398295655d

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 03 May 2023 22:18:55 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://user.gemvpn.xyz
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7c1be1ec99de2c27-FRA
Content-Length: 36

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D42A 624 B
826 B 42ms
21ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIY0-De6AEwAQ&v=APEucNVj1V_n1Na90Co2mED1lRKD4ojnpw_LMgClLxZnWaZOXYdwIvClClkrDM_EeojuimmnO4OTmPkFdbqZalPRlCTghbxVFB1ogD40DS63ME9DMp-WTkUPoBrBxI0Dj7Ji_TgdtIVTqJEluOGIJVhtdT26rG1IozhJ77F8bGoS6vm_ZjOvu78

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 22:18:54 GMT
expires: Wed, 03 May 2023 22:18:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/ Frame AACD 22 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/abg_lite_fy2021.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00d6272f8ba086bd63eed498e6a916b8d9eb0f51920af223b1596e0b72c9a4a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 18:10:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8743
x-xss-protection: 0
server: cafe
etag: 14489809188666054284
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 18:10:12 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/elements/html/ Frame AACD 7 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49b6c56eb31409bd9d3761794191cce2ecb0de4de4b475ab71810de512cb926e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 18:10:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3047
x-xss-protection: 0
server: cafe
etag: 5552017188384030315
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 18:10:12 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AACD 0
0 83ms
48ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1ewTDBOvHx82I2MVWN1yi-QVYZ5Vnl4f6ZzpF92XMqcxD10pWe0ZhDL4Me-MoQuba5Dsvr4ZFTwfzqvBcj3Cr9zWpPraMjqLPvqlS67zvo9EP8WMUtZ8iki41CaXBZHskHOzT8QogpwP-hkpRrrsRN88a7kf5FYj1LSX4wAfaS8McbZ7USfbLSg8a9LrQverW_7BaiDDBKOZrTau_dK70CQDbqcQdd5qNtCVVjelYoWgCeydFFkZeopJSKIL0tNYJKUpWZguQDRJay1qHcwhP-a5u1rqH8TEtwZ2BgQ0G2sLIfCvDVCzYELJ3h5hIVS5YmtCtTlACxb17fjzBrtxyoUwPv9R-QqFYmA7prv6ad4ij2YaUkhh61G68yaodln-OWZ55w8BqmBNAJ0Kna8jiv6D4R-B7IKje87wCBt-POuOw9QczKxd2ymTDO1mtiJQ1mXwzY2JEuG2rrP_mtnOhccHClPp0-5urlYLIo9EEQaecOCWskMmxCj2RTH_70T9MZNl_ZBqIcJY0xfIetSUOy49fmaHKBfM8gOJLraODYNqL4saddWvdCEHhhYl3mt1ospDjSliq2tNE4f-gFyH7puVw0zaW1VncTBWJTF82HOqBhNf42l3I8pcyedHG0KWfY5lIFlI6lP9TPUn3HyLgfm0C5cUOHVw4t8wZ52HEHWalfZf4ViUXJAJOy3_K8m81KJSFxfuUgDgoYkAI114Xoz2GuUEBCYUxu53o_rHdI9amPI3gjiGyyiMu8j9E53ApLAf-2ZvQ9mHW_SAJyB7-NROx6AhWD-UwEowTfRQxdEs4ONrbQS7NDaQDdpt16gobkjlsL8Kqa9GzAsueQmkKFg1nrHbpv8g-kr1ZCdErUZOfDhnLvyehZOusqEbhN-ye7mPdJ_m3zMaCuq9qRNWg1rV4iCSFuwDVM255MnAx3yenoeYyZavb6HzhfXtmoDeLT38nKq_0wx5mwWhWDRDWutkpmcIhVzWdC_375UcGpRwEg-imZFUNC_d__lxO656jJKZGTE_O7lhbs9q1QSWl1S-dnqBUH6_IfntMfS1naFkzeN-4DXlXXeQohmrHRqN0EfgFs5jKw1OIvr4Y6ht89HPiYp7hpnsTxRKNlFK_tB0Ou0EaqwF6tqZm9coP6cqdX0x6qHbkDFbkTktebeJktecw21lWviz3w_fi49mF&sai=AMfl-YS1XYI72vWpEiDyJU8ajMC5JrQ11T_BD2JyErSnk7lnJ09pV76pd80rQBZPmIR0XHpuKOTBBFzsKaKvoQtOjMK83JGb5T5ARkYvCtbv44WLmxgtqkRxJucvw9ykrzrtJxuf1cZmmHmeoUC4QZ-fiRLxRPyB3wnFuWDKj13YH5JTzuRKOzag4ObGmy8wlET0Tb5xm8b4SgoXtorskLcfMG19ZjqiQ8SyVwis6nPIV_70MgvuyXIhoN-9OfW-7VQKuGgGMiAIoQLettGgcDCydGgdkeo2lHLSb1O-SGhdz40pGNU9hGhcilRMfjr259HsyxlqeTemX6bd_7XSDYX7AhHaP43zlSudi8tN7U9WzCx8iLE_qCqjNJYaLs8w1l4LDgyiXw-ihw-M5LNvr3Q-dozbpZIXahSljHoQrQ3hltqlX5VtufRDInpU1tVb6xScBBOmPxpkcf_ZJIXbVI0SW42t_DAP5fY58w&sig=Cg0ArKJSzCcozPYG6BNEEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20230501.82383&arae=0&ftch=1&adurl=

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 03 May 2023 22:18:54 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 03 May 2023 22:18:54 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AACD 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 09:20:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 May 2024 09:20:28 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AACD 42 B
63 B 44ms
43ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AGwHWuhplIpVbpJVBxHuSIVP61aa4BjHjR77Sxz591cqLuB4IiZfnCRCqi0JM4BWnk4FpI4pzfaRl-xOoU79YzlZZCpCl4Zn8l9EmJFqhVjmalS4s

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ai.aspx
tagm.tchibo.de/ Frame AACD 43 B
1 KB 91ms
26ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tagm.tchibo.de/ai.aspx?extProvId=300&extProvApi=129768&extPu=tchibo-dv360&extLi=1009160031&extPm=18470133299&extCr=488091731&adslotid=1

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Mülheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Wed, 03 May 2023 22:18:54 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://tagm.tchibo.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mi, 03 Mai 2023 10:18:54 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 821
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/ Frame AACD 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/window_focus_fy2021.js

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 19:48:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9033
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 19:48:21 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/ Frame AACD 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7141471cf38c1e5f68499d03fc12899c1d4f91358d533881a7c5e8ddf10a5ad5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:35:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7957
x-xss-protection: 0
server: cafe
etag: 10936619172403307163
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 17:35:55 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AACD 160 KB
49 KB 73ms
25ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbe21c3c1f5415a40c7af9b0441a8515ac4a160ac5f4149717c3288046cda78e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50014
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683113006724128"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 May 2023 22:18:54 GMT

GET
H2 200 5871384044144376989
s0.2mdn.net/simgad/ Frame AACD 151 KB
152 KB 42ms
7ms Image
image/gif 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5871384044144376989

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5173e99a4abab13e58176d64f79b76a2c022cedbad63816915924577f4ab3e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 11:26:16 GMT
x-content-type-options: nosniff
age: 125558
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 154602
x-xss-protection: 0
last-modified: Tue, 02 May 2023 08:40:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 01 May 2024 11:26:16 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6BFB 624 B
506 B 20ms
19ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIYz9Xe6AEwAQ&v=APEucNXV5-10Z6Dw4PVk5d7TrtQ3XgNTVqlsGgudZ3aB9fpnPWhdXy54gf2Q8G0eTpdmWUIp_9zClTam7m_wSteMifP-P950VirUvCx4jOXlajAaxEbBd06PmA2LyAFQE0_3IdI8J65aul-HKR4gqmf6fYQniJXOAqafc8-sgm4RhZTHFalpTmY

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 22:18:54 GMT
expires: Wed, 03 May 2023 22:18:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/ Frame 5E77 22 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/abg_lite_fy2021.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00d6272f8ba086bd63eed498e6a916b8d9eb0f51920af223b1596e0b72c9a4a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 18:10:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8743
x-xss-protection: 0
server: cafe
etag: 14489809188666054284
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 18:10:12 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/elements/html/ Frame 5E77 7 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230501/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49b6c56eb31409bd9d3761794191cce2ecb0de4de4b475ab71810de512cb926e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 18:10:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14922
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3047
x-xss-protection: 0
server: cafe
etag: 5552017188384030315
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 18:10:12 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5E77 0
0 50ms
50ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstu_sGoccmWiMkVi4sK2UsUydqLCywXnP2Ei0D-YfKTfkbfJ8nPb8DOhKzjofiF1UBda1USxx1TPOiWgxbXNjsmHBrgJmkNEejy0bMkZr8uP6SuBi37Oo0l7Q7ZTYRpTwAvSWP56kNGPsZfYbUdCoz5gE1-LBX7xgQ7UhYeYBVhO5_GKQgzmZ6ZktqwEt8wc54hNgPoQqlm9hLKCh6PULOvfSCIF6IYvcDbWDiUDv1LdWhwIVgBcveZLMGSeB4c6jhv56oXMdmmSCNbQ3D3AgSVRbX070S0cNZtUetNSC298UZTIourUnr6yle1wE4S77PuSqOFv5LbPyEO_0bqn5YImN0TBDo481cS4Jo3zcJD8e5PjLLdOv8LyeGwmAD1tfQdf_XNNZh6f1Fd8LTx5qxiqLtewsThYKi5YyfCuaUyOc_ujtYv6PKjZr1vY3Y9bRFQZPqPIOWhxzT6Y0Ibj5VH4mMAV3UYAopsD3rUDU_6CiFnUFYfNS5ByfPKMkWrjtTsjFg29nClEdhstWVuH6_2mRrHzWlK0GpVI-KOhx8eXVbT37sStTdmKxj83f-gb6jYtCvUf00M6yTMRCjNnF4BLvzLQG3hvk27XmNL4ojetSnVGCvNCE-0oldKw5yCHyMwPFS7MAIKyx1397_pX1v_-L_KPdqwSMpIJTbTAh6x5jooYuSqKZy_7MDBdq8DR7OfqEKvZmOGsBk8DPNz98DZFjRrD4b1_MEeDAYAsTdDNiKQdbSDjZdRNsVynJYQvHBPhY7dnXMesRkZKp8KcI2AEHL480BmEaCsAX-4hPw62CmZexImYpp7eW30v2yuGiUBGYNEs5mubnLKqpN1h69RnQoTXpRSMjRgMb0wiPcG52Lk9hCLzhKVPODBR2P1Ss1gDgkTXjSCqwYVgFDydjz54QENi0Nq6w_Tu2EDCYLwM9DBdaJpdXHS6CKEC4s99uCjygMQBpERvG4g8aeZw_uzQLyiRyI6PoxifI3mCWtUGKn09ljmWBl8aRr7BjqdQZFVakKM-kwA1iX8reVjDIUWO6zgQ4V6jnPtbaESr_9ChWsvw3HWak5-6TYTtgwbtJOMhrAI1iccdA5zv5ClFhmFW0PmlWxVUtsVZ9BlLrgTnN_om8bll1AGMss_7p1scIvmmHOUOUzUHnrIq_yqg81L11bJhg_8HpIl9O7-9zAa&sai=AMfl-YRppd_pYBgq3Yl9wF-9Ca5Etu5a7mVrXsvnt-hYN-3zV3dEGeB35juvTb11mOUVMZvO4B-ubVXrx7E9VZAkmArL0TQ00DdnUGGklNpku5iOCNCGLf05WTIMY-So1Pwbi8vd1EcC_K_tf_SsTKmbGVXnF90L9ZN5k2nbN3DnQfTgGAX_jb3PoN-17JIki7bANp2k7wpfD1124JbkN_zSt8QTrqusSqSDqVQAVMwjgfNL8-_fa8H3OrEjLs2J2KNVcU09BFTuIk6uRqQSrpaNXcjPoy6SsV-XqJ8YYAqSE9HeXcMCJRUf5ZRrcNCLtwJAxrX6pWLOhwUdp_XNB9e2dK6C1DaMiWkYFBxEr4xPhDJR7rhrDbKfb17pXO1sMHQO_5DpPARYKDe7OeqaIV3PLWJ-WizxBPbQDcDGoBHJL-1G19Juc6HTt7bPJLrhU9SIIsjEgKJ0zvV8oUCzUvDwQ029orKhWVj1xQ&sig=Cg0ArKJSzJuLlWhn4ogeEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20230501.70035&arae=0&ftch=1&adurl=

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 03 May 2023 22:18:54 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 03 May 2023 22:18:54 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5E77 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 09:20:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 133106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 May 2024 09:20:28 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E77 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A2SBl16cIc3M8J17cfOsf5Kb35Lss1o6FBERX8-n0us0qjiOPqEfn40ktcp0fZcHBLwKXAuZKj_WI8JT4W0RNP-jCmK0qFh3u2-vuYlLeg5w9fZl4

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ai.aspx
tagm.tchibo.de/ Frame 5E77 43 B
1 KB 54ms
23ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tagm.tchibo.de/ai.aspx?extProvId=300&extProvApi=129768&extPu=tchibo-dv360&extLi=1009160031&extPm=18470133299&extCr=488090319&adslotid=1

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Mülheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Wed, 03 May 2023 22:18:54 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://tagm.tchibo.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mi, 03 Mai 2023 10:18:54 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 821
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/ Frame 5E77 3 KB
1 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/window_focus_fy2021.js

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 19:48:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9033
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 19:48:21 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/ Frame 5E77 19 KB
8 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230501/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7141471cf38c1e5f68499d03fc12899c1d4f91358d533881a7c5e8ddf10a5ad5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:35:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7957
x-xss-protection: 0
server: cafe
etag: 10936619172403307163
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 May 2023 17:35:55 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5E77 160 KB
49 KB 42ms
35ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbe21c3c1f5415a40c7af9b0441a8515ac4a160ac5f4149717c3288046cda78e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50014
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683113006724128"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 May 2023 22:18:54 GMT

GET
H2 200 8089520737335717850
s0.2mdn.net/simgad/ Frame 5E77 133 KB
133 KB 17ms
13ms Image
image/gif 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/8089520737335717850

Requested by

Host: 69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com
URL: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

027ee46f604a746be7614db96042605bd1993d5f60fa4ec91e1ea1c48a2510ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 11:25:43 GMT
x-content-type-options: nosniff
age: 125591
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136090
x-xss-protection: 0
last-modified: Tue, 02 May 2023 08:40:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 01 May 2024 11:25:43 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C8B9 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?TO4qRg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 204
No Content /
adspsp.com/pt/2634970/12/2/ 0
110 B 173ms
173ms Image
image/png 54.186.25.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adspsp.com/pt/2634970/12/2/?a=2,a2lh89fw683XqpK7vaYD,hKRZLK6ZSr&aa=00Gumh&b=2:1,28,pnty8,32c82w,0,,0,qy`6y,1rj12wgu,2czmnk,U22637b45b06425,adbridg_ad_adblntoplb_1,%2F4564944%2Flgbtqnation%2Fhome&b=2:1,26,pnty8,32c82w,0,,0,8c`go,oalvy2w,2czmnk,U376b7507ace12e,adbridg_ad_adblnboxlarge_1,%2F4564944%2Flgbtqnation%2Fhome&e=&c=https%3A%2F%2Fuser.gemvpn.xyz%2F&d=&f=1.lh89fvy6.1T7u.2Te5.3T11p&g=3T1k8&u=116e1332:lh6sexwl:3if&v=18g.xc.0.3qp.1.0&m=z&rnd=1683152334950
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.186.25.31 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-25-31.us-west-2.compute.amazonaws.com
Software: linux /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Server: linux
Connection: keep-alive
Content-Length: 0
Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D42A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

43 B
632 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIY0-De6AEwAQ&v=APEucNVj1V_n1Na90Co2mED1lRKD4ojnpw_LMgClLxZnWaZOXYdwIvClClkrDM_EeojuimmnO4OTmPkFdbqZalPRlCTghbxVFB1ogD40DS63ME9DMp-WTkUPoBrBxI0Dj7Ji_TgdtIVTqJEluOGIJVhtdT26rG1IozhJ77F8bGoS6vm_ZjOvu78
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D42A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZFLdzrDgiz4Q4WVRwnC7fQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIY0-De6AEwAQ&v=APEucNVj1V_n1Na90Co2mED1lRKD4ojnpw_LMgClLxZnWaZOXYdwIvClClkrDM_EeojuimmnO4OTmPkFdbqZalPRlCTghbxVFB1ogD40DS63ME9DMp-WTkUPoBrBxI0Dj7Ji_TgdtIVTqJEluOGIJVhtdT26rG1IozhJ77F8bGoS6vm_ZjOvu78
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame D42A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1

43 B
1 KB

10ms
10ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIY0-De6AEwAQ&v=APEucNVj1V_n1Na90Co2mED1lRKD4ojnpw_LMgClLxZnWaZOXYdwIvClClkrDM_EeojuimmnO4OTmPkFdbqZalPRlCTghbxVFB1ogD40DS63ME9DMp-WTkUPoBrBxI0Dj7Ji_TgdtIVTqJEluOGIJVhtdT26rG1IozhJ77F8bGoS6vm_ZjOvu78

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
AN-X-Request-Uuid: aff604cd-67aa-42c2-8290-0e4ffb1e2506
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 146.70.117.120; 146.70.117.120; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame D42A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D

170 B
243 B

43ms
42ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 03 May 2023 22:18:54 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 146.70.117.120; 146.70.117.120; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 37ae28d4-ef66-495b-b304-5c1bf5149868
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6BFB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIYz9Xe6AEwAQ&v=APEucNXV5-10Z6Dw4PVk5d7TrtQ3XgNTVqlsGgudZ3aB9fpnPWhdXy54gf2Q8G0eTpdmWUIp_9zClTam7m_wSteMifP-P950VirUvCx4jOXlajAaxEbBd06PmA2LyAFQE0_3IdI8J65aul-HKR4gqmf6fYQniJXOAqafc8-sgm4RhZTHFalpTmY
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6BFB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZFLdzrDgiz4Q4WVRwnC7fQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1

43 B
632 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIYz9Xe6AEwAQ&v=APEucNXV5-10Z6Dw4PVk5d7TrtQ3XgNTVqlsGgudZ3aB9fpnPWhdXy54gf2Q8G0eTpdmWUIp_9zClTam7m_wSteMifP-P950VirUvCx4jOXlajAaxEbBd06PmA2LyAFQE0_3IdI8J65aul-HKR4gqmf6fYQniJXOAqafc8-sgm4RhZTHFalpTmY
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3A2ySZRLayAN5gd1Z6KhA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6BFB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1

43 B
1 KB

7ms
7ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMWK-AIQ5fS9hwIYz9Xe6AEwAQ&v=APEucNXV5-10Z6Dw4PVk5d7TrtQ3XgNTVqlsGgudZ3aB9fpnPWhdXy54gf2Q8G0eTpdmWUIp_9zClTam7m_wSteMifP-P950VirUvCx4jOXlajAaxEbBd06PmA2LyAFQE0_3IdI8J65aul-HKR4gqmf6fYQniJXOAqafc8-sgm4RhZTHFalpTmY

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
AN-X-Request-Uuid: 36a58b0b-ffbb-4cc3-bd94-8310b5402afc
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 146.70.117.120; 146.70.117.120; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGYcwSmdtd3xdcUrE1012Zs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6BFB
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D

170 B
232 B

16ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 03 May 2023 22:18:54 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 146.70.117.120; 146.70.117.120; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 6b516171-8f15-462e-a0d8-0de0d53b61cd
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzE4NDUyODU2Mzg1NjQ0MDAxOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AACD 0
0 48ms
46ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1ewTDBOvHx82I2MVWN1yi-QVYZ5Vnl4f6ZzpF92XMqcxD10pWe0ZhDL4Me-MoQuba5Dsvr4ZFTwfzqvBcj3Cr9zWpPraMjqLPvqlS67zvo9EP8WMUtZ8iki41CaXBZHskHOzT8QogpwP-hkpRrrsRN88a7kf5FYj1LSX4wAfaS8McbZ7USfbLSg8a9LrQverW_7BaiDDBKOZrTau_dK70CQDbqcQdd5qNtCVVjelYoWgCeydFFkZeopJSKIL0tNYJKUpWZguQDRJay1qHcwhP-a5u1rqH8TEtwZ2BgQ0G2sLIfCvDVCzYELJ3h5hIVS5YmtCtTlACxb17fjzBrtxyoUwPv9R-QqFYmA7prv6ad4ij2YaUkhh61G68yaodln-OWZ55w8BqmBNAJ0Kna8jiv6D4R-B7IKje87wCBt-POuOw9QczKxd2ymTDO1mtiJQ1mXwzY2JEuG2rrP_mtnOhccHClPp0-5urlYLIo9EEQaecOCWskMmxCj2RTH_70T9MZNl_ZBqIcJY0xfIetSUOy49fmaHKBfM8gOJLraODYNqL4saddWvdCEHhhYl3mt1ospDjSliq2tNE4f-gFyH7puVw0zaW1VncTBWJTF82HOqBhNf42l3I8pcyedHG0KWfY5lIFlI6lP9TPUn3HyLgfm0C5cUOHVw4t8wZ52HEHWalfZf4ViUXJAJOy3_K8m81KJSFxfuUgDgoYkAI114Xoz2GuUEBCYUxu53o_rHdI9amPI3gjiGyyiMu8j9E53ApLAf-2ZvQ9mHW_SAJyB7-NROx6AhWD-UwEowTfRQxdEs4ONrbQS7NDaQDdpt16gobkjlsL8Kqa9GzAsueQmkKFg1nrHbpv8g-kr1ZCdErUZOfDhnLvyehZOusqEbhN-ye7mPdJ_m3zMaCuq9qRNWg1rV4iCSFuwDVM255MnAx3yenoeYyZavb6HzhfXtmoDeLT38nKq_0wx5mwWhWDRDWutkpmcIhVzWdC_375UcGpRwEg-imZFUNC_d__lxO656jJKZGTE_O7lhbs9q1QSWl1S-dnqBUH6_IfntMfS1naFkzeN-4DXlXXeQohmrHRqN0EfgFs5jKw1OIvr4Y6ht89HPiYp7hpnsTxRKNlFK_tB0Ou0EaqwF6tqZm9coP6cqdX0x6qHbkDFbkTktebeJktecw21lWviz3w_fi49mF&sai=AMfl-YS1XYI72vWpEiDyJU8ajMC5JrQ11T_BD2JyErSnk7lnJ09pV76pd80rQBZPmIR0XHpuKOTBBFzsKaKvoQtOjMK83JGb5T5ARkYvCtbv44WLmxgtqkRxJucvw9ykrzrtJxuf1cZmmHmeoUC4QZ-fiRLxRPyB3wnFuWDKj13YH5JTzuRKOzag4ObGmy8wlET0Tb5xm8b4SgoXtorskLcfMG19ZjqiQ8SyVwis6nPIV_70MgvuyXIhoN-9OfW-7VQKuGgGMiAIoQLettGgcDCydGgdkeo2lHLSb1O-SGhdz40pGNU9hGhcilRMfjr259HsyxlqeTemX6bd_7XSDYX7AhHaP43zlSudi8tN7U9WzCx8iLE_qCqjNJYaLs8w1l4LDgyiXw-ihw-M5LNvr3Q-dozbpZIXahSljHoQrQ3hltqlX5VtufRDInpU1tVb6xScBBOmPxpkcf_ZJIXbVI0SW42t_DAP5fY58w&sig=Cg0ArKJSzCcozPYG6BNEEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=87&vt=11&dtpt=85&dett=2&cstd=0&cisv=r20230501.82383&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 03 May 2023 22:18:54 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5E77 0
0 47ms
46ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstu_sGoccmWiMkVi4sK2UsUydqLCywXnP2Ei0D-YfKTfkbfJ8nPb8DOhKzjofiF1UBda1USxx1TPOiWgxbXNjsmHBrgJmkNEejy0bMkZr8uP6SuBi37Oo0l7Q7ZTYRpTwAvSWP56kNGPsZfYbUdCoz5gE1-LBX7xgQ7UhYeYBVhO5_GKQgzmZ6ZktqwEt8wc54hNgPoQqlm9hLKCh6PULOvfSCIF6IYvcDbWDiUDv1LdWhwIVgBcveZLMGSeB4c6jhv56oXMdmmSCNbQ3D3AgSVRbX070S0cNZtUetNSC298UZTIourUnr6yle1wE4S77PuSqOFv5LbPyEO_0bqn5YImN0TBDo481cS4Jo3zcJD8e5PjLLdOv8LyeGwmAD1tfQdf_XNNZh6f1Fd8LTx5qxiqLtewsThYKi5YyfCuaUyOc_ujtYv6PKjZr1vY3Y9bRFQZPqPIOWhxzT6Y0Ibj5VH4mMAV3UYAopsD3rUDU_6CiFnUFYfNS5ByfPKMkWrjtTsjFg29nClEdhstWVuH6_2mRrHzWlK0GpVI-KOhx8eXVbT37sStTdmKxj83f-gb6jYtCvUf00M6yTMRCjNnF4BLvzLQG3hvk27XmNL4ojetSnVGCvNCE-0oldKw5yCHyMwPFS7MAIKyx1397_pX1v_-L_KPdqwSMpIJTbTAh6x5jooYuSqKZy_7MDBdq8DR7OfqEKvZmOGsBk8DPNz98DZFjRrD4b1_MEeDAYAsTdDNiKQdbSDjZdRNsVynJYQvHBPhY7dnXMesRkZKp8KcI2AEHL480BmEaCsAX-4hPw62CmZexImYpp7eW30v2yuGiUBGYNEs5mubnLKqpN1h69RnQoTXpRSMjRgMb0wiPcG52Lk9hCLzhKVPODBR2P1Ss1gDgkTXjSCqwYVgFDydjz54QENi0Nq6w_Tu2EDCYLwM9DBdaJpdXHS6CKEC4s99uCjygMQBpERvG4g8aeZw_uzQLyiRyI6PoxifI3mCWtUGKn09ljmWBl8aRr7BjqdQZFVakKM-kwA1iX8reVjDIUWO6zgQ4V6jnPtbaESr_9ChWsvw3HWak5-6TYTtgwbtJOMhrAI1iccdA5zv5ClFhmFW0PmlWxVUtsVZ9BlLrgTnN_om8bll1AGMss_7p1scIvmmHOUOUzUHnrIq_yqg81L11bJhg_8HpIl9O7-9zAa&sai=AMfl-YRppd_pYBgq3Yl9wF-9Ca5Etu5a7mVrXsvnt-hYN-3zV3dEGeB35juvTb11mOUVMZvO4B-ubVXrx7E9VZAkmArL0TQ00DdnUGGklNpku5iOCNCGLf05WTIMY-So1Pwbi8vd1EcC_K_tf_SsTKmbGVXnF90L9ZN5k2nbN3DnQfTgGAX_jb3PoN-17JIki7bANp2k7wpfD1124JbkN_zSt8QTrqusSqSDqVQAVMwjgfNL8-_fa8H3OrEjLs2J2KNVcU09BFTuIk6uRqQSrpaNXcjPoy6SsV-XqJ8YYAqSE9HeXcMCJRUf5ZRrcNCLtwJAxrX6pWLOhwUdp_XNB9e2dK6C1DaMiWkYFBxEr4xPhDJR7rhrDbKfb17pXO1sMHQO_5DpPARYKDe7OeqaIV3PLWJ-WizxBPbQDcDGoBHJL-1G19Juc6HTt7bPJLrhU9SIIsjEgKJ0zvV8oUCzUvDwQ029orKhWVj1xQ&sig=Cg0ArKJSzJuLlWhn4ogeEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=56&vt=11&dtpt=54&dett=2&cstd=0&cisv=r20230501.70035&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a88-221-168-23.deploy.static.akamaitechnologies.com

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 03 May 2023 22:18:55 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 29FB 22 KB
8 KB 13ms
12ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111667
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 15:17:48 GMT
expires: Wed, 01 May 2024 15:17:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C83F 22 KB
8 KB 11ms
11ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111667
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 May 2023 15:17:48 GMT
expires: Wed, 01 May 2024 15:17:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame AACD 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 093f0d91c33e540293a0a0a160d52a162b9bbe4851727f4afd998b6d5f6e3d79

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5E77 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a18810c9fedab4d3ba3afdee50ff8078356f83cc7b597e63eabed3625f50f18

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 FHHDynUGsrfH4TjWcGmt-S1vebovfm5iFoLlE4fXdvI.js Show response
pagead2.googlesyndication.com/bg/ Frame 29FB 37 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FHHDynUGsrfH4TjWcGmt-S1vebovfm5iFoLlE4fXdvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1471c3ca7506b2b7c7e138d67069adf92d6f79ba2f7e6e621682e51387d776f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:09:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36590
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14620
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 May 2024 12:09:05 GMT

GET
H3 200 FHHDynUGsrfH4TjWcGmt-S1vebovfm5iFoLlE4fXdvI.js Show response
pagead2.googlesyndication.com/bg/ Frame C83F 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FHHDynUGsrfH4TjWcGmt-S1vebovfm5iFoLlE4fXdvI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1471c3ca7506b2b7c7e138d67069adf92d6f79ba2f7e6e621682e51387d776f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:09:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36590
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14620
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 May 2024 12:09:05 GMT

POST
H/1.1 200
OK NRJS-e7ac69b9ed0b3ee6edc Show response
bam.nr-data.net/events/1/ 24 B
403 B 270ms
270ms XHR
image/gif 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRJS-e7ac69b9ed0b3ee6edc?a=502295015&v=1.231.0&to=Y1RTMEpSX0EEUE1aCloecAdMWl5cSlpXVwBM&rst=2207&ck=0&s=12ed89fef1b06d40&ref=https://user.gemvpn.xyz/&ptid=d29dc2fe-0001-b740-5efc-0187e3b27094
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://user.gemvpn.xyz/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 03 May 2023 22:18:55 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://user.gemvpn.xyz
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7c1be1ee9b742c27-FRA
Content-Length: 24

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 0157 37 B
140 B 36ms
8ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Wed, 03 May 2023 22:18:55 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29FB 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bb4k4zt1SZM3xGsGplQfKur-wDgAAAAA4AeAEAg&bg=!d3SldCDNAAYcDqajPA47ADkAdvg8WpFd_a9yiWw0aaD2Y4LKiufIyEgxzw8MbUlCnBXIkSHS_Xkzykn_aHaJBDYJ2kD-yf3AL3ECAAAAbFIAAAABaAEHCgApIcpKBgL-7gvgP09g-4GujaBdqRR9-JExs37O-USlIbif5nPf9xQQpFGZAzkuCo1VGAqh-rnU1WVy6mQ_f0hCCsWjafZmpOTYhCCwLAbHCiTp8-RYJkHviGXSXP2wN9hBvzgPV2exoaRStyswLDmZvJo8JfLtX-XWwMGXMGRIAp_baIrd_Yrfw05l1KIWRYrFr6S_9BJYebIXHPgFSxou9F2d0NhLkoFxLt8rngx2_yA9VmVrs9veYplb_qkhGzAw2Bql1Dr3xdEny0H8ijWYXHIepVbenXezYo2VSQu2wF9tkt5dY1bn1mVeNt9rvmIc_nhOKZt8bsvoSGxW2uC3F-y1UsjzspZMIycXmb3Vw5Y1MyoXjJnUs6pCUtILmyincjOQHs2721WXtsx62bK_lmulAOgYhkGdg0KWcR_y1ibGxKJnFOYsAs-Med28walHJ82MfAB_mKRFJgdiYYwPV1A-yTxZTnT1oJO3iOKaMrYgBo-BiyK0xsKrXwkIMRKd2Vi9sed6MuBzDQciMQcbJnM0lht5ZR_CD0dE9Ed_ifkeZKKKI-JU5ciywznNqKYSVZFuuVmgipDJB1-qpHnRg4Cyjuny7LC41Fv8uzBSgxe9Z9t2qr6WVYXVvvu5hikDVDb0FzVHIAejwZ1lA5_EqvMIsdbTWowIbgFE-wlcKmntxEFChcQRDU3XXYb_A1WtJJHdxzmvmkRd6LwoTkzprU-JBARZdQkPFnOz-zkBEfrXKbMViaR8_eXXq1ZGzeD9Hl8O-g9eo5_1WsFDmrGEBlod_geqN6kT35w-OjAvrak0J9_ViCF8xjqsnB4BrVlPkDI0M_tpzyDszSMDvRrqBfBKMlxiacgyEHXHYM72OXZFWj64DaFqRAF8iGuIw2Yv85n1Kyk3mOeA7mqoN3dnch3keT9TBNvBtNTJlQLCz49v2Fwx7TtJDpPVzE-hCSt5LMZyEN_CcL-HuqW5-hlyRQm2IbrQIyBnzHchSRxUpnNMs-hq-g1wKwZNUVOcwYdd4ZgbZeoLXHgah9_4n5N5aL7vijNJCx-rfsw0g1ppWfuqvUvwpU6sDReIiYMvG4MA2RPQa0xrf5jnBwrO6bIR4H0kfnp4z48rMY563-P4zLlXzeuJbzD9Tkk5U3R4cC9KnAvTtw0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C83F 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5Detzt1SZM7xGsGplQfKur-wDgAAAAA4AeAEAg&bg=!d3SldCDNAAYcDqajPA47ADkAdvg8WpOOH62nngrGD8QD4pmvO998LivQky5A06tRuYPir8KxW4c9Nu_vpZIqTLtiv_Mg30l9gVUCAAAAcVIAAAACaAEHmQL-8452JcGeLAwtYUqT4obDFysj4b5yrwk7Q6910ovY9563VukO_9kBxZatdYn9G5lcyZC0TqAr7KowTHBDv64olKiW6rnpeOFH8hGyCwMclLRmkodZX9eRRreCpss6XlLgu5PjW3Km8xLsTYhrbTQ6U76-BhQksWH4Lq82BJheWk4baRGAA5ycrdF6AMqcggC98xCEscdNch92KIZn4zeOyLOUs0IkY5dW_FNNegPnSBnflmLViZkIGhLJkCm_0VBdbJvedK2T5U4Treib5cTK-f3P-2B1_wM__cGMh520hEUv46pO49QRPP7zuv9ZKJt13tq9A7A-zlZCX_taeoVGdHAW29UPiuqufagPydJvLXgMnXXhmOoZgvgs-CTnxWB9TrM7Q1M-qpmzN_7o0yiUcGMLOpTrgYMW3Ti1mbJgEq-eW1dsxeghBZSVF81EWOgjdXemqav9Rr70WxxOXkeEepeSHlen5x0n7haV3mVSywiS5REyOsMo9p7QujSeocWH4CwOE5mf1Jb89vix56pr2iG35hD1vM3eA3AMLfHmn7IF3rHLIGgewiJzehaogZYEAjvSqMxhjb-WJqilFhbGeV_WKdSblUD6TfvSofCH-o17aMTnMKFeWcAga2UYnJnl00sTk8W1ZNQgyj2V4T5b6q1zQPTiN3t4fgnyvLaUvf-80PlySAPR-PqyFeQQi-tXr_bmbkUYJGSw7K-I1se8VSc28shCiN4GqI-s5qudUZxbCXno-wC5jJKbawsgvOc-rVBs8RQL1BmBMFruLjEnmN3v_xZAGgE9RxZ72U9AY2_lT0eoCw_mC0nzxBBE5hqo45EFcOUFe_-j-kYgU93u4gJbnuzxLujh_KZpXmMjePMFC_Anmn63wcK3vCiKLmN4v31-GtSbTJ7UoYVBE8apmSuI1uy2yNGidB43xentYCtxU7a_-jHBASJEvlkAqhGSFStnq5EXzWCuMjHGNn3ADMlTsfRzt1gLct-9JJnBw2IxZZHhIy2DTCRIJEnEcg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 9571 281 B
554 B 34ms
9ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 03 May 2023 22:18:55 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 9571 34 KB
10 KB 8ms
8ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 62af8ad971cb7d59cde886031e7c5526f814537f33a3c1b3e5bb72ae5940e66e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 22:18:55 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 May 2023 03:01:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=17030
Connection: keep-alive
Content-Length: 10017
Expires: Thu, 04 May 2023 03:02:45 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7FA2 52 KB
17 KB 51ms
6ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 57462
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Wed, 03 May 2023 22:18:55 GMT
ETag: W/"623de86a-cf34"
Expires: Mon, 17 Apr 2023 07:14:20 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1531, 297258
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230066-FRA
X-Timer: S1683152335.423299,VS0,VE0

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame DD44 21 KB
8 KB 63ms
30ms Document
text/html 88.221.168.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU6A725L&prvid=77&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.168.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

8e2b5e4e1553a10c0ffdc5a48105399af3ad9fa651c0adbe29745cca57c87c00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 7971
content-type: text/html; charset=UTF-8
date: Wed, 03 May 2023 22:18:55 GMT
expires: Fri, 05 May 2023 22:18:55 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7FA2 0
862 B 9ms
9ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
AN-X-Request-Uuid: 728b64db-9699-4cf4-a760-aee77e95977f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 146.70.117.120; 146.70.117.120; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 9571
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=hc5BYya_SX6MzMCJl6ymgQ&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hc5BYya_SX6MzMCJl6ymgQ

43 B
479 B

104ms
104ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hc5BYya_SX6MzMCJl6ymgQ

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:56 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 1N0SXKC1BHXZMVTSHPN8
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=hc5BYya_SX6MzMCJl6ymgQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9571
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGIhw2WhJ0E4jSzsTlIeQNI&google_cver=1

0
239 B

32ms
7ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGIhw2WhJ0E4jSzsTlIeQNI&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGIhw2WhJ0E4jSzsTlIeQNI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 9571
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=FEwF2ERtQxSlq2sF-F0aiw&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=FEwF2ERtQxSlq2sF-F0aiw

43 B
479 B

38ms
38ms

Image
image/gif

52.94.223.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=FEwF2ERtQxSlq2sF-F0aiw

Protocol

HTTP/1.1

Server

52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 22:18:55 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: Q1AV96C3HH27FZJXEDXJ
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=FEwF2ERtQxSlq2sF-F0aiw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9571
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/y9bP41WCFjKiMRgkUCv1iMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-2.xff4pE2oJzV57sX65zjD0J6FfYJCr5osbOwA--~A

0
239 B

8ms
7ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-2.xff4pE2oJzV57sX65zjD0J6FfYJCr5osbOwA--~A
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Wed, 03 May 2023 22:18:55 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-2.xff4pE2oJzV57sX65zjD0J6FfYJCr5osbOwA--~A
content-length: 0

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 9571 70 B
265 B 119ms
52ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 9571
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH89FWJU-23-31OQ

0
650 B

124ms
108ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH89FWJU-23-31OQ
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 22:18:55 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 62A3EDC29EBA4B9BACA8FCC7B45DA43B Ref B: FRAEDGE1719 Ref C: 2023-05-03T22:18:55Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX60XEQrpiuvHQnUWdFlw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH89FWJU-23-31OQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e06182bf224d96e6550f4595601cdb0b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9571
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEg4OUZXSlUtMjMtMzFPUQ==
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECOQyVulUeATpmmYKBGl9sw&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg4OUZXSlUtMjMtMzFPUQ==&google_push=

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg4OUZXSlUtMjMtMzFPUQ==&google_push=

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEg4OUZXSlUtMjMtMzFPUQ==&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e06182bf224d96e6550f4595601cdb0b
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9571
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGQwM2RlNmU1MDhkOTZlZDhiMTBiZGJlZmMwZDI5NjFlMTY5NzllNg

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGQwM2RlNmU1MDhkOTZlZDhiMTBiZGJlZmMwZDI5NjFlMTY5NzllNg

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NGQwM2RlNmU1MDhkOTZlZDhiMTBiZGJlZmMwZDI5NjFlMTY5NzllNg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame AA90 0
0 424ms
100ms Document
text/plain 67.202.105.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dWBJy2QKOr6jjQaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.23 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-105.static.steadfastdns.net
Software: 33XP015 /
Resource Hash

Request headers

Referer: https://user.gemvpn.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Wed, 03 May 2023 22:18:54 GMT
server: 33XP015
x-33x-status: 2000208

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 46ms
45ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305010101&jk=545742978614377&bg=!dHeldyPNAAYcDqajPA47ADkAdvg8Ws9hP96Pbi9Zxr695YTvGB6kOwChTNmZRn48hAzopUpPZSBC1HbEcy1-LfEoUeMaFGHDhpACAAABeFIAAAABaAEHmQLyHZaUmoKYNps0axSgcGfXPJEWrCoNcln1BUh6camRkdheMcXb_TVd3Vu3LUyLIOrNKpCPb86u7b-ib1lTl6WIq7WyCI6aKT4cEfDQYKax1VbcOHOkAiD5IwFPPJ-Tn3s_LXsDMUVzOOHuKhZXjUzt4RyubNSbihGXp9waZ7bukjV8q7swjIA6tAywcAIQJ6K51euWPltfJ4l3PsU0_JYa1ppR56yhq9XqGwSrTHeGoHXdQXpPM_mQ_CYsG9QUOsK8_mRMhA4I1MROVnnFJ5n__mJ7HulhXeekbMD_22YfFENo2fUtsKI-MOKpFxS73oFGki_krzO8UdXgXUrLlAAEV56OpSv2B7bACOiHMLcz8cm_IokfwAg78KpECx66ENk5tn3QdsJcQocCjkJpbOtU8apR_xhSylB4cgbrrsZGQhyVLDQjl7-rVeJuLcTwJO-rnb0dDhbyoAFAlST7JibmJem2jY9EoP1IoP9_v1tdBGEvBM72XpHf8k-DNcGpnJljF2NSsAw4DHX7UlkxnAAogv3qEtA3XqmY-lKKQBesfY33G02Vq94gxjZVqHTGhDVmnLxjFdJ5NZ_GmrBbjsYPdvo-bWpvrQ6jX1LJfZDtg2ji6lxHJI4Sfew6_vUdnA-xWfbz94zEYMSQdXx25wHmqc79Of2KmBdcWu2DQJdeSTZ0k90sKJKjP1zu1_z0e3PsX-W5VTU1JzdiOQyZEo3OoPvFl_UHd76sNllbtcuJoh4HBHYHfAx7YcL1A0NLd1XEi52o_zHh604Pc-8muOQepGds8SVWPblGM1aJVSIF3oppBciM7qHHI3uvW1-Uodoj77V9LfOvo9po1saGW26-t5cB-GKMhxcVZyPu3bclRZpoyD5cK0YH5hfFKk-3EIagNZ2Ze3uDf_ME-BAikXu5g1gb8SBTXS_8_z6rQ-A9sIOJJlk-ipESk7GGiiYBCZDK74pD1WUI_z4zB9Ia0W6x9Uu55sNWrwkoeww6HUG5ad4r4g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AACD 42 B
174 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvSJ4yyJ450zmqiJACJwvwFrbamuS6oBdCyVENk702RaM_PP0uLO2S3k3_n9GMdRcA8wu3j1DoraVspljo3o5MKr_khx5BomAHZIDJ6sXcFwiDYwaCZ6ZRgDeoVOPZiW7Ndi5pwuA&sai=AMfl-YT7-tlrJ-bMTynOBqbmosiE7IO2Yc55N-7ONnm_Y76nmRcxWIhwBVmjN_VxAtLwWPNYbzS5pc1bJeueY-Po_JCBWXhrCI4UM-YnjXE_zGbBiEu31zyWCW9qAOKn_VUx0sJ4-b3YscaOLVOZnQ&sig=Cg0ArKJSzLSE1QOHksq8EAE&cid=CAQSTABygQiDzZIsZ9Qdk9gsgED3xtkAknN0Lg5gg7OhitsC5yPrvWahZKzqHCGQNhNQz9XspMMcAOhTSdFdgWlAnPr3QdS6zjAle7DkYTMYAQ&id=lidar2&mcvt=1000&p=12,315,262,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230503&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3574728437&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683152334701&rpt=357&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5E77 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssZ8QMX8sMbu39cxmVLMAKFb_BWXluDIk6AFh67Uf3J3DudTpdDlQSKEs5R-3B5Ug39TgW_Ph4D1oKcBHwKZNp8C8feoY8tvQ1RzDdvjQOT_NELdPRQ0eg2U4aY-LVW6Od8nNRLMw&sai=AMfl-YQDMA5wYfWq0fCwRF5NlGJkvcSVwfW5pHqOlYzMwafQaIM86QWIVUPh7XBaUdAFOymbzeflSm-zf3HOki4y07zMA3uwAAqRXyl6CEFJlrVXJn_ujsugyv_NvCug7jQRZsgMJGk4IPY8ZEMGEA&sig=Cg0ArKJSzAwfQ7s0GNINEAE&cid=CAQSTABygQiDzZIsZ9Qdk9gsgED3xtkAknN0Lg5gg7OhitsC5yPrvWahZKzqHCGQNhNQz9XspMMcAOhTSdFdgWlAnPr3QdS6zjAle7DkYTMYAQ&id=lidar2&mcvt=1000&p=902,1075,1502,1375&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20230503&bin=7&avms=nio&bs=0,0&mc=0.5&if=1&vu=1&app=0&itpl=20&adk=3152155227&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1683152334743&rpt=360&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: user.gemvpn.xyz
URL: https://user.gemvpn.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://69f03e0b4c2b93c72be7eb9125adc881.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 22:18:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content /
adspsp.com/pt/2634970/15/2/ 0
110 B 174ms
173ms Image
image/png 54.186.25.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adspsp.com/pt/2634970/15/2/?a=2,a2lh89fw683XqpK7vaYD,hKRZLK6ZSr&aa=00Gumh&b=1:1,28,U22637b45b06425,adbridg_ad_adblntoplb_1,%2F4564944%2Flgbtqnation%2Fhome&e=&c=https%3A%2F%2Fuser.gemvpn.xyz%2F&d=&f=1.lh89fvy6.1T7u.2Te5.3T11p&g=3T2k5&u=116e1332:lh6sexwl:3if&v=18g.xc.0.3qp.1.0&m=z&rnd=1683152336243
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.186.25.31 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-25-31.us-west-2.compute.amazonaws.com
Software: linux /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://user.gemvpn.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Server: linux
Connection: keep-alive
Content-Length: 0
Content-Type: image/png

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7FA2 0
862 B 74ms
73ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS